urlscan.io logo urlscan.io
SecurityTrails logo

internal.donefirst.com Open in urlscan Pro
34.149.114.35  Public Scan

Go To Rescan Add Verdict Report
URL: https://internal.donefirst.com/
Submission: On July 04 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 98 IPs in 10 countries across 69 domains to perform 246 HTTP transactions. The main IP is 34.149.114.35, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is internal.donefirst.com.
TLS certificate: Issued by R10 on June 28th 2024. Valid for: 3 months.
This is the only time internal.donefirst.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 34.149.114.35 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 18.172.112.72 16509 (AMAZON-02)
2 5 2620:1ec:21::14 8068 (MICROSOFT...)
2 13.107.42.14 8068 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:26e... 16509 (AMAZON-02)
1 15 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2 95.101.111.153 20940 (AKAMAI-ASN1)
4 34.36.178.232 396982 (GOOGLE-CL...)
1 184.30.16.183 16625 (AKAMAI-AS)
1 13.32.27.30 16509 (AMAZON-02)
1 2600:9000:235... 16509 (AMAZON-02)
1 13.32.99.105 16509 (AMAZON-02)
1 2 52.50.246.167 16509 (AMAZON-02)
4 2620:1ec:bdf::60 8075 (MICROSOFT...)
4 8 185.89.210.20 29990 (ASN-APPNEX)
6 20.231.53.73 8075 (MICROSOFT...)
1 172.217.16.202 15169 (GOOGLE)
4 34.94.155.128 396982 (GOOGLE-CL...)
3 54.224.91.174 14618 (AMAZON-AES)
1 13.32.121.64 16509 (AMAZON-02)
1 2600:9000:214... 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 18.66.102.53 16509 (AMAZON-02)
1 162.159.152.17 13335 (CLOUDFLAR...)
1 146.75.120.157 54113 (FASTLY)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2a04:4e42::396 54113 (FASTLY)
2 2a03:2880:f08... 32934 (FACEBOOK)
20 23.213.161.217 20940 (AKAMAI-ASN1)
1 35.186.249.72 15169 (GOOGLE)
2 163.181.130.165 24429 (TAOBAO Zh...)
1 2a02:2638:3::e 44788 (ASN-CRITE...)
1 3.163.248.4 16509 (AMAZON-02)
12 172.67.73.224 13335 (CLOUDFLAR...)
1 52.7.151.245 14618 (AMAZON-AES)
2 52.71.218.52 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 142.250.181.226 15169 (GOOGLE)
3 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.67 15169 (GOOGLE)
7 13 47.252.78.131 45102 (ALIBABA-C...)
1 93.184.221.165 15133 (EDGECAST)
1 104.244.42.195 13414 (TWITTER)
3 13.32.27.107 16509 (AMAZON-02)
1 151.101.129.140 54113 (FASTLY)
1 151.101.1.140 54113 (FASTLY)
2 3 2a02:2638:3::c 44788 (ASN-CRITE...)
5 35.190.43.134 15169 (GOOGLE)
1 1 172.217.18.2 15169 (GOOGLE)
1 2 142.250.184.228 15169 (GOOGLE)
1 3.161.82.74 16509 (AMAZON-02)
1 52.208.243.88 16509 (AMAZON-02)
2 4 178.250.1.9 44788 (ASN-CRITE...)
2 74.119.117.16 19750 (AS-CRITEO)
2 142.250.184.200 15169 (GOOGLE)
1 157.240.0.6 32934 (FACEBOOK)
4 2a03:2880:f17... 32934 (FACEBOOK)
2 172.217.23.110 15169 (GOOGLE)
1 52.71.121.170 14618 (AMAZON-AES)
3 35.214.149.91 15169 (GOOGLE)
1 34.149.50.64 396982 (GOOGLE-CL...)
1 1 103.243.202.190 45974 (NHN-AS-KR...)
1 35.244.159.8 396982 (GOOGLE-CL...)
1 2600:9000:211... 16509 (AMAZON-02)
1 35.214.219.158 15169 (GOOGLE)
3 141.226.228.48 200478 (TABOOLA-AS)
4 157.240.0.35 32934 (FACEBOOK)
2 2a02:2638:3::19 44788 (ASN-CRITE...)
2 52.37.218.4 16509 (AMAZON-02)
1 52.12.117.226 16509 (AMAZON-02)
1 2 13.74.129.1 8075 (MICROSOFT...)
1 13.32.121.112 16509 (AMAZON-02)
2 142.250.186.162 15169 (GOOGLE)
2 5.196.111.73 16276 (OVH)
2 46.228.174.117 56396 (AMOBEE)
2 63.33.111.171 16509 (AMAZON-02)
2 185.255.84.153 200271 (IGUANE-)
1 3 172.64.151.101 13335 (CLOUDFLAR...)
1 3 99.81.228.109 16509 (AMAZON-02)
2 162.19.138.82 16276 (OVH)
2 34.249.44.129 16509 (AMAZON-02)
2 34.117.157.22 396982 (GOOGLE-CL...)
2 95.101.148.20 16625 (AKAMAI-AS)
2 3.64.189.227 16509 (AMAZON-02)
2 44.238.139.12 16509 (AMAZON-02)
2 64.202.112.159 22075 (AS-OUTBRAIN)
2 185.64.191.210 62713 (AS-PUBMATIC)
2 69.173.144.165 26667 (RUBICONPR...)
2 3.65.142.90 16509 (AMAZON-02)
2 104.75.89.75 16625 (AKAMAI-AS)
2 2600:1f18:612... 14618 (AMAZON-AES)
2 76.223.111.18 16509 (AMAZON-02)
2 85.215.5.31 6786 (CRONON-BE...)
2 184.30.17.243 16625 (AKAMAI-AS)
2 54.77.121.185 16509 (AMAZON-02)
2 3.127.168.76 16509 (AMAZON-02)
4 4 37.157.2.229 198622 (ADFORM)
2 37.157.2.230 198622 (ADFORM)
246 98
12    34.149.114.35 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 35.114.149.34.bc.googleusercontent.com
internal.donefirst.com
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    18.172.112.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-112-72.fra60.r.cloudfront.net
try.abtasty.com
5    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
3    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
3    2600:9000:26e8:c800:17:3f5c:f800:21 (United States)

ASN16509 (AMAZON-02, US)
d2hrivdxn8ekm8.cloudfront.net
15    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
c.bing.com
2    95.101.111.153 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-153.deploy.static.akamaitechnologies.com
trkn.us
4    34.36.178.232 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 232.178.36.34.bc.googleusercontent.com
dcinfos-cache.abtasty.com
ariane.abtasty.com
1    184.30.16.183 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-183.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    13.32.27.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-30.fra56.r.cloudfront.net
ttip-ipv4-prod.telemetry.vaultdcr.com
1    2600:9000:235a:e00:0:f171:6100:93a1 (United States)

ASN16509 (AMAZON-02, US)
ttip-ipv6-prod.telemetry.vaultdcr.com
1    13.32.99.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-105.fra60.r.cloudfront.net
tte-prod.telemetry.vaultdcr.com
2    52.50.246.167 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-246-167.eu-west-1.compute.amazonaws.com
segment.prod.bidr.io
4    2620:1ec:bdf::60 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
8    185.89.210.20 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
6    20.231.53.73 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
q.clarity.ms
1    172.217.16.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f10.1e100.net
maps.googleapis.com
4    34.94.155.128 (Los Angeles, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 128.155.94.34.bc.googleusercontent.com
unleash.donefirst.com
3    54.224.91.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-91-174.compute-1.amazonaws.com
us.i.posthog.com
1    13.32.121.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-64.fra60.r.cloudfront.net
js.stripe.com
1    2600:9000:214f:9e00:f:8ce2:fb80:93a1 (United States)

ASN16509 (AMAZON-02, US)
www.dwin1.com
4    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    18.66.102.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-53.fra56.r.cloudfront.net
static.hotjar.com
1    162.159.152.17 (None, )

ASN13335 (CLOUDFLARENET, US)
a.quora.com
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
2    2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
20    23.213.161.217 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-217.deploy.static.akamaitechnologies.com
analytics.tiktok.com
1    35.186.249.72 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 72.249.186.35.bc.googleusercontent.com
utt.impactcdn.com
2    163.181.130.165 (Frankfurt am Main, Germany)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
pixeltrack.clientgear.com
1    2a02:2638:3::e (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dynamic.criteo.com
1    3.163.248.4 (United States)

ASN16509 (AMAZON-02, US)
sc-static.net
12    172.67.73.224 (United States)

ASN13335 (CLOUDFLARENET, US)
a.plerdy.com
h.plerdy.com
f.plerdy.com
1    52.7.151.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-151-245.compute-1.amazonaws.com
dx.mountain.com
2    52.71.218.52 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-218-52.compute-1.amazonaws.com
q.quora.com
2    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
www.googleadservices.com
3    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
region1.google-analytics.com
2    2a00:1450:400c:c1d::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net
www.google.de
13    47.252.78.131 (United States)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
event.clientgear.com
usersycn.clientgear.com
1    93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)
t.co
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
3    13.32.27.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-107.fra56.r.cloudfront.net
script.hotjar.com
1    151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
1    151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
alb.reddit.com
3    2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
5    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
tr.snapchat.com
tr6.snapchat.com
1    172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net
googleads.g.doubleclick.net
2    142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net
www.google.com
1    3.161.82.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-82-74.fra56.r.cloudfront.net
vc.hotjar.io
1    52.208.243.88 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-243-88.eu-west-1.compute.amazonaws.com
content.hotjar.io
4    178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
sslwidget.criteo.com
dis.criteo.com
2    74.119.117.16 (United States)

ASN19750 (AS-CRITEO, US)
widget.us.criteo.com
2    142.250.184.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f8.1e100.net
www.googletagmanager.com
1    157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net
connect.facebook.net
4    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    172.217.23.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f14.1e100.net
www.google-analytics.com
1    52.71.121.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-121-170.compute-1.amazonaws.com
52.71.121.170
3    35.214.149.91 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com
x.bidswitch.net
1    34.149.50.64 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.50.149.34.bc.googleusercontent.com
s.seedtag.com
1    103.243.202.190 (Korea, Republic Of)

ASN45974 (NHN-AS-KR NHNCLOUD, KR)
cm-exchange.toast.com
1    35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
1    2600:9000:211e:d400:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
1    35.214.219.158 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 158.219.214.35.bc.googleusercontent.com
csync.loopme.me
3    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
sync.taboola.com
sync-t1.taboola.com
4    157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com
www.facebook.com
2    2a02:2638:3::19 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
measurement-api.criteo.com
2    52.37.218.4 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-218-4.us-west-2.compute.amazonaws.com
px.mountain.com
1    52.12.117.226 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-117-226.us-west-2.compute.amazonaws.com
gs.mountain.com
2    13.74.129.1 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    13.32.121.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-112.fra60.r.cloudfront.net
js.stripe.com
2    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
cm.g.doubleclick.net
2    5.196.111.73 (France)

ASN16276 (OVH, FR)
PTR: ip73.ip-5-196-111.eu
rtb-csync.smartadserver.com
2    46.228.174.117 (United Kingdom)

ASN56396 (AMOBEE, GB)
sync.1rx.io
2    63.33.111.171 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-111-171.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
2    185.255.84.153 (France)

ASN200271 (IGUANE-, FR)
visitor.omnitagjs.com
3    172.64.151.101 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
r.casalemedia.com
3    99.81.228.109 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-228-109.eu-west-1.compute.amazonaws.com
dpm.demdex.net
2    162.19.138.82 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu
id5-sync.com
2    34.249.44.129 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-44-129.eu-west-1.compute.amazonaws.com
ad.360yield.com
2    34.117.157.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com
matching.ivitrack.com
2    95.101.148.20 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-148-20.deploy.static.akamaitechnologies.com
contextual.media.net
2    3.64.189.227 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-189-227.eu-central-1.compute.amazonaws.com
exchange.mediavine.com
2    44.238.139.12 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-139-12.us-west-2.compute.amazonaws.com
jadserve.postrelease.com
2    64.202.112.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
2    185.64.191.210 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
2    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    3.65.142.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-142-90.eu-central-1.compute.amazonaws.com
match.sharethrough.com
2    104.75.89.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com
criteo-sync.teads.tv
2    2600:1f18:612b:4280:b416:9208:c279:7ba8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
criteo-partners.tremorhub.com
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    85.215.5.31 (Germany)

ASN6786 (CRONON-BERLIN-AS, DE)
a.twiago.com
2    184.30.17.243 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-17-243.deploy.static.akamaitechnologies.com
ad.yieldlab.net
2    54.77.121.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-121-185.eu-west-1.compute.amazonaws.com
sync-criteo.ads.yieldmo.com
2    3.127.168.76 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-168-76.eu-central-1.compute.amazonaws.com
e1.emxdgt.com
4    37.157.2.229 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
2    37.157.2.230 (Denmark)

ASN198622 (ADFORM, DK)
cm.adform.net
Apex Domain
Subdomains		 Transfer
20 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 787
256 KB
16 donefirst.com
internal.donefirst.com
unleash.donefirst.com — Cisco Umbrella Rank: 541139
6 MB
15 clientgear.com
pixeltrack.clientgear.com — Cisco Umbrella Rank: 55182
event.clientgear.com — Cisco Umbrella Rank: 6432
usersycn.clientgear.com — Cisco Umbrella Rank: 62290
11 KB
15 bing.com
bat.bing.com — Cisco Umbrella Rank: 361
c.bing.com — Cisco Umbrella Rank: 224
19 KB
12 plerdy.com
a.plerdy.com — Cisco Umbrella Rank: 73156
h.plerdy.com — Cisco Umbrella Rank: 69770
f.plerdy.com — Cisco Umbrella Rank: 417102
95 KB
12 criteo.com
dynamic.criteo.com — Cisco Umbrella Rank: 3735
gum.criteo.com — Cisco Umbrella Rank: 493
sslwidget.criteo.com — Cisco Umbrella Rank: 2141
widget.us.criteo.com — Cisco Umbrella Rank: 23254
measurement-api.criteo.com — Cisco Umbrella Rank: 1866
dis.criteo.com — Cisco Umbrella Rank: 728
34 KB
12 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 743
q.clarity.ms — Cisco Umbrella Rank: 7690
c.clarity.ms — Cisco Umbrella Rank: 1434
32 KB
9 adnxs.com
acdn.adnxs.com — Cisco Umbrella Rank: 632
ib.adnxs.com — Cisco Umbrella Rank: 279
15 KB
8 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
5 KB
8 abtasty.com
try.abtasty.com — Cisco Umbrella Rank: 7612
dcinfos-cache.abtasty.com — Cisco Umbrella Rank: 10233
ariane.abtasty.com — Cisco Umbrella Rank: 9612
62 KB
7 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 360
px4.ads.linkedin.com — Cisco Umbrella Rank: 6416
3 KB
6 adform.net
c1.adform.net — Cisco Umbrella Rank: 650
cm.adform.net — Cisco Umbrella Rank: 1398
3 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
549 KB
5 snapchat.com
tr.snapchat.com — Cisco Umbrella Rank: 938
tr6.snapchat.com — Cisco Umbrella Rank: 1283
737 B
5 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
googleads.g.doubleclick.net — Cisco Umbrella Rank: 70
cm.g.doubleclick.net — Cisco Umbrella Rank: 274
1 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 71
region1.google-analytics.com — Cisco Umbrella Rank: 2355
21 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
maps.googleapis.com — Cisco Umbrella Rank: 406
201 KB
4 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 639
sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 3126
150 B
4 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3125
www.google.com — Cisco Umbrella Rank: 5
87 B
4 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 6339
px.mountain.com — Cisco Umbrella Rank: 6399
gs.mountain.com — Cisco Umbrella Rank: 11925
8 KB
4 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 894
script.hotjar.com — Cisco Umbrella Rank: 1260
108 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 242
2 KB
3 casalemedia.com
r.casalemedia.com — Cisco Umbrella Rank: 2019
2 KB
3 taboola.com
sync.taboola.com — Cisco Umbrella Rank: 1502
sync-t1.taboola.com — Cisco Umbrella Rank: 1768
295 B
3 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 394
705 B
3 google.de
www.google.de — Cisco Umbrella Rank: 8088
190 B
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 204
83 KB
3 quora.com
a.quora.com — Cisco Umbrella Rank: 7694
q.quora.com — Cisco Umbrella Rank: 5048
16 KB
3 posthog.com
us.i.posthog.com — Cisco Umbrella Rank: 14846
1 KB
3 vaultdcr.com
ttip-ipv4-prod.telemetry.vaultdcr.com
ttip-ipv6-prod.telemetry.vaultdcr.com
tte-prod.telemetry.vaultdcr.com
2 KB
3 cloudfront.net
d2hrivdxn8ekm8.cloudfront.net
27 KB
2 emxdgt.com
e1.emxdgt.com — Cisco Umbrella Rank: 2136
87 B
2 yieldlab.net
ad.yieldlab.net — Cisco Umbrella Rank: 6314
470 B
2 twiago.com
a.twiago.com — Cisco Umbrella Rank: 46399
306 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 452
279 B
2 tremorhub.com
criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2884
797 B
2 teads.tv
criteo-sync.teads.tv — Cisco Umbrella Rank: 3102
326 B
2 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 560
69 B
2 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 432
478 B
2 pubmatic.com
simage2.pubmatic.com — Cisco Umbrella Rank: 918
299 B
2 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 831
436 B
2 postrelease.com
jadserve.postrelease.com — Cisco Umbrella Rank: 1228
845 B
2 mediavine.com
exchange.mediavine.com — Cisco Umbrella Rank: 1690
2 KB
2 media.net
contextual.media.net — Cisco Umbrella Rank: 735
1 KB
2 ivitrack.com
matching.ivitrack.com — Cisco Umbrella Rank: 14084
265 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 772
397 B
2 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 570
2 KB
2 omnitagjs.com
visitor.omnitagjs.com — Cisco Umbrella Rank: 812
546 B
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 523
197 B
2 smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 729
326 B
2 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 3549
content.hotjar.io — Cisco Umbrella Rank: 6487
403 B
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 2076
alb.reddit.com — Cisco Umbrella Rank: 1406
761 B
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1200
13 KB
2 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1638
152 KB
2 bidr.io
segment.prod.bidr.io — Cisco Umbrella Rank: 8471
1 KB
2 trkn.us
trkn.us — Cisco Umbrella Rank: 2414
1 KB
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 1064
155 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 708
238 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 575
119 B
1 toast.com
cm-exchange.toast.com — Cisco Umbrella Rank: 6844
787 B
1 seedtag.com
s.seedtag.com — Cisco Umbrella Rank: 2238
284 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 986
724 B
1 t.co
t.co — Cisco Umbrella Rank: 726
374 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 133
2 KB
1 sc-static.net
sc-static.net — Cisco Umbrella Rank: 1274
21 KB
1 impactcdn.com
utt.impactcdn.com — Cisco Umbrella Rank: 4901
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 902
14 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 905
15 KB
1 dwin1.com
www.dwin1.com — Cisco Umbrella Rank: 5178
13 KB
246 69
Domain Requested by
20 analytics.tiktok.com internal.donefirst.com
analytics.tiktok.com
14 bat.bing.com internal.donefirst.com
bat.bing.com
12 event.clientgear.com 7 redirects pixeltrack.clientgear.com
analytics.tiktok.com
internal.donefirst.com
12 internal.donefirst.com internal.donefirst.com
analytics.tiktok.com
8 www.facebook.com internal.donefirst.com
8 ib.adnxs.com 4 redirects acdn.adnxs.com
internal.donefirst.com
6 a.plerdy.com www.googletagmanager.com
internal.donefirst.com
h.plerdy.com
6 www.googletagmanager.com internal.donefirst.com
www.googletagmanager.com
6 q.clarity.ms www.clarity.ms
analytics.tiktok.com
5 h.plerdy.com a.plerdy.com
analytics.tiktok.com
5 px.ads.linkedin.com 2 redirects snap.licdn.com
analytics.tiktok.com
4 c1.adform.net 4 redirects
4 tr.snapchat.com sc-static.net
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
analytics.tiktok.com
internal.donefirst.com
4 unleash.donefirst.com internal.donefirst.com
4 www.clarity.ms bat.bing.com
www.clarity.ms
4 maps.googleapis.com internal.donefirst.com
maps.googleapis.com
4 try.abtasty.com internal.donefirst.com
try.abtasty.com
3 dpm.demdex.net 1 redirects
3 r.casalemedia.com 1 redirects internal.donefirst.com
3 x.bidswitch.net internal.donefirst.com
3 gum.criteo.com 2 redirects dynamic.criteo.com
3 script.hotjar.com static.hotjar.com
script.hotjar.com
internal.donefirst.com
3 www.google.de internal.donefirst.com
3 connect.facebook.net internal.donefirst.com
connect.facebook.net
3 us.i.posthog.com internal.donefirst.com
analytics.tiktok.com
3 d2hrivdxn8ekm8.cloudfront.net internal.donefirst.com
d2hrivdxn8ekm8.cloudfront.net
2 cm.adform.net
2 e1.emxdgt.com internal.donefirst.com
2 sync-criteo.ads.yieldmo.com internal.donefirst.com
2 ad.yieldlab.net internal.donefirst.com
2 a.twiago.com internal.donefirst.com
2 eb2.3lift.com internal.donefirst.com
2 criteo-partners.tremorhub.com internal.donefirst.com
2 criteo-sync.teads.tv internal.donefirst.com
2 match.sharethrough.com internal.donefirst.com
2 pixel.rubiconproject.com internal.donefirst.com
2 simage2.pubmatic.com internal.donefirst.com
2 sync.outbrain.com internal.donefirst.com
2 jadserve.postrelease.com internal.donefirst.com
2 exchange.mediavine.com internal.donefirst.com
2 contextual.media.net internal.donefirst.com
2 matching.ivitrack.com internal.donefirst.com
2 ad.360yield.com internal.donefirst.com
2 id5-sync.com internal.donefirst.com
2 visitor.omnitagjs.com internal.donefirst.com
2 ads.yieldmo.com internal.donefirst.com
2 sync.1rx.io internal.donefirst.com
2 sync-t1.taboola.com internal.donefirst.com
2 rtb-csync.smartadserver.com internal.donefirst.com
2 dis.criteo.com
2 cm.g.doubleclick.net internal.donefirst.com
2 c.clarity.ms 1 redirects
2 px.mountain.com dx.mountain.com
px.mountain.com
2 measurement-api.criteo.com analytics.tiktok.com
2 widget.us.criteo.com internal.donefirst.com
2 sslwidget.criteo.com 2 redirects
2 www.google.com 1 redirects internal.donefirst.com
2 stats.g.doubleclick.net www.googletagmanager.com
analytics.tiktok.com
2 region1.analytics.google.com www.googletagmanager.com
analytics.tiktok.com
2 q.quora.com internal.donefirst.com
2 pixeltrack.clientgear.com internal.donefirst.com
2 www.redditstatic.com internal.donefirst.com
www.redditstatic.com
2 js.stripe.com internal.donefirst.com
js.stripe.com
2 ariane.abtasty.com try.abtasty.com
analytics.tiktok.com
2 segment.prod.bidr.io 1 redirects internal.donefirst.com
2 dcinfos-cache.abtasty.com try.abtasty.com
2 trkn.us 1 redirects internal.donefirst.com
2 px4.ads.linkedin.com internal.donefirst.com
1 c.bing.com 1 redirects
1 gs.mountain.com px.mountain.com
1 region1.google-analytics.com analytics.tiktok.com
1 tr6.snapchat.com sc-static.net
1 sync.taboola.com internal.donefirst.com
1 csync.loopme.me internal.donefirst.com
1 s.ad.smaato.net internal.donefirst.com
1 us-u.openx.net internal.donefirst.com
1 usersycn.clientgear.com internal.donefirst.com
1 cm-exchange.toast.com 1 redirects
1 s.seedtag.com internal.donefirst.com
1 content.hotjar.io analytics.tiktok.com
1 vc.hotjar.io analytics.tiktok.com
1 googleads.g.doubleclick.net 1 redirects
1 f.plerdy.com a.plerdy.com
1 alb.reddit.com internal.donefirst.com
1 pixel-config.reddit.com www.redditstatic.com
1 analytics.twitter.com internal.donefirst.com
1 t.co internal.donefirst.com
1 www.googleadservices.com www.googletagmanager.com
1 dx.mountain.com internal.donefirst.com
1 sc-static.net internal.donefirst.com
1 dynamic.criteo.com www.googletagmanager.com
1 utt.impactcdn.com internal.donefirst.com
1 snap.licdn.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 a.quora.com www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 www.dwin1.com internal.donefirst.com
1 tte-prod.telemetry.vaultdcr.com d2hrivdxn8ekm8.cloudfront.net
1 ttip-ipv6-prod.telemetry.vaultdcr.com d2hrivdxn8ekm8.cloudfront.net
1 ttip-ipv4-prod.telemetry.vaultdcr.com d2hrivdxn8ekm8.cloudfront.net
1 acdn.adnxs.com d2hrivdxn8ekm8.cloudfront.net
1 fonts.googleapis.com internal.donefirst.com
246 103

This site contains no links.

Subject Issuer Validity Valid
internal.donefirst.com
R10		 2024-06-28 -
2024-09-26		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.abtasty.com
Amazon RSA 2048 M02		 2023-08-30 -
2024-09-27		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-19 -
2024-12-16		 6 months crt.sh
uc-info.abtasty.com
WR3		 2024-05-17 -
2024-08-15		 3 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2023-08-24 -
2024-08-24		 a year crt.sh
*.telemetry.vaultdcr.com
Amazon RSA 2048 M03		 2024-05-08 -
2025-06-06		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-07 -
2024-12-07		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh
ariane.abtasty.com
WR3		 2024-06-03 -
2024-09-01		 3 months crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08		 2024-06-23 -
2025-06-18		 a year crt.sh
unleash.donefirst.com
R3		 2024-05-30 -
2024-08-28		 3 months crt.sh
*.i.posthog.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-12		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2024-09-19		 3 months crt.sh
*.dwin1.com
Amazon RSA 2048 M03		 2023-10-18 -
2024-11-15		 a year crt.sh
*.google-analytics.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
quora.com
R3		 2024-06-02 -
2024-08-31		 3 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-23 -
2024-11-18		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-04-12 -
2024-07-11		 3 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
utt.impactcdn.com
WR3		 2024-06-20 -
2024-09-18		 3 months crt.sh
*.clientgear.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2024-01-22 -
2025-01-22		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-18 -
2024-09-17		 3 months crt.sh
sc-static.net
Amazon RSA 2048 M03		 2023-12-21 -
2025-01-18		 a year crt.sh
plerdy.com
WE1		 2024-06-26 -
2024-09-24		 3 months crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2		 2024-05-23 -
2025-06-24		 a year crt.sh
*.quora.com
R3		 2024-06-02 -
2024-08-31		 3 months crt.sh
*.googleadservices.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.google.de
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
t.co
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-08 -
2025-05-07		 a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-07-01 -
2025-01-01		 6 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-05-30 -
2024-11-26		 6 months crt.sh
*.snap.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-21 -
2025-02-20		 a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2024-02-07 -
2025-03-08		 a year crt.sh
*.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
52.71.121.170
Sectigo RSA Domain Validation Secure Server CA		 2024-01-24 -
2025-02-12		 a year crt.sh
*.bidswitch.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-15 -
2024-08-07		 3 months crt.sh
*.smartadserver.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2024-01-17 -
2025-01-16		 a year crt.sh
*.taboola.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2023-10-23 -
2024-11-22		 a year crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2024-06-13 -
2025-07-14		 a year crt.sh
*.yieldmo.com
Amazon RSA 2048 M02		 2024-03-04 -
2025-04-03		 a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2024-07-02 -
2025-08-01		 a year crt.sh
*.id5-sync.com
E6		 2024-07-01 -
2024-09-29		 3 months crt.sh
*.360yield.com
Amazon RSA 2048 M02		 2024-04-28 -
2025-05-27		 a year crt.sh
itm.ivitrack.com
R10		 2024-06-11 -
2024-09-09		 3 months crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-21 -
2024-12-21		 a year crt.sh
exchange.mediavine.com
Amazon RSA 2048 M02		 2024-05-06 -
2025-06-04		 a year crt.sh
*.postrelease.com
Amazon RSA 2048 M02		 2023-08-30 -
2024-09-28		 a year crt.sh
*.outbrain.com
Thawte TLS RSA CA G1		 2023-11-20 -
2024-11-27		 a year crt.sh
*.pubmatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-19 -
2025-04-19		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-03-04 -
2025-04-03		 a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M03		 2024-05-14 -
2025-06-12		 a year crt.sh
teads.tv
R10		 2024-06-11 -
2024-09-09		 3 months crt.sh
*.tremorhub.com
Amazon RSA 2048 M03		 2024-01-24 -
2025-02-21		 a year crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2024-03-13 -
2025-04-11		 a year crt.sh
*.twiago.com
Sectigo RSA Domain Validation Secure Server CA		 2023-12-07 -
2025-01-06		 a year crt.sh
*.yieldlab.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-17 -
2024-09-17		 a year crt.sh
*.ads.yieldmo.com
Amazon RSA 2048 M03		 2024-03-04 -
2025-04-03		 a year crt.sh
*.emxdgt.com
Amazon RSA 2048 M03		 2024-04-02 -
2025-05-01		 a year crt.sh
casalemedia.com
E5		 2024-06-17 -
2024-09-15		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://internal.donefirst.com/
Frame ID: 03082E04772B292E61E87A7A08225036
Requests: 183 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=internal.donefirst.com&origin=onetag
Frame ID: 75637F5DC60F5DCF5929173B6C58B87C
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=7981e6fd-ddbd-4f93-a9c1-0a26070f516e&u_scsid=d817fd12-bf67-4982-bb10-0b9a55270c9e&u_sclid=22f67a18-8f70-4ad3-8c96-7e5ba1f9dc7b
Frame ID: B451CBEC42E53AD256B8F8567472CB59
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 9AE2D20281AFB3102C11B2706D4603D6
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-LfLSIchX95B-01oRBkNTbJUL-R8ToJPj4oTxaw&google_cm&google_hm=ay1MZkxTSWNoWDk1Qi0wMW9SQmtOVGJKVUwtUjhUb0pQajRvVHhhdw
Frame ID: 8A3E216BDAA48CC5000FC00E0BA8FF56
Requests: 29 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-LfLSIchX95B-01oRBkNTbJUL-R8ToJPj4oTxaw&google_cm&google_hm=ay1MZkxTSWNoWDk1Qi0wMW9SQmtOVGJKVUwtUjhUb0pQajRvVHhhdw
Frame ID: 3F711DF780EB2A39ADC1125A51D05BCA
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Done. ADHD Managed | ADHD Treatment Made Just For You

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • dwin1\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

246
Requests

91 %
HTTPS

21 %
IPv6

69
Domains

103
Subdomains

98
IPs

10
Countries

8290 kB
Transfer

12238 kB
Size

95
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://px.ads.linkedin.com/collect/?pid=1970380&conversionId=2073940&fmt=gif HTTP 302
  • https://px4.ads.linkedin.com/collect/?pid=1970380&conversionId=2073940&fmt=gif&e_ipv6=AQJBH_iAkzWilwAAAZB7Qxholfywqxyz6iP2ZvVOI6X4b7GBT6nyCibAZviA_lBeMM5glHs
Request Chain 13
  • https://trkn.us/pixel/conv/ppt=23446;g=site_visits;gid=56777;ord=9073332879723.33;v=120 HTTP 302
  • https://trkn.us/pixel/conv/ppt=23446;g=site_visits;gid=56777;ord=9073332879723.33;v=120;ip=80.255.7.103;cuidchk=1
Request Chain 23
  • https://segment.prod.bidr.io/associate-segment?buzz_key=tatari&segment_key=tatari-4659&value=&uncacheplz=7966139694 HTTP 303
  • https://segment.prod.bidr.io/associate-segment?buzz_key=tatari&segment_key=tatari-4659&value=&uncacheplz=7966139694&_bee_ppp=1
Request Chain 76
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5450140&time=1720054914705&url=https%3A%2F%2Finternal.donefirst.com%2F&tm=gtmv2 HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5450140&time=1720054914705&url=https%3A%2F%2Finternal.donefirst.com%2F&tm=gtmv2&e_ipv6=AQL0GIW7CwPXbwAAAZB7QyBL0s-uVPoseDWC6kScUOaGoLR3O4w5Pao2IR-bCWnoUTlO0eY
Request Chain 90
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Finternal.donefirst.com%2F&label=fLvGCK7U9okDEMHzs8oC&hn=www.googleadservices.com&frm=0&tiba=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&value=0&npa=1&pscdl=noapi&auid=860882043.1720054915&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&eitems=ChAI8O2TtAYQ1vHkqoThrbZkEh0ADSyhrjwKNQLXmgS7h6JytJq-yrmJFwy04uJlMw&pscrd=IhMI99LD8ZeMhwMVOfE7Ah1K-AgkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6H2h0dHBzOi8vaW50ZXJuYWwuZG9uZWZpcnN0LmNvbS8 HTTP 302
  • https://www.google.com/pagead/1p-conversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Finternal.donefirst.com%2F&label=fLvGCK7U9okDEMHzs8oC&hn=www.googleadservices.com&frm=0&tiba=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&value=0&npa=1&pscdl=noapi&auid=860882043.1720054915&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI99LD8ZeMhwMVOfE7Ah1K-AgkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6H2h0dHBzOi8vaW50ZXJuYWwuZG9uZWZpcnN0LmNvbS8&is_vtc=1&cid=CAQSGwDaQooLlo-RuNbjIHc8Pu5T9I235P7ZtxIyDA&eitems=ChAI8O2TtAYQ1vHkqoThrbZkEh0ADSyhrpuMrcx-U5JIDdZGryHl5o2qfDksbZ6yXA&random=3685445583 HTTP 302
  • https://www.google.de/pagead/1p-conversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Finternal.donefirst.com%2F&label=fLvGCK7U9okDEMHzs8oC&hn=www.googleadservices.com&frm=0&tiba=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&value=0&npa=1&pscdl=noapi&auid=860882043.1720054915&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI99LD8ZeMhwMVOfE7Ah1K-AgkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6H2h0dHBzOi8vaW50ZXJuYWwuZG9uZWZpcnN0LmNvbS8&is_vtc=1&cid=CAQSGwDaQooLlo-RuNbjIHc8Pu5T9I235P7ZtxIyDA&eitems=ChAI8O2TtAYQ1vHkqoThrbZkEh0ADSyhrpuMrcx-U5JIDdZGryHl5o2qfDksbZ6yXA&random=3685445583&ipr=y
Request Chain 105
  • https://sslwidget.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvpg&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=46d4d55d-578d-41de-b12d-1fb769b14693 HTTP 302
  • https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvpg&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=46d4d55d-578d-41de-b12d-1fb769b14693
Request Chain 120
  • https://sslwidget.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis%26a%3D%255B101724%252C101724%255D&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22fbp%22%3A%22fb.1.1720054915110.353562782956873012%22%2C%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=411e9520-cc05-4b3d-a12b-27ebd9dda3d2 HTTP 302
  • https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis%26a%3D%255B101724%252C101724%255D&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22fbp%22%3A%22fb.1.1720054915110.353562782956873012%22%2C%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=411e9520-cc05-4b3d-a12b-27ebd9dda3d2
Request Chain 123
  • https://event.clientgear.com/re/bidswitch?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mkcf84bd239f4742578d9549a937328b10&expires=30&gdpr=1&gdpr_consent=COvFyGBOvFyGBAbAAAENAPCAAOAAAAAAAAAAAEEUACCKAAA.IFoEUQQgAIQwgIwQABAEAAAAOIAACAIAAAAQAIAgEAACEAAAAAgAQBAAAAAAAGBAAgAAAAAAAFAAECAAAgAAQARAEQAAAAAJAAIAAgAAAYQEAAAQmAgBC3ZAYzUw
Request Chain 125
  • https://event.clientgear.com/re/seedtag?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c HTTP 302
  • https://s.seedtag.com/cs/cookiesync/yeahmobi?channeluid=mkcf84bd239f4742578d9549a937328b10
Request Chain 126
  • https://event.clientgear.com/re/aceexchange?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c HTTP 302
  • https://cm-exchange.toast.com/bi/pixel?cm_pid=1272375336&toast_push&cm_puid=mkcf84bd239f4742578d9549a937328b10 HTTP 302
  • https://usersycn.clientgear.com/mcm/aceexchange?partner=aceexchange&pid=HZDMEX7EC7DGCF1E62Z5R6MIA
Request Chain 128
  • https://event.clientgear.com/re/openx?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=539749039&val=mkcf84bd239f4742578d9549a937328b10&r=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Db9071f04-2c81-48e8-adce-1efcd76f9add%26r%3Dhttps%253A%252F%252Fusersycn.clientgear.com%252Fcookie%252Fopenx%253Fpartner%253Dopenx%2526uid%253Dmkcf84bd239f4742578d9549a937328b10%2526cookieid%253D
Request Chain 129
  • https://event.clientgear.com/re/smaato?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c HTTP 302
  • https://s.ad.smaato.net/c/?dspInit=1001409&dspCookie=mkcf84bd239f4742578d9549a937328b10
Request Chain 130
  • https://event.clientgear.com/re/loopme?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c HTTP 302
  • https://csync.loopme.me/?partner_id=158&uid=mkcf84bd239f4742578d9549a937328b10
Request Chain 131
  • https://event.clientgear.com/re/taboola?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c HTTP 302
  • https://sync.taboola.com/sg/yeahmobidsprtb-network/1/rtb-h/?taboola_hm=mkcf84bd239f4742578d9549a937328b10
Request Chain 178
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=0D5C4E3648254965BD324DF6AF792CDD&RedC=c.clarity.ms&MXFR=3A700514A34564E32EA911A6A7456A54 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0D5C4E3648254965BD324DF6AF792CDD&MUID=229B379083386602145A232282B367F3
Request Chain 182
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2188792494268331009
Request Chain 188
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Db48j8hX95B-01oRBkNTbJUL-R9iAo8XIoBPsA HTTP 302
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Db48j8hX95B-01oRBkNTbJUL-R9iAo8XIoBPsA&C=1
Request Chain 189
  • https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=28645&dpuuid=pgNhiir_K47jQNCjaRqyIYDQYV67IPGh HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=pgNhiir_K47jQNCjaRqyIYDQYV67IPGh
Request Chain 207
  • https://c1.adform.net/serving/cookie/match?party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w HTTP 302
  • https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1
Request Chain 210
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=197902833233615402
Request Chain 217
  • https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=28645&dpuuid=1neMyax3Vl0jL7QPUDsf2eNIn1kmwkj9
Request Chain 235
  • https://c1.adform.net/serving/cookie/match?party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w HTTP 302
  • https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1

246 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
internal.donefirst.com/ 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
1adf2c54270268a0fc2e9c7cea3857cd04ae967f4c110500b1807a9b3c72c198

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3557
content-type
text/html
date
Thu, 04 Jul 2024 01:01:52 GMT
etag
"6683b5f8-de5"
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
via
1.1 google
css2
fonts.googleapis.com/ 		2 KB
863 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Libre+Baskerville:wght@400;600;700&display=swap
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ef728d99fdf443f5a700d693570b8b9831de5343536a86aec5c10950fcfe5fec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 04 Jul 2024 01:01:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 04 Jul 2024 01:01:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 04 Jul 2024 01:01:52 GMT
a27c2f613231b04bb6d0b95e480c89df.js
try.abtasty.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.172.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-172-112-72.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1256234c3e3fa9d1b0201c72980c88f78cbb20060a3536de80566d96c405591a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
q8yay_UjJJqsVmb30EqQuWdc2bqERSRG
content-encoding
gzip
via
1.1 fd9d525f4633063393693172d96013ca.cloudfront.net (CloudFront)
date
Wed, 03 Jul 2024 03:06:49 GMT
x-amz-cf-pop
FRA60-P8
age
82460
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 10 Jun 2024 20:47:47 GMT
server
AmazonS3
etag
W/"4f9ecb7c6f5cd0169831c091eb919864"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=86400,max-age=30
x-amz-cf-id
P6pp7iqgPUCBD6iAA66G2VYhrJc4HjMjIwR2lxkChE2z5q1YcYZL2A==
vendor.2a2e87513c9ce7c3c0b8.css
internal.donefirst.com/ 		32 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.css
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
09df6d1354ef765c81c580f9c928eceba08c4d9a96fa67e05be9e2b30d29c65d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:52 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-7ee5"
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32485
bundle.2a2e87513c9ce7c3c0b8.css
internal.donefirst.com/ 		548 KB
549 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/bundle.2a2e87513c9ce7c3c0b8.css
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
cb6deebaf9ce8f17b259c4e0990bc066da0f6c018c0f7ce8423d2ad2b1c9460e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:52 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-88f32"
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
560946
/
px4.ads.linkedin.com/collect/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?pid=1970380&conversionId=2073940&fmt=gif
  • https://px4.ads.linkedin.com/collect/?pid=1970380&conversionId=2073940&fmt=gif&e_ipv6=AQJBH_iAkzWilwAAAZB7Qxholfywqxyz6iP2ZvVOI6X4b7GBT6nyCibAZviA_lBeMM5glHs
43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect/?pid=1970380&conversionId=2073940&fmt=gif&e_ipv6=AQJBH_iAkzWilwAAAZB7Qxholfywqxyz6iP2ZvVOI6X4b7GBT6nyCibAZviA_lBeMM5glHs
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:52 GMT
content-encoding
gzip
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 0C7BB18C01F94AF9A1FC6B96405A2B65 Ref B: FRAEDGE1112 Ref C: 2024-07-04T01:01:53Z
linkedin-action
1
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
content-type
image/gif
x-li-proto
http/2
content-length
65
x-li-uuid
AAYcYX4cF5cZABcxX6P3cg==

Redirect headers

date
Thu, 04 Jul 2024 01:01:53 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: D69DBF5BA2ED4661B5E32AE382CE3EFB Ref B: FRAEDGE2006 Ref C: 2024-07-04T01:01:53Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect/?pid=1970380&conversionId=2073940&fmt=gif&e_ipv6=AQJBH_iAkzWilwAAAZB7Qxholfywqxyz6iP2ZvVOI6X4b7GBT6nyCibAZviA_lBeMM5glHs
x-li-proto
http/2
content-length
0
x-li-uuid
AAYcYX4XP3D1G5EskltsqQ==
js
maps.googleapis.com/maps/api/ 		266 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyALFmDoVNb5DrQbvRkAUghtQw1dvqZgg6Q&libraries=places
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
36abd1add6b7651bbd0a2b82cd35dda48f7de7544004b9f0e168efa3c88cac7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89312
x-xss-protection
0
vendor.2a2e87513c9ce7c3c0b8.js
internal.donefirst.com/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
0f7187bf13ffdbfd1129686a236e8d5f48ccc5160408b270d53715c989445374

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:52 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-2bb243"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2863683
bundle.2a2e87513c9ce7c3c0b8.js
internal.donefirst.com/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/bundle.2a2e87513c9ce7c3c0b8.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
00c231500beb2a8b54784dc269bcb3f96f1465ca35ef4f5ce4da0f1c8b05c0df

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:53 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-30419a"
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3162522
commons.a8705ec0bf4fd7ccbf72.js
try.abtasty.com/shared/ 		33 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/shared/commons.a8705ec0bf4fd7ccbf72.js
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.172.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-172-112-72.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31dc8cf37429a0988b3980dfcfc8f4a982fb907e5e004d580cec96b672f25102

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 12:02:19 GMT
x-amz-version-id
mytUeIEPFoy2o60Mcl4zhhnlXjMnyQJR
content-encoding
br
via
1.1 fd9d525f4633063393693172d96013ca.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P8
age
3589174
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 23 May 2024 12:02:14 GMT
server
AmazonS3
etag
W/"4a1f83e4141d7f4a259e837c52d2d950"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=31536000,max-age=31536000
x-amz-cf-id
w86AvhT5tWRYN6H7QzQCHrgrNa_olRxNyFNkPxJHO_68rd5ChZfU3Q==
main.c999ef6fa2fbbf1fe596.js
try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df/ 		141 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df/main.c999ef6fa2fbbf1fe596.js
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.172.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-172-112-72.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad49747e6e45b57267ed911d909dd64d124d1928875c6de08fe77036d25eef9e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 20:47:53 GMT
x-amz-version-id
cvYcRb5odsjxhb1j.Dj7o_6ZbkaPzfc5
content-encoding
br
via
1.1 fd9d525f4633063393693172d96013ca.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P8
age
2002440
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 10 Jun 2024 20:47:46 GMT
server
AmazonS3
etag
W/"7f5eee4f64b4386545e25769366e1d4b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=31536000,max-age=31536000
x-amz-cf-id
RQu1S_7qssvjwOKelA02SuJHEz8VAr8N3UiRhzJaKepCFP0XxvGc1w==
analytics.3c18a0da3d23b668b00c.js
try.abtasty.com/shared/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/shared/analytics.3c18a0da3d23b668b00c.js
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.172.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-172-112-72.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
66daf6dd9cbd26fe25bf9b3ccf7d759787a833384a627e931d18a6124cd7fde2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 12:39:11 GMT
x-amz-version-id
vQkPRktEx87rGzaMxqqnoLc2P1.I6c.w
content-encoding
br
via
1.1 fd9d525f4633063393693172d96013ca.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P8
age
2550162
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 04 Jun 2024 12:39:08 GMT
server
AmazonS3
etag
W/"0a323013b763b86c77f9fae3f92c5a0c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=31536000,max-age=31536000
x-amz-cf-id
PD_FcMcVgspSafK1FVmIST_QgLKRZtVJJdStOtxtUWbudYBxdErbTg==
6f965242-d986-4a8f-868d-ce8270f51d07-latest.js
d2hrivdxn8ekm8.cloudfront.net/tag-manager/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2hrivdxn8ekm8.cloudfront.net/tag-manager/6f965242-d986-4a8f-868d-ce8270f51d07-latest.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:c800:17:3f5c:f800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f373476f457a80cb64152a344527827cf01a87414306472cfd3a149c6748e50b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
icIcKpxKO7MKvieo6YY6M6h.i9L6P2Eg
date
Wed, 03 Jul 2024 11:31:01 GMT
via
1.1 5421a870e3aababe98272cc4ea364cea.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 21:08:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
48653
x-amz-server-side-encryption
AES256
etag
"a0e349fa361eb512650f3da5c5d8fb2b"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
6952
x-amz-cf-id
UJA_zZDCGfPXrxcB76FomZ0IhSP-u7sb35G88uEzlYiJSJNv2uyrvg==
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Thu, 04 Jul 2024 01:01:52 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E8B3A693436D475D9CA82BFE1E3071E7 Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:53Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
ppt=23446;g=site_visits;gid=56777;ord=9073332879723.33;v=120;ip=80.255.7.103;cuidchk=1
trkn.us/pixel/conv/
Redirect Chain
  • https://trkn.us/pixel/conv/ppt=23446;g=site_visits;gid=56777;ord=9073332879723.33;v=120
  • https://trkn.us/pixel/conv/ppt=23446;g=site_visits;gid=56777;ord=9073332879723.33;v=120;ip=80.255.7.103;cuidchk=1
42 B
721 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trkn.us/pixel/conv/ppt=23446;g=site_visits;gid=56777;ord=9073332879723.33;v=120;ip=80.255.7.103;cuidchk=1
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Server
95.101.111.153 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-153.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2024 01:01:53 GMT
X-Content-Type-Options
nosniff
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type
image/gif
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection
keep-alive
Content-Length
42
Expires
Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Location
/pixel/conv/ppt=23446;g=site_visits;gid=56777;ord=9073332879723.33;v=120;ip=80.255.7.103;cuidchk=1
Date
Thu, 04 Jul 2024 01:01:53 GMT
X-Content-Type-Options
nosniff
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
ua-parser
dcinfos-cache.abtasty.com/v1/ 		86 B
230 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dcinfos-cache.abtasty.com/v1/ua-parser
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df/main.c999ef6fa2fbbf1fe596.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
7b97f96940bdb868294fd2ae881d3e2a9c79f4949d60eeae8aa4e9df561eb1b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-envoy-decorator-operation
uc-info.workload.svc.cluster.local:8080/*
via
1.1 google
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,User-Agent
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
geoip
dcinfos-cache.abtasty.com/v1/ 		323 B
489 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dcinfos-cache.abtasty.com/v1/geoip?weather=false
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/a27c2f613231b04bb6d0b95e480c89df/main.c999ef6fa2fbbf1fe596.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
ba36201bebd40faa9fc9bd8ce6f0c1456e5665054714d8010fbb592609b249c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-envoy-decorator-operation
uc-info.workload.svc.cluster.local:8080/*
via
1.1 google
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pixie.js
acdn.adnxs.com/dmp/up/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/up/pixie.js
Requested by
Host: d2hrivdxn8ekm8.cloudfront.net
URL: https://d2hrivdxn8ekm8.cloudfront.net/tag-manager/6f965242-d986-4a8f-868d-ce8270f51d07-latest.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.16.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-16-183.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2761a6698395fb13fd3785c16dd380ec5d618de2abcc28eeaffe090b46a51fc4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 04 Jul 2024 01:01:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Jun 2024 17:09:07 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"667310b3-587e"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Length
7929
Expires
Fri, 05 Jul 2024 01:01:55 GMT
6f965242-d986-4a8f-868d-ce8270f51d07-additional-latest.js
d2hrivdxn8ekm8.cloudfront.net/tag-manager/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2hrivdxn8ekm8.cloudfront.net/tag-manager/6f965242-d986-4a8f-868d-ce8270f51d07-additional-latest.js
Requested by
Host: d2hrivdxn8ekm8.cloudfront.net
URL: https://d2hrivdxn8ekm8.cloudfront.net/tag-manager/6f965242-d986-4a8f-868d-ce8270f51d07-latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:c800:17:3f5c:f800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2752450f74ccaf34a73d35bcabbf90415cd40b3993ac39e7895d1c07fe8421c5

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 06:40:30 GMT
x-amz-version-id
YDQfSoqufknomjCNQdENZIvaIVHfIsL8
via
1.1 5421a870e3aababe98272cc4ea364cea.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 22:41:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
66084
etag
"0d912616bb3b61c10060c497d56ba2e0"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
9850
x-amz-cf-id
ZGTCXFoIVwRogGiAR5pPGn-k7RMAoY6CX06c75YnbF8dJQKSUewaMg==
tracker-latest.min.js
d2hrivdxn8ekm8.cloudfront.net/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2hrivdxn8ekm8.cloudfront.net/tracker-latest.min.js
Requested by
Host: d2hrivdxn8ekm8.cloudfront.net
URL: https://d2hrivdxn8ekm8.cloudfront.net/tag-manager/6f965242-d986-4a8f-868d-ce8270f51d07-latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26e8:c800:17:3f5c:f800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6db4032e547ca1994e1bf21488dab79c10cdfbcc0c54f4d2faa7ff3cf885feaf

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 10:09:02 GMT
x-amz-version-id
SWCsuWptg0Q6QtRxILAYrOPGDJcNgeJR
via
1.1 5421a870e3aababe98272cc4ea364cea.cloudfront.net (CloudFront)
last-modified
Mon, 17 Jun 2024 21:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
53572
etag
"4b728eb7a2b33631d4f7c20a31fddfde"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
accept-ranges
bytes
content-length
9800
x-amz-cf-id
pIygttUVvvZfnkGJZG62w2nshlg6eN-PHyqIyqM7iQPFimqObwUOOA==
97055290.js
bat.bing.com/p/action/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/97055290.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
57dc568fabcabcbc6ecab28fb369fc7cf36db2dc082f3dde83a58ef3ad4e4f4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Thu, 04 Jul 2024 01:01:52 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: ED67C9E87F1044A49B3389CCF52A9972 Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:53Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
5a28e627
ttip-ipv4-prod.telemetry.vaultdcr.com/ 		43 B
594 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ttip-ipv4-prod.telemetry.vaultdcr.com/5a28e627?data=dmVyc2lvbj0xLjIuMTcmdG9rZW49NmY5NjUyNDItZDk4Ni00YThmLTg2OGQtY2U4MjcwZjUxZDA3JnNlc3Npb25JZD02Y2FhZDdjYi04MzlhLTNmNjYtOTkxZC05MzFkMGNhMmYzMzY%3D&date=1720054913106
Requested by
Host: d2hrivdxn8ekm8.cloudfront.net
URL: https://d2hrivdxn8ekm8.cloudfront.net/tracker-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-30.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
via
1.1 1c12254585d1d316d9380549d59e3c80.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
43
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 08 Mar 2017 06:19:28 GMT
server
AmazonS3
etag
"fb02f374b8f73825415db1bccd4bd76d"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
image/gif
access-control-allow-origin
*
x-frame-options
SAMEORIGIN
accept-ranges
bytes
x-amz-cf-id
QhvrAqQNc2pyQg0pNgPwEkM0KDWDed7I16o45gYKJijOoaCznTougA==
5a28e627
ttip-ipv6-prod.telemetry.vaultdcr.com/ 		43 B
595 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ttip-ipv6-prod.telemetry.vaultdcr.com/5a28e627?data=aXB2Nj10cnVlJnZlcnNpb249MS4yLjE3JnRva2VuPTZmOTY1MjQyLWQ5ODYtNGE4Zi04NjhkLWNlODI3MGY1MWQwNyZzZXNzaW9uSWQ9NmNhYWQ3Y2ItODM5YS0zZjY2LTk5MWQtOTMxZDBjYTJmMzM2&date=1720054913106
Requested by
Host: d2hrivdxn8ekm8.cloudfront.net
URL: https://d2hrivdxn8ekm8.cloudfront.net/tracker-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:e00:0:f171:6100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
via
1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA60-P9
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
43
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 08 Mar 2017 06:19:28 GMT
server
AmazonS3
etag
"fb02f374b8f73825415db1bccd4bd76d"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
image/gif
access-control-allow-origin
*
x-frame-options
SAMEORIGIN
accept-ranges
bytes
x-amz-cf-id
9dc17L9WBvRE_7nPKYZStq-v_BJm_ctMi6OKqlGSU78BNWOWcnO68A==
5a28e627
tte-prod.telemetry.vaultdcr.com/ 		43 B
594 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tte-prod.telemetry.vaultdcr.com/5a28e627?data=dmVyc2lvbj0xLjIuMTcmdG9rZW49NmY5NjUyNDItZDk4Ni00YThmLTg2OGQtY2U4MjcwZjUxZDA3JnNlc3Npb25JZD02Y2FhZDdjYi04MzlhLTNmNjYtOTkxZC05MzFkMGNhMmYzMzYmY29va2llU3VwcG9ydD1QRVJTSVNUJmV2ZW50PXBhZ2V2aWV3JiUyNG9zPVdpbmRvd3MmJTI0Y3VycmVudFVybD1odHRwcyUzQSUyRiUyRmludGVybmFsLmRvbmVmaXJzdC5jb20lMkY%3D&date=1720054913108
Requested by
Host: d2hrivdxn8ekm8.cloudfront.net
URL: https://d2hrivdxn8ekm8.cloudfront.net/tracker-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
43
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 08 Mar 2017 06:19:28 GMT
server
AmazonS3
etag
"fb02f374b8f73825415db1bccd4bd76d"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
image/gif
access-control-allow-origin
*
x-frame-options
SAMEORIGIN
accept-ranges
bytes
x-amz-cf-id
ecy3AoB6fDUJd2ewwkHyv6nW5w2aUfZvG-5oxpdt1nnZiKBrHf_WmA==
associate-segment
segment.prod.bidr.io/
Redirect Chain
  • https://segment.prod.bidr.io/associate-segment?buzz_key=tatari&segment_key=tatari-4659&value=&uncacheplz=7966139694
  • https://segment.prod.bidr.io/associate-segment?buzz_key=tatari&segment_key=tatari-4659&value=&uncacheplz=7966139694&_bee_ppp=1
43 B
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segment.prod.bidr.io/associate-segment?buzz_key=tatari&segment_key=tatari-4659&value=&uncacheplz=7966139694&_bee_ppp=1
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Server
52.50.246.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-246-167.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
Date
Thu, 04 Jul 2024 01:01:53 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://segment.prod.bidr.io/associate-segment?buzz_key=tatari&segment_key=tatari-4659&value=&uncacheplz=7966139694&_bee_ppp=1
Date
Thu, 04 Jul 2024 01:01:53 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
97055290
www.clarity.ms/tag/uet/ 		877 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/97055290?insights=1
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/97055290.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9f36cf26f67fcc9f0612f69d2001d98902f36772ec60cf434eed1c039b258b6d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Thu, 04 Jul 2024 01:01:53 GMT
x-azure-ref
20240704T010153Z-r195c4c79d9sqgckvvz1u2gg3c000000025000000000m2ed
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
877
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
up
ib.adnxs.com/pixie/ 		9 B
313 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/pixie/up?pi=70eeaab6-6149-470f-8948-f3d75ff06bcb
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/up/pixie.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e4b9a4d34a563158069f54e72a34585d7a2a25f753b9b30220d429d2bc8624b8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:53 GMT
server
nginx/1.23.4
access-control-max-age
0
access-control-allow-methods
GET, OPTIONS
content-type
application/xml
access-control-allow-origin
https://internal.donefirst.com
access-control-allow-credentials
true
x-proxy-origin
80.255.7.103; 80.255.7.103; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
access-control-allow-headers
Content-Type
content-length
9
pixie
ib.adnxs.com/ 		42 B
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/pixie?e=PageView&pi=70eeaab6-6149-470f-8948-f3d75ff06bcb&it=1720054913235&v=0.0.38&u=https%3A%2F%2Finternal.donefirst.com%2F&st=1720054913234&et=1720054913415&if=0
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:53 GMT
cache-control
no-cache, no-store, must-revalidate
server
nginx/1.23.4
x-proxy-origin
80.255.7.103; 80.255.7.103; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
42
content-type
image/gif
clarity.js
www.clarity.ms/s/0.7.34/ 		61 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.34/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/97055290?insights=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
fffc6ed23cfeabaaace717503bfabd907816869c8c5ff38a2127b8284e8c5988

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:53 GMT
content-encoding
br
last-modified
Thu, 23 May 2024 23:20:12 GMT
etag
W/"0x8DC7B7EE5574D78"
vary
Accept-Encoding
x-azure-ref
20240704T010153Z-r195c4c79d9sqgckvvz1u2gg3c000000025000000000m2ef
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
fdf07a98-801e-0015-2ba9-cc3968000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
/
ariane.abtasty.com/ 		43 B
418 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ariane.abtasty.com/
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/shared/analytics.3c18a0da3d23b668b00c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jul 2024 01:01:53 GMT
x-envoy-decorator-operation
entrypoint.workload.svc.cluster.local:8080/*
via
1.1 google
access-control-allow-methods
GET,HEAD,POST
content-type
image/gif
access-control-allow-origin
https://internal.donefirst.com
cache-control
must-revalidate, no-cache, private
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Origin,Accept,Set-Cookie,X-ABTasty-CrossDomain
content-length
43
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
collect
q.clarity.ms/ 		0
286 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.34/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/x-clarity-gzip
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://internal.donefirst.com
Date
Thu, 04 Jul 2024 01:01:54 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyALFmDoVNb5DrQbvRkAUghtQw1dvqZgg6Q&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f10.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://internal.donefirst.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
proxy
unleash.donefirst.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://unleash.donefirst.com/proxy?sessionId=832642e0-6514-479a-b499-82b7df2698c5&environment=development&appName=done-app
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.94.155.128 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
128.155.94.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,if-none-match
Access-Control-Request-Method
GET
Origin
https://internal.donefirst.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
authorization,content-type,if-none-match
access-control-allow-methods
POST,GET,PUT,DELETE,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
ETag
access-control-max-age
172800
content-length
0
date
Thu, 04 Jul 2024 01:01:54 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Access-Control-Request-Headers
/
us.i.posthog.com/decide/ 		502 B
676 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://us.i.posthog.com/decide/?v=3&ip=1&_=1720054914221&ver=1.121.1&compression=base64
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.224.91.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-224-91-174.compute-1.amazonaws.com
Software
envoy /
Resource Hash
4fcab2cb309663ccecacee87ac5282424026713d8ef6575a1998a9c760ec74ba
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
same-origin
server
envoy
cross-origin-opener-policy
same-origin
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://internal.donefirst.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
access-control-allow-headers
X-Requested-With,Content-Type
v3
js.stripe.com/ 		619 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-64.fra60.r.cloudfront.net
Software
Cloudfront /
Resource Hash
ce3a2c1f166951c17a773f8a1e503d7a416d5430854edf0ad5ea1460bfd92672
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:44 GMT
content-encoding
br
via
1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
57
x-amz-cf-pop
FRA60-P1
x-cache
Hit from cloudfront
last-modified
Wed, 03 Jul 2024 20:43:00 GMT
server
Cloudfront
etag
W/"16095b208fce1f9394656811fb5b307e"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
yP3F4cA5LDkYZQ7FYEtQ3qkYozPNheIpwRSBk7egbSgXghh1Aoy0vQ==
68200.js
www.dwin1.com/ 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dwin1.com/68200.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:f:8ce2:fb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5aab894467b7acf3f82c0d2b0bb70b5c76cbfd87e049198bf3bac7f53e05f999

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
pvMY6lmJhpNWpqjfmBwY1cZSSypNtJvR
content-encoding
gzip
via
1.1 16dc09493f48bbc1fd2cdd6e175a94f6.cloudfront.net (CloudFront)
date
Thu, 04 Jul 2024 01:01:55 GMT
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 12 Jun 2024 08:43:36 GMT
server
AmazonS3
etag
W/"c8cbef53e6d511976283eba9dfaae98d"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600, s-maxage=600
x-amz-cf-id
4Ml-oI9RFQNRnIrI6NnX7Ynno1p30as153boAmFTyU8_sifmwcvStg==
gtm.js
www.googletagmanager.com/ 		355 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b2f79aaea08345904caece465204692f4201aa9e2a42317c723e864fd59dca30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112738
x-xss-protection
0
last-modified
Thu, 04 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 04 Jul 2024 01:01:54 GMT
proxy
unleash.donefirst.com/ 		7 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://unleash.donefirst.com/proxy?sessionId=832642e0-6514-479a-b499-82b7df2698c5&environment=development&appName=done-app
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.94.155.128 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
128.155.94.34.bc.googleusercontent.com
Software
/
Resource Hash
1f8f06b20c720b422e52f2fea8b8013f452af1168132bc378d39b86724dfc3a2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
U0cuRklOMTBPZ1JUcENOWWwxNS13TUc5dy53TllzYXNkYXNk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://internal.donefirst.com/
If-None-Match
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
etag
W/"1d12-nr2ahtI6weuiWfhdnO9QtQ8aBwQ"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
public, max-age=2
/
us.i.posthog.com/e/ 		13 B
415 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://us.i.posthog.com/e/?ip=1&_=1720054914285&ver=1.121.1&compression=base64
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.224.91.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-224-91-174.compute-1.amazonaws.com
Software
envoy /
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
same-origin
server
envoy
cross-origin-opener-policy
same-origin
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://internal.donefirst.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
8
access-control-allow-headers
X-Requested-With,Content-Type
0
bat.bing.com/action/ 		0
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=97055290&Ver=2&mid=4a95b24d-afd7-472e-a1c0-c7ea1cbc9cbd&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&kw=done%20treatment,%20done%20adhd,%20done%20first,%20add%20treatment%20los%20angeles,%20add%20treatment%20san%20francisco,%20add%20treatment%20san%20diego,%20adhd%20treatment,%20dextroamphetamine,%20add%20assessment,%20vyvance%20effect,%20adult%20add%20diagnosis,%20adhd%20treatment%20los%20angeles,%20adhd%20treatment%20san%20francisco,%20adhd%20treatment%20san%20diego,%20psychiatrist%20san%20diego,%20psychiatrist%20san%20francisco,%20psychiatrist%20los%20angeles,%20mental%20health%20help%20online,%20online%20adhd%20help,%20adult%20attention%20deficit,%20online%20psychiatrist,%20vyvanse%20price,%20adderall%20price,%20adderall%20XR%20side%20effect,%20adderall%20XR%20price&p=https%3A%2F%2Finternal.donefirst.com%2F&r=&lt=1837&evt=pageLoad&sv=1&rn=194232
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:53 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: FB3E2FAE346D4899AC162C493C9A4734 Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:54Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		328 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4PBKP8YN1D&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d9ec5b5d70a4e33ed88c835a21be0bafa15b14ced986b5ebda90520bd3d6b964
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109849
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 04 Jul 2024 01:01:54 GMT
hotjar-3026948.js
static.hotjar.com/c/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3026948.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-53.fra56.r.cloudfront.net
Software
/
Resource Hash
45d3316ce3fd1496596938557f941ed94f1cfa79af64405e9006a185ab22da0f
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/a821ac7319413e830d6cee06e3259fa6
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
pgM-r9xbe1WqYjXktQIaGpmnXyzheVEie8DVWUevfxIU9t9bSjbDWw==
destination
www.googletagmanager.com/gtag/ 		265 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-692910529&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b6e25dc640e05959ac6dc1302dc974de7d29a68cc3408ae896141f525b78c988
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93705
x-xss-protection
0
last-modified
Thu, 04 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 04 Jul 2024 01:01:54 GMT
qevents.js
a.quora.com/ 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.quora.com/qevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.152.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
x-amz-version-id
jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
M04HPBTPY5GDBBF5
age
5367860
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ=
last-modified
Thu, 28 Mar 2024 17:33:19 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:87b5ecaafd0e88097cbbb1bbb7695fe9
etag
W/"87b5ecaafd0e88097cbbb1bbb7695fe9"
vary
Accept-Encoding
content-type
text/plain
cache-control
public, max-age=14400
cf-ray
89db2fd01af4452e-TXL
expires
Thu, 04 Jul 2024 05:01:54 GMT
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-etou8220111-FRA
insight.min.js
snap.licdn.com/li.lms-analytics/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Jun 2024 16:46:52 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=18715
accept-ranges
bytes
content-length
14004
pixel.js
www.redditstatic.com/ads/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 20 Jun 2024 19:23:03 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
12116
fbevents.js
connect.facebook.net/en_US/ 		222 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 04 Jul 2024 01:01:54 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58293
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
wCDf2RDO1bX3aw4cdsBcsWZm7ZpxEguO/rGqjX936aH37Ip2JOjJwEeBcyANVpPdmX2EMwQCf29z8rXl68Uvlg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C5TG8F068TKST8M2I6HG&lib=ttq
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
aec102d295af6c079e3a78b20e5a53a04c964011973c890c09596809d13893d4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
c67a0a91.93499c8
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24070401015462005B57520CDE2DA264-783C4C7E6D589CAA-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
96,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=87, origin; dur=9, inner; dur=4
content-length
1998
pragma
no-cache
server
nginx
x-tt-logid
2024070401015462005B57520CDE2DA264
x-cache-remote
TCP_MISS from a23-220-104-17.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
9,23.220.104.17
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258cb074df22910cf8947a4a87625c375017beaa48e51fb61a94142b5e6453db202c86a5e47f1465d861e8fe853b62095c6cf66eb3cc78c341ebfb50a56d7dd536be93c74b38ff2c42f8f1f0492d64f46b0
expires
Thu, 04 Jul 2024 01:01:54 GMT
A3470676-2806-4f48-87b7-947a6a77428f1.js
utt.impactcdn.com/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://utt.impactcdn.com/A3470676-2806-4f48-87b7-947a6a77428f1.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
72.249.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
aeff0ea037bcb57b6e00d7a5962d5274d728e62538030de0470e1ad57faaa6ac

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ACJd0NoI_jVheaSdZGlsAvVgl8HCTWsqreXe9g9ZdbzS2TkyLEf0AsY8ih8kheSi9LmUulJdJx0
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15309
last-modified
Wed, 24 Apr 2024 20:22:23 GMT
server
UploadServer
etag
"0b9c726e3b1973bd381328187e557926"
vary
Accept-Encoding
x-goog-generation
1713990143517557
x-goog-hash
crc32c=Nu9iSg==, md5=C5xybjsZc704EygYflV5Jg==
access-control-allow-origin
*
content-type
text/javascript; charset=utf-8
cache-control
public,max-age=900,s-maxage=300
x-goog-stored-content-length
15309
accept-ranges
bytes
expires
Thu, 04 Jul 2024 01:06:54 GMT
mkq.min.js
pixeltrack.clientgear.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixeltrack.clientgear.com/mkq.min.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
163.181.130.165 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
eb69632d9691758bde4f9baaf565731bb33fa546d5b08a7fe0a5bc997aee2619

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 10:35:00 GMT
via
cache19.l2de2[0,0,304-0,H], cache14.l2de2[1,0], cache14.l2de2[1,0], ens-cache5.de8[0,0,200-0,H], ens-cache2.de8[0,0]
content-encoding
gzip
last-modified
Fri, 29 Mar 2024 09:19:35 GMT
server
Tengine
age
52014
x-swift-cachetime
86400
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ali-swift-global-savetime
1720002900
content-type
application/javascript
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime
Wed, 03 Jul 2024 10:35:00 GMT
timing-allow-origin
*
content-length
1034
eagleid
a3b5828617200549146457200e
ld.js
dynamic.criteo.com/js/ld/ 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dynamic.criteo.com/js/ld/ld.js?a=101724
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
410f3c8c25d171e7be35ac5038a6830da60e6a5b3e609ac8cb847eaa81722d1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; preload;
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public,max-age=10800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
scevent.min.js
sc-static.net/ 		50 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.163.248.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
fcc3c439edc63318783aed993f9d2a5be255270297b5453bceb2384d9993886c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
via
1.1 8b4e911b05f0c34bf3d36e7de31e2172.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
TXL50-P3
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
21453
x-amz-cf-id
EN2OS623KeTqxZ-PIPuQvD7wYa_aLPnBnBmQMX_IW7XXFpj1lgiSNQ==
events.js
analytics.tiktok.com/i18n/pixel/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKRTQNBC77UBVPRACT70&lib=ttq
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9cdc35e26fa95bfbe67faab29ac9a0e8b08c4f8faa8d014fcab5793d9b7b5aa3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
4b76b298.9349a4a
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2407040101547BF5DA5D48F4A541853F-45F046839096C0D9-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
98,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=87, origin; dur=12, inner; dur=5
content-length
1562
pragma
no-cache
server
nginx
x-tt-logid
202407040101547BF5DA5D48F4A541853F
x-cache-remote
TCP_MISS from a23-52-15-109.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
12,23.52.15.109
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a25872f4e28cd0495c20466fa037aa58aab6ab83c6068c2232b53cc1c41ef11860338b8525c47a7e5ff39ce755dcfd3a6ac1852c447d3977f7a05759b9be0e5e5be62cc496d9999ea55df47bd86c1d0b9734
expires
Thu, 04 Jul 2024 01:01:54 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CM03TNJC77U2ODAMUB50&lib=ttq
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3913a3083decb201f08e5f3dd57279d5647939749255ac29d85929f365aaf2bd

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
bb8c696.9349a4b
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2407040101541294C0AC3695778855C0-66129BDB6BEBB299-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
102,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=94, origin; dur=8, inner; dur=4
content-length
1998
pragma
no-cache
server
nginx
x-tt-logid
202407040101541294C0AC3695778855C0
x-cache-remote
TCP_MISS from a23-48-200-10.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
8,23.48.200.10
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258a79c6fbbf0ed8df49e533fe4f060d86b24540cfc4f5b713f7ff25b574f56275b7aeb89d71ae9454d92f305f1849a899a2e14a9a9aab394ea886525a3c10abe4cca3cc0d19ed602587f9bc28899430c02
expires
Thu, 04 Jul 2024 01:01:54 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CMKCL7BC77U667VEDAM0&lib=ttq
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3a74a90dbffe0575f938505345f2250626a576303e534287381fb035934cc152

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
35a038ca.9349a4c
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010154767EC47A1974BD27C26B-03D771B25D4C3EED-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
98,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=91, origin; dur=7, inner; dur=4
content-length
1973
pragma
no-cache
server
nginx
x-tt-logid
20240704010154767EC47A1974BD27C26B
x-cache-remote
TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
7,23.220.104.8
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258f7717fbcd4849a2eca1ac098400a4f86a8e594abe9fc7947dc78a9bbbb9aa3dd7cd5d27a3267b4de1b41cee9df2b7a6b59e1b8c590cebc3c9c92e00816d214056077ce6df8a213e6a9dde7ea42bed604
expires
Thu, 04 Jul 2024 01:01:54 GMT
plerdy_ab-min.js
a.plerdy.com/public/js/click/ 		38 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.plerdy.com/public/js/click/plerdy_ab-min.js?v=2d0f4be
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
798923cf9bc4c8d30ca45e5c529ccb635ca4f409e9c8f8e9c91da55b5297570f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10131
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 08 Jun 2024 16:02:06 GMT
server
cloudflare
etag
W/"6664807e-98dc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fF3mAsYsyBTfjaladghWkbHAWuPqlAFds%2BnlkAq4IedB7seTfNSqfFOmUWmSSTM779SsEKldc89UrfltPiRcCj%2FtxseXJBrL%2FiCX9TUDlNaRifk3tkq0fjwHQ8EDpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
89db2fd108229f2e-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
main.js
a.plerdy.com/public/js/click/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.plerdy.com/public/js/click/main.js?v=0.8416571472663854
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d3b5fa0ef825696e739e51af484299cf857613a5d8b6b68277a6fcaad02a5b6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 01 Jul 2024 19:07:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6682fe84-1e28"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UAAkxGIYiFQMRHYSjD9HqQuo%2FL3yMalVAZPDjAw8wqDqHkhoQFzy4Bu%2FIoRz3ZaDSu7z77h73fSOZpDtvFCR4hRbyneY72KYCVBgEkCKQNeR2NaBhNdpJ%2FIVg1hh0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
89db2fd108219f2e-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
spx
dx.mountain.com/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=37716&tdr=&plh=https%3A%2F%2Finternal.donefirst.com%2F&cb=54760518575743020term=value
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-7-151-245.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
17b9a0d37a5c79515baf5e2588c6849fcb98a0e94befc480988c29d3ae020c09

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
server
istio-envoy
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
x-envoy-upstream-service-time
7
be
spx-prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		206 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-182438183-1&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
86bb4515d850266ba9329c4f5f8e9ad31664615391681570b4f37720b3fbb948
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75974
x-xss-protection
0
last-modified
Thu, 04 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 04 Jul 2024 01:01:54 GMT
pixel
q.quora.com/_/ad/535d353f6371448aaed39c670a9641a4/ 		43 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q.quora.com/_/ad/535d353f6371448aaed39c670a9641a4/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Finternal.donefirst.com%2F
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.71.218.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-218-52.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 04 Jul 2024 01:01:55 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Server
nginx
Connection
keep-alive
Content-Length
43
X-Q-Stat
,ea9630f1386168f18dfb74e5a8360bc0,10.0.0.13,26904,80.255.7.103,,259135207661,1,1720054915.101,0.002,,.,0,0,0.000,0.000,-,0,0,203,144,72,10,34729,,,,,,-,
Content-Type
image/gif
0
bat.bing.com/action/ 		0
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=97055290&Ver=2&mid=58ba6b4e-16ad-47a5-9e6b-2f58feb9f2fb&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&kw=done%20treatment,%20done%20adhd,%20done%20first,%20add%20treatment%20los%20angeles,%20add%20treatment%20san%20francisco,%20add%20treatment%20san%20diego,%20adhd%20treatment,%20dextroamphetamine,%20add%20assessment,%20vyvance%20effect,%20adult%20add%20diagnosis,%20adhd%20treatment%20los%20angeles,%20adhd%20treatment%20san%20francisco,%20adhd%20treatment%20san%20diego,%20psychiatrist%20san%20diego,%20psychiatrist%20san%20francisco,%20psychiatrist%20los%20angeles,%20mental%20health%20help%20online,%20online%20adhd%20help,%20adult%20attention%20deficit,%20online%20psychiatrist,%20vyvanse%20price,%20adderall%20price,%20adderall%20XR%20side%20effect,%20adderall%20XR%20price&p=https%3A%2F%2Finternal.donefirst.com%2F&r=&lt=1837&evt=pageLoad&sv=1&rn=771367
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 253DD5778BE9471A981BDB064BC7351F Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:54Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
343123620.js
bat.bing.com/p/action/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/343123620.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b9465a7a67129d8a97a41bd43fd8b01e182f6cc7e69e08aca601024bb70cb0fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Thu, 04 Jul 2024 01:01:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 1027A29816F143EA890C56B3A66685CC Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:54Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
0
bat.bing.com/action/ 		0
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=343123620&Ver=2&mid=c64029ea-68b6-461a-a171-698b6234bce0&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&kw=done%20treatment,%20done%20adhd,%20done%20first,%20add%20treatment%20los%20angeles,%20add%20treatment%20san%20francisco,%20add%20treatment%20san%20diego,%20adhd%20treatment,%20dextroamphetamine,%20add%20assessment,%20vyvance%20effect,%20adult%20add%20diagnosis,%20adhd%20treatment%20los%20angeles,%20adhd%20treatment%20san%20francisco,%20adhd%20treatment%20san%20diego,%20psychiatrist%20san%20diego,%20psychiatrist%20san%20francisco,%20psychiatrist%20los%20angeles,%20mental%20health%20help%20online,%20online%20adhd%20help,%20adult%20attention%20deficit,%20online%20psychiatrist,%20vyvanse%20price,%20adderall%20price,%20adderall%20XR%20side%20effect,%20adderall%20XR%20price&p=https%3A%2F%2Finternal.donefirst.com%2F&r=&lt=1837&evt=pageLoad&sv=1&rn=255967
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: FB699D8D157B48EEAAE878189D554509 Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:54Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/ 		0
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=343123620&Ver=2&mid=c64029ea-68b6-461a-a171-698b6234bce0&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&gtm_tag_source=awct&tpp=1&ea=692910529%2FfLvGCK7U9okDEMHzs8oC&en=Y&p=https%3A%2F%2Finternal.donefirst.com%2F&sw=1600&sh=1200&sc=24&evt=custom&rn=220209
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B358C9F6371143BF844A874DE4E55D1B Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:54Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
97055290
www.clarity.ms/tag/uet/ 		827 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/97055290?insights=1
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/97055290.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d57a156c7e1124096c097d389f7554d1ae5107c305561f1e3344288b0a7ce74d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Thu, 04 Jul 2024 01:01:54 GMT
x-azure-ref
20240704T010154Z-r195c4c79d9sqgckvvz1u2gg3c000000025000000000m2ff
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
827
request-context
appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
343123620
www.clarity.ms/tag/uet/ 		816 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/343123620
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/343123620.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
291fc0f423fb2eabe5959317cf6b34c7e87c6c8e799732dd0f03625003ce5ecf

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Thu, 04 Jul 2024 01:01:54 GMT
x-azure-ref
20240704T010154Z-r195c4c79d9sqgckvvz1u2gg3c000000025000000000m2fm
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
816
request-context
appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-182438183-1&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 03 Jul 2024 23:41:01 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4853
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 04 Jul 2024 01:41:01 GMT
/
www.googleadservices.com/pagead/conversion/692910529/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/692910529/?random=1720054914660&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Finternal.donefirst.com%2F&label=fLvGCK7U9okDEMHzs8oC&hn=www.googleadservices.com&frm=0&tiba=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&value=0&bttype=purchase&npa=1&pscdl=noapi&auid=860882043.1720054915&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-692910529&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
36cc1dbb3d2bc9f845873a7e9ed11e119dcff85429d8ee5e5aab973a18eb8014
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1699
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-4PBKP8YN1D&gtm=45je4730v9118323173z8834275605za200zb834275605&_p=1720054914224&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=95250752&cid=136121451.1720054915&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720054914&sct=1&seg=0&dl=https%3A%2F%2Finternal.donefirst.com%2F&dt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2241&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4PBKP8YN1D&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:54 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://internal.donefirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
258 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4PBKP8YN1D&cid=136121451.1720054915&gtm=45je4730v9118323173z8834275605za200zb834275605&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4PBKP8YN1D&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:54 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://internal.donefirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4PBKP8YN1D&cid=136121451.1720054915&gtm=45je4730v9118323173z8834275605za200zb834275605&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=348786973
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:54 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
vs
event.clientgear.com/ 		14 B
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://event.clientgear.com/vs?t=0.9315676502102519
Requested by
Host: pixeltrack.clientgear.com
URL: https://pixeltrack.clientgear.com/mkq.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.252.78.131 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash
6b26cef94d7114ab2253f65625bbf062f26553ea18d500b59eb03d7c9ab4e073

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://internal.donefirst.com
date
Thu, 04 Jul 2024 01:01:55 GMT
access-control-allow-credentials
true
content-length
14
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=UTF-8
adsct
t.co/1/i/ 		43 B
374 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4cbcb4b5-a4a6-45e1-93c9-a05495875323&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=1f3412d0-bd89-4988-82cb-2aa162817f60&tw_document_href=https%3A%2F%2Finternal.donefirst.com%2F&tw_iframe_status=0&txn_id=o6u21&type=javascript&version=2.3.30
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
190
date
Thu, 04 Jul 2024 01:01:54 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
0ffa1466c474e220
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
38a07f39607dd651d6dab2a22b44ecaf91e00af1edfc78f6e8b1ddd6eee5a6fb
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
724 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=4cbcb4b5-a4a6-45e1-93c9-a05495875323&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=1f3412d0-bd89-4988-82cb-2aa162817f60&tw_document_href=https%3A%2F%2Finternal.donefirst.com%2F&tw_iframe_status=0&txn_id=o6u21&type=javascript&version=2.3.30
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
109
date
Thu, 04 Jul 2024 01:01:54 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
67ec1818f409c0d3
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
cac31e0c1d491943028ab325f05d2bb4e3dd52b60df9f63914e3b5e4ffa0dc51
content-length
43
/
px.ads.linkedin.com/wa/ 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Accept
*
Referer
https://internal.donefirst.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 25CCAD2C18C447C9A64CAF08FA3E2FCD Ref B: FRAEDGE2006 Ref C: 2024-07-04T01:01:54Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
access-control-allow-origin
https://internal.donefirst.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYcYX4xCvCbZzPS2MDfIQ==
attribution_trigger
px.ads.linkedin.com/ 		2 B
813 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=5450140&time=1720054914705&url=https%3A%2F%2Finternal.donefirst.com%2F&tm=gtmv2
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
*
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: A3022D044F1547F5B7AB85205B518737 Ref B: DUS30EDGE0410 Ref C: 2024-07-04T01:01:54Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-ltx1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYcYX4yT0J5dA/I0J/huw==
x-fs-uuid
00061c617e324f4279740fc8d09fe1bb
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5450140&time=1720054914705&url=https%3A%2F%2Finternal.donefirst.com%2F&tm=gtmv2
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5450140&time=1720054914705&url=https%3A%2F%2Finternal.donefirst.com%2F&tm=gtmv2&e_ipv6=AQL0GIW7CwPXbwAAAZB7QyBL0s-uVPoseDWC6kScUOaGoLR3O4w5Pao2IR...
0
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5450140&time=1720054914705&url=https%3A%2F%2Finternal.donefirst.com%2F&tm=gtmv2&e_ipv6=AQL0GIW7CwPXbwAAAZB7QyBL0s-uVPoseDWC6kScUOaGoLR3O4w5Pao2IR-bCWnoUTlO0eY
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 47DB01F066A846FBB36C9A7B4F5BEDDB Ref B: FRAEDGE1112 Ref C: 2024-07-04T01:01:55Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYcYX4+rx/7QUVe0Tu7zg==

Redirect headers

date
Thu, 04 Jul 2024 01:01:55 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 260C512673574FC1813E46994E8E40E2 Ref B: FRAEDGE2006 Ref C: 2024-07-04T01:01:54Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5450140&time=1720054914705&url=https%3A%2F%2Finternal.donefirst.com%2F&tm=gtmv2&e_ipv6=AQL0GIW7CwPXbwAAAZB7QyBL0s-uVPoseDWC6kScUOaGoLR3O4w5Pao2IR-bCWnoUTlO0eY
x-li-proto
http/2
content-length
0
x-li-uuid
AAYcYX42C0Wn30x090/21A==
modules.e4b2dc39f985f11fb1e4.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3026948.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-107.fra56.r.cloudfront.net
Software
/
Resource Hash
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 08:11:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
233447
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56291
last-modified
Mon, 01 Jul 2024 08:10:34 GMT
etag
"ca025d2d8ae4b3dc51e058b782590501"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
L4c_cz4HUfcBNapT-ZwpScu9PRyh4PJS7YECloSgLkRETRxSTmL6_A==
config
pixel-config.reddit.com/pixels/t2_488a8yuf/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_488a8yuf/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
via
1.1 varnish
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
content-length
27
t2_488a8yuf_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_488a8yuf_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
97
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1720054914712&id=t2_488a8yuf&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=7fd0670b-3c6d-4d37-91dd-1129bdbbf7a0&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
syncframe
gum.criteo.com/ Frame 7563 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?topUrl=internal.donefirst.com&origin=onetag
Requested by
Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=101724
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 04 Jul 2024 01:01:54 GMT
server
Kestrel
server-processing-duration-in-ticks
339607
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
180371899699472
connect.facebook.net/signals/config/ 		78 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/180371899699472?v=2.9.160&r=stable&domain=internal.donefirst.com&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f98b8e32caf0b7fbbed91da56d37b9de8459aa7094d55874970cc102feee1cf8
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 04 Jul 2024 01:01:55 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=45, rtx=0, c=65, mss=1297, tbw=63799, tp=-1, tpl=-1, uplat=262, ullat=1
pragma
public
x-fb-debug
1UzGCoFgg5fwSlUqITChMikwhVjK+xZ/SSPzfgHe8zoHCUnb31jKRLW1K29KKvn8ovh3x2C1SO0J59KshO9+3A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
main.MWU2NDEzYzJiMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		344 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C5TG8F068TKST8M2I6HG&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8b5eaf40218075cea5deeb7f5b1f281030c970a307707acb1a2057518c64a902

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
9349c8f
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20240702114426D0F726B66137C17992F3
x-tt-trace-id
00-240702114426D0F726B66137C17992F3-4B7772C389F127D5-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01531793d5ed244d419479b47e5ed17cd99f3b5d8feb0a512d376321d222dda0978df5ec7e4f5854c2d8745f245dc40f1b05810f5217cec4611b06280c430a0538396d29390241258ac7a6efa3342c06a3e3f8cf45d4670bfea83cdb2c7449f5a5
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
100258
7981e6fd-ddbd-4f93-a9c1-0a26070f516e.json
tr.snapchat.com/config/com/ 		117 B
405 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/config/com/7981e6fd-ddbd-4f93-a9c1-0a26070f516e.json?v=3.21.1-2407011851
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
fc740a7dd685e149ac9c20befb93b7e127249aa2d260a3b5f6b0ab696051e8a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
accept
application/json
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
observe-browsing-topics
?1
content-type
application/json
access-control-allow-origin
https://internal.donefirst.com
x-envoy-upstream-service-time
98
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
117
i
tr.snapchat.com/cm/ Frame B451 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/i?pid=7981e6fd-ddbd-4f93-a9c1-0a26070f516e&u_scsid=d817fd12-bf67-4982-bb10-0b9a55270c9e&u_sclid=22f67a18-8f70-4ad3-8c96-7e5ba1f9dc7b
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jul 2024 01:01:54 GMT
server
API Gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via
1.1 google
x-envoy-upstream-service-time
0
main.MWU2NDEzYzJiMA.js
analytics.tiktok.com/i18n/pixel/static/ 		339 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMA.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKRTQNBC77UBVPRACT70&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8878a6113d3767fcb0f7c88fdc432c839a4e4e6fe97dec5e24b0d5eb32addd88

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
9349dca
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202407021144256F1799BCFBB1924158D2
x-tt-trace-id
00-2407021144256F1799BCFBB1924158D2-2A68EE747F66BE05-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
0155149eb8bb872112bf4f9a3ee60e1190a5899c6a3ddd6a843d4f3fad847f450edbea98a5ddd1346d930bacf808aee2b727ccf5a136632833a999f4c511f68fdaf9f9e37e42efab140fb07e64dfea15fecc9811408c45c0aa9a26e769b8d9c873
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=15
content-length
98473
detector.js
h.plerdy.com/public/js/click/ 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://h.plerdy.com/public/js/click/detector.js?v=33
Requested by
Host: a.plerdy.com
URL: https://a.plerdy.com/public/js/click/main.js?v=0.8416571472663854
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c58ef6688ea79d415a0c590a7346e97a51de70b4f42dbf848f20a78487f86dbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
strict-transport-security
max-age=31536000;
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
28
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 01 Jul 2024 19:04:57 GMT
server
cloudflare
etag
W/"6682fdd9-65b5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZpijB6Y2u%2BNbaJrptbFOwUc892auGCEYUXnEc8W6cxbelYm%2BlDLJudcIQIO0ID4Jllzs%2B1xDs%2FgslP8EFFZPEIkyXRF58duzg%2Be0BhkcKwWaN4uxI3SkVtNdBz3fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
89db2fd1e8aa9f2e-FRA
expires
Thu, 04 Jul 2024 01:01:45 GMT
leave
f.plerdy.com/click/ 		46 B
517 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://f.plerdy.com/click/leave
Requested by
Host: a.plerdy.com
URL: https://a.plerdy.com/public/js/click/plerdy_ab-min.js?v=2d0f4be
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8b9f8f10c925be1c2cb4bd6ece23720c6865b2500c860e3b7ac616b17e82491

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgZvT2cBKKNEsnpnpDVEDsZQ2ML1suKH2Khrb8YxjI7tUOcXc6h5O2t6%2FHBYYEnwpFbeMwWyeOZoDA5jz%2B%2FV6g6rWZM5OLvwU6%2Bg2WVYA%2BNH3jtCq7mxojWis7yShw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, private
cf-ray
89db2fd26f6f3a43-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 04 Jul 2024 01:01:54 GMT
collect
www.google-analytics.com/j/ 		2 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=982336082&t=pageview&_s=1&dl=https%3A%2F%2Finternal.donefirst.com%2F&ul=de-de&de=UTF-8&dt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1507742280&gjid=1669253120&cid=136121451.1720054915&tid=UA-182438183-1&_gid=1226386994.1720054915&_r=1&gtm=457e4730za200zb834275605&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&jsscut=1&npa=1&z=1194460322
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://internal.donefirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/692910529/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=...
  • https://www.google.com/pagead/1p-conversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=sy...
  • https://www.google.de/pagead/1p-conversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=syp...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Finternal.donefirst.com%2F&label=fLvGCK7U9okDEMHzs8oC&hn=www.googleadservices.com&frm=0&tiba=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&value=0&npa=1&pscdl=noapi&auid=860882043.1720054915&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI99LD8ZeMhwMVOfE7Ah1K-AgkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6H2h0dHBzOi8vaW50ZXJuYWwuZG9uZWZpcnN0LmNvbS8&is_vtc=1&cid=CAQSGwDaQooLlo-RuNbjIHc8Pu5T9I235P7ZtxIyDA&eitems=ChAI8O2TtAYQ1vHkqoThrbZkEh0ADSyhrpuMrcx-U5JIDdZGryHl5o2qfDksbZ6yXA&random=3685445583&ipr=y
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H3
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/692910529/?random=736944539&cv=11&fst=1720054914660&bg=ffffff&guid=ON&async=1&gtm=45be4730v869729049z8834275605za201zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Finternal.donefirst.com%2F&label=fLvGCK7U9okDEMHzs8oC&hn=www.googleadservices.com&frm=0&tiba=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&value=0&npa=1&pscdl=noapi&auid=860882043.1720054915&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI99LD8ZeMhwMVOfE7Ah1K-AgkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6H2h0dHBzOi8vaW50ZXJuYWwuZG9uZWZpcnN0LmNvbS8&is_vtc=1&cid=CAQSGwDaQooLlo-RuNbjIHc8Pu5T9I235P7ZtxIyDA&eitems=ChAI8O2TtAYQ1vHkqoThrbZkEh0ADSyhrpuMrcx-U5JIDdZGryHl5o2qfDksbZ6yXA&random=3685445583&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
identify_ce1d8843.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
9349f6f
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202405211400009F19F3F262ADB0F2F94C
x-tt-trace-id
00-2405211400009F19F3F262ADB0F2F94C-4777DC948454243B-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
0164d4df9127cd0260f8a4d34aa07b9aa9f371a909ebd4d6ca565c8a7d59062b9761b58c53aeab233271348eb425c6f751b243a09cac72fa7be95a444412353403240d0302b3219e337457d9570807f6b4cbc7dfa2f3740b0370a3b91e10e7b7f6
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length
39700
pixel
analytics.tiktok.com/api/v2/ 		0
843 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2d05879a.9349f8f
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010154A3D9AC337FDE202E1A1D-4F397C915F8D27A2-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
116,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=93, origin; dur=28, inner; dur=23
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010154A3D9AC337FDE202E1A1D
x-cache-remote
TCP_MISS from a23-220-104-219.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
28,23.220.104.219
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a2585665bb0866459a5b7276070601993d32d80c90f2213b7fc2018f42a0fdcc19ece3f11eb6091a80ecb160360a35b1fe1e6e2814a7be2b88dc952c4d8b1a5aadb9349add5867aceff503331fb152c31c3a
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
844 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
4b76b95b.9349f90
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010154ECECDD89B14CB93BE01C-08017F3D46EE2C10-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
114,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=93, origin; dur=27, inner; dur=23
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010154ECECDD89B14CB93BE01C
x-cache-remote
TCP_MISS from a23-52-15-109.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
27,23.52.15.109
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a25872f4e28cd0495c20466fa037aa58aab69851fddfb28f5e15cc44ac637ebd22557fa55f231ad4cda903a09dcb293068c8ac565570f5e0b5fc9770868d6d6980f73da1b6b36a9addde2bd2f35ade7ab4fd
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
842 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
38edfb21.9349f91
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2407040101547AA6D57F5B45D02C848A-40A4F6A648148EA6-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
123,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=99, origin; dur=31, inner; dur=28
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202407040101547AA6D57F5B45D02C848A
x-cache-remote
TCP_MISS from a23-220-104-6.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
31,23.220.104.6
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258524717449dced840f9a4e74b1c7dc819af8929fda0d429c33269b9e7fe6c55eba2903db8e70eccd4dd2895bc7c3b508a34c476addb7f6e77afdf6001d771f502a86abbd0a6ae6db92971f23a91198af8
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
842 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1e681da4.9349f92
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2407040101556548F8D0DD5BE934CCD0-104A50E566E2CBB6-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
151,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=128, origin; dur=60, inner; dur=54
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202407040101556548F8D0DD5BE934CCD0
x-cache-remote
TCP_MISS from a23-220-104-5.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
60,23.220.104.5
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a25881b1a845cf6262ea360ffb1c400f823f7d427fc91f0cae2952ad851b615057431decd72e263aec135319bbe510a5debef1504ebc333541ee84c33130e24cbe1d0cafe37d9a8c63f494a73aa18c2797df
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
844 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
2c22754b.9349f93
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010155914C1F2EA57E1A311293-7B7C7A949E6EEC24-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
115,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=145, origin; dur=19, inner; dur=17
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010155914C1F2EA57E1A311293
x-cache-remote
TCP_MISS from a23-220-104-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
19,23.220.104.7
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258809d9f3f77f71f3e55c044495b963e74b0835eb5e9ba4cc559437575c019987671c4395c3d842c7e665271e08fed68cad87175e5bb7fd3e964de65b553b4192d58ffd2d1235582f6138c4c03c6b55eff
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
841 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
bb8d398.9349f95
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010155F137161343532C4456E4-25F48E137F43F639-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
106,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=132, origin; dur=20, inner; dur=16
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010155F137161343532C4456E4
x-cache-remote
TCP_MISS from a23-48-200-10.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
20,23.48.200.10
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258a79c6fbbf0ed8df49e533fe4f060d86b1dd5ad6959630091824158f672d958abb5c8221d4f4c8ff13e3e8318d979a1b2b3f2fb8b27a18f45a87f2042b6ec62cbe260ad204a8ad0a35286aae923049cf6
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
840 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
69744495.9349f96
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010155101E06E41EC29D27629C-0090D2745D096E67-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
116,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=127, origin; dur=29, inner; dur=25
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010155101E06E41EC29D27629C
x-cache-remote
TCP_MISS from a23-52-15-112.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
29,23.52.15.112
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258f3bc6f243c25e0342a2b39bccb318c8694bb08ef9c82490b808d945769a206bada0f285a1cc1d579ff2ca1558418a8e92e68fa899130d32c873f6aafa49cce29cd564c890c98bed8f2f2142ad440d2a4
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
845 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
349ba105.9349f97
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010155DC49990FF6E490E1D77A-7EF69BFE31240533-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
233,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=155, origin; dur=131, inner; dur=128
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010155DC49990FF6E490E1D77A
x-cache-remote
TCP_MISS from a23-48-200-13.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
131,23.48.200.13
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a25837c33d4d423b72a3e372141566e44c6585960053fe17f52d2296a68eb667a41db1df2ab873e35eca72ff13ac80d7598b473457090be20f1da831107435aa510cf3249fdd8f55d2dc3703a0528cd191c2
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
main2.js
h.plerdy.com/public/js/click/ 		269 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://h.plerdy.com/public/js/click/main2.js?v=33
Requested by
Host: a.plerdy.com
URL: https://a.plerdy.com/public/js/click/main.js?v=0.8416571472663854
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bfc01c5497b70861a5b110f472a2c6291665711df36eb2425246f48dbfab489
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:54 GMT
strict-transport-security
max-age=31536000;
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
20
cf-polished
origSize=461309
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 01 Jul 2024 19:04:57 GMT
server
cloudflare
etag
W/"6682fdd9-709fd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DdxmfEf1UZ6Fg%2FIe39e%2B7%2BkVCjw4QibHvpHPiIOWsNRrEKi5q6Hqa%2BoSRZI3riiB8z2pxK5Q0fJu5vnFPmG%2BprsXClETW9G3GrUYSBWNIpv%2FHnC2XQiSRMZ%2BK9uupA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
89db2fd258e49f2e-FRA
expires
Thu, 04 Jul 2024 01:01:44 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
151 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-182438183-1&cid=136121451.1720054915&jid=1507742280&gjid=1669253120&_gid=1226386994.1720054915&npa=1&_u=YADAAUAAAAAAACAAI~&z=1248677857
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://internal.donefirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
3026948
vc.hotjar.io/sessions/ 		0
232 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/3026948?s=0.25&r=0.18491658860876137
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-74.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Thu, 04 Jul 2024 01:01:55 GMT
cache-control
no-store
via
1.1 3adffce7dd03a16d055927ad5fa7671a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P10
x-amz-cf-id
fiDAAucGJMENrJjcPzczzjWgq9Vov_1KCMHwuPseG1oY3sOMSrVCbQ==
x-cache
Miss from cloudfront
preact-incoming-feedback.8d825d8bb4192c0517a5.js
script.hotjar.com/ 		199 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/preact-incoming-feedback.8d825d8bb4192c0517a5.js
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-107.fra56.r.cloudfront.net
Software
/
Resource Hash
399e2acfd463d78e23bd01e18c42240d5184b1c73dcffafbe1879397fb14098d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 13:17:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
42287
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
45604
last-modified
Wed, 03 Jul 2024 13:16:48 GMT
etag
"b2b03a81ba8b84598810982a43e9c2c6"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
4dA34_mzBshkoZMiirqAHIIuhS7KRwEa70XLnIwoZdkcmO9_hqOx1w==
/
content.hotjar.io/ 		56 B
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.hotjar.io/?site_id=3026948&gzip=1
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.208.243.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-243-88.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e66808292bc499d78f9bb0e28eb22b1627bb6eaaf59f257d3d7aacade6d09b3a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
56
access-control-max-age
86400
content-type
application/json
event
widget.us.criteo.com/
Redirect Chain
  • https://sslwidget.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvpg&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3Z...
  • https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvpg&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3Z...
10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvpg&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=46d4d55d-578d-41de-b12d-1fb769b14693
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
74.119.117.16 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
44b201144ebe2ed6713b37a3ebbe9eef99aeed0657f1a912c65a9f5e467067a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Kestrel
content-type
application/x-javascript
access-control-allow-origin
*
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
8759962
timing-allow-origin
*
expires
0

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-origin
*
location
https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvpg&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=46d4d55d-578d-41de-b12d-1fb769b14693
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
12288740
timing-allow-origin
*
content-length
0
expires
0
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-182438183-1&cid=136121451.1720054915&jid=1507742280&npa=1&_u=YADAAUAAAAAAACAAI~&z=440067430
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-182438183-1&cid=136121451.1720054915&jid=1507742280&npa=1&_u=YADAAUAAAAAAACAAI~&z=440067430
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
p
tr.snapchat.com/ 		0
243 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
access-control-allow-origin
https://internal.donefirst.com
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
js
www.googletagmanager.com/gtag/ 		209 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-151876340-2&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9NN48N
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
3d3adeb96b9f97e636101415d27685603ee10a9eeb263918b3ab8e864c6c4ba0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76880
x-xss-protection
0
last-modified
Thu, 04 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 04 Jul 2024 01:01:55 GMT
profile
internal.donefirst.com/api/user/ 		61 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/api/user/profile
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
/
Resource Hash
624840550c5cacf930593bccf5e10e7e06c354ffdb2c6515d2a37db97b13cfd5

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://internal.donefirst.com/
patientCountry
us
timezone
Europe/Berlin
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61
content-type
application/json; charset=utf-8
font-hotjar_5.65042d.woff2
script.hotjar.com/ 		2 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/font-hotjar_5.65042d.woff2
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-107.fra56.r.cloudfront.net
Software
/
Resource Hash
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Origin
https://internal.donefirst.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 10 Sep 2023 20:18:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
25677791
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Fri, 08 Sep 2023 09:39:02 GMT
etag
"c9fb9163f8b7be37023ebe649688bebf"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
x-robots-tag
none
x-amz-cf-id
Hkfb96Zqx6CDCyWkistt9jYeSIgkYaBshE3lPpHTs5LgB5RRUZA_Mg==
mk42487381192255_v20223999999995.js
pixeltrack.clientgear.com/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixeltrack.clientgear.com/mk42487381192255_v20223999999995.js?
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
163.181.130.165 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
175f273fda2632180b89555b497dd46c26eaee7e8c498130a2ec469fb202d4af

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:39:36 GMT
via
cache2.l2de2[0,0,304-0,H], cache20.l2de2[1,0], cache20.l2de2[2,0], ens-cache9.de8[0,0,200-0,H], ens-cache2.de8[1,0]
content-encoding
gzip
last-modified
Sat, 15 Jun 2024 06:38:20 GMT
server
Tengine
age
37339
x-swift-cachetime
77877
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ali-swift-global-savetime
1720017576
content-type
application/javascript
x-cache
HIT TCP_HIT dirn:12:543377462
x-swift-savetime
Wed, 03 Jul 2024 17:01:39 GMT
timing-allow-origin
*
content-length
6426
eagleid
a3b5828617200549151158212e
save_statistic
h.plerdy.com/click/admin/ 		205 B
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://h.plerdy.com/click/admin/save_statistic
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35de42b2f8b1b2794394f6df1dc99d1145b3fdf21f7d3703d682a9b638ffc5c3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2FY1YZm%2BalvsEXFXkOPK5nKVqqlq35n5SBn8xT%2Fg5Gzh4PO8%2BI%2FfEgsbm6DbjznugHkjZSsC3m6%2BugJLzAlGZubhytbc%2BIvnIMhtRzCc3hZTrTIWTvliDqrcnro1OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, private
cf-ray
89db2fd3de8e8f32-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 04 Jul 2024 01:01:55 GMT
865118271708259
connect.facebook.net/signals/config/ 		31 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/865118271708259?v=2.9.160&r=stable&domain=internal.donefirst.com&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106%2C125%2C152%2C182%2C184%2C114%2C136%2C140%2C177%2C120%2C219%2C107%2C183%2C118%2C137%2C161%2C148%2C110%2C220%2C154%2C111%2C127%2C115%2C143
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
90b3cb512c84b622cd8be3f1b011388a150ddcd9f14474c71821dda35c87e9af
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 04 Jul 2024 01:01:55 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=4314, tp=9, tpl=0, uplat=77, ullat=0
pragma
public
x-fb-debug
B7samLft4sSHEBZKgJUtqc54pNaweIoBDkOVv4cV3C3LQwrHESn31qhoGNBTVv+x8VSQAxnmC9BKAZnXTU0b9A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=180371899699472&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com&rl=&if=false&ts=1720054915112&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4124&fbp=fb.1.1720054915110.353562782956873012&cs_est=true&pm=1&hrl=42dc31&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&tm=1&cs_cc=1&cas=7818288984958486%2C7864999303535005%2C24759454967031899%2C6730491137050805%2C7866829106666779%2C7902839299746293%2C7411158759002378%2C4840673112701589%2C6101706193254194%2C4841090345969264%2C4371929522886565%2C3500760763303829%2C2950321081757692%2C3102053186542837%2C3133685336722527%2C3495031623862522&rqm=GET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=37, rtx=0, c=10, mss=1297, tbw=2775, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jul 2024 01:01:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=180371899699472&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com&rl=&if=false&ts=1720054915112&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4124&fbp=fb.1.1720054915110.353562782956873012&cs_est=true&pm=1&hrl=42dc31&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&tm=1&cs_cc=1&cas=7818288984958486%2C7864999303535005%2C24759454967031899%2C6730491137050805%2C7866829106666779%2C7902839299746293%2C7411158759002378%2C4840673112701589%2C6101706193254194%2C4841090345969264%2C4371929522886565%2C3500760763303829%2C2950321081757692%2C3102053186542837%2C3133685336722527%2C3495031623862522&rqm=FGET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xc21e6b16d4d038ff","source_keys":["1","2"]},{"key_piece":"0x46add8fdd513399e","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 04 Jul 2024 01:01:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387579608120570828", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=3288, tp=-1, tpl=-1, uplat=125, ullat=0
pragma
no-cache
x-fb-debug
RhsB0zcnIKLDOAPyVDP/FRHdEKrbAIGCx5pOU5A5wpwspSjWOOOvhTMhEpXAmw0MavJ8+LyihoPYToaHrIw4Bw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387579608120570828"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
842 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
349baa16.934a234
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010155CA633F89D39A6323B650-4617700C6EABD01B-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
132,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=93, origin; dur=46, inner; dur=43
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010155CA633F89D39A6323B650
x-cache-remote
TCP_MISS from a23-48-200-13.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
47,23.48.200.13
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a25837c33d4d423b72a3e372141566e44c65cfed2d629c6ecb376307399c5098f445ac1cbe618b76308a12091e0e14e0c106c84daa2d2f464b9a1483f50d8bd810b336bc58a47a824b015ed65fd1594360d1
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
js
www.googletagmanager.com/gtag/ 		257 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-X30H8X2R3S&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-151876340-2&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
9d90df67dffd5b3b0d27646c7df88bd24dfb5edfb9d4fb72474073a6847609c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92485
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 04 Jul 2024 01:01:55 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=982336082&t=pageview&_s=1&dl=https%3A%2F%2Finternal.donefirst.com%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAUABAAAAACAAI~&jid=1024822690&gjid=1809605639&cid=136121451.1720054915&tid=UA-151876340-2&_gid=1226386994.1720054915&_r=1&gtm=457e4730za200zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&npa=1&z=2106865863
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://internal.donefirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
event
widget.us.criteo.com/
Redirect Chain
  • https://sslwidget.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis%26a%3D%255B101724%252C101724%255D&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYT...
  • https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis%26a%3D%255B101724%252C101724%255D&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYT...
10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis%26a%3D%255B101724%252C101724%255D&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22fbp%22%3A%22fb.1.1720054915110.353562782956873012%22%2C%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=411e9520-cc05-4b3d-a12b-27ebd9dda3d2
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
74.119.117.16 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
3f178ce7323be0aba0ab996c22b8646d8786044ba59027245d8d86a8321c88df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Kestrel
content-type
application/x-javascript
access-control-allow-origin
*
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
9999870
timing-allow-origin
*
expires
0

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-origin
*
location
https://widget.us.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis%26a%3D%255B101724%252C101724%255D&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22fbp%22%3A%22fb.1.1720054915110.353562782956873012%22%2C%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=411e9520-cc05-4b3d-a12b-27ebd9dda3d2
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3703706
timing-allow-origin
*
content-length
0
expires
0
track
event.clientgear.com/ 		0
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://event.clientgear.com/track?event=PageView&params=%7B%22event%22%3A%22PageView%22%2C%22referrer%22%3A%22%22%2C%22domain%22%3A%22internal.donefirst.com%22%2C%22pagurl%22%3A%22https%253A%252F%252Finternal.donefirst.com%252F%22%2C%22winwidh%22%3A1600%2C%22winheight%22%3A1200%2C%22uid%22%3A%22guest%22%2C%22timezone%22%3A%22UTC%2B2%22%2C%22time%22%3A%222024-7-4%203%3A1%3A55%22%2C%22mkPixelId%22%3A%2242487381192255%22%2C%22upc%22%3A%22287d5ac9-13fd-44c8-9c19-b897a6011e06%22%2C%22clientExtend%22%3Anull%2C%22uidCookie%22%3A%22v64mxz18ph1yenmv%26fst%3D1720054913012%26pst%3D-1%26cst%3D1720054913012%26ns%3D1%26pvt%3D1%26pvis%3D1%26th%3D%22%2C%22uidLocalStore%22%3A%22mk4ecbde69-2f61-4305-a92f-a97954aed93c%22%2C%22uidCanvas%22%3A%2281acf7f1%22%2C%22thirdCookie%22%3Atrue%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.252.78.131 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://internal.donefirst.com
date
Thu, 04 Jul 2024 01:01:55 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=UTF-8
is
52.71.121.170/ 		32 B
437 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://52.71.121.170/is
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.71.121.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-121-170.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
5a10f5522c22c065a7816dad2d489171c5e8e75c9008fec2f89a131a554b0641

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain;charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
1
connection
close
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
32
x-application-context
application:prod:8080
sync
x.bidswitch.net/
Redirect Chain
  • https://event.clientgear.com/re/bidswitch?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
  • https://x.bidswitch.net/sync?dsp_id=257&user_id=mkcf84bd239f4742578d9549a937328b10&expires=30&gdpr=1&gdpr_consent=COvFyGBOvFyGBAbAAAENAPCAAOAAAAAAAAAAAEEUACCKAAA.IFoEUQQgAIQwgIwQABAEAAAAOIAACAIAAAA...
43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=257&user_id=mkcf84bd239f4742578d9549a937328b10&expires=30&gdpr=1&gdpr_consent=COvFyGBOvFyGBAbAAAENAPCAAOAAAAAAAAAAAEEUACCKAAA.IFoEUQQgAIQwgIwQABAEAAAAOIAACAIAAAAQAIAgEAACEAAAAAgAQBAAAAAAAGBAAgAAAAAAAFAAECAAAgAAQARAEQAAAAAJAAIAAgAAAYQEAAAQmAgBC3ZAYzUw
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Server
35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
91.149.214.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 04 Jul 2024 01:01:55 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

location
https://x.bidswitch.net/sync?dsp_id=257&user_id=mkcf84bd239f4742578d9549a937328b10&expires=30&gdpr=1&gdpr_consent=COvFyGBOvFyGBAbAAAENAPCAAOAAAAAAAAAAAEEUACCKAAA.IFoEUQQgAIQwgIwQABAEAAAAOIAACAIAAAAQAIAgEAACEAAAAAgAQBAAAAAAAGBAAgAAAAAAAFAAECAAAgAAQARAEQAAAAAJAAIAAgAAAYQEAAAQmAgBC3ZAYzUw
date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
google
event.clientgear.com/re/ 		0
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://event.clientgear.com/re/google?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.252.78.131 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
yeahmobi
s.seedtag.com/cs/cookiesync/
Redirect Chain
  • https://event.clientgear.com/re/seedtag?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
  • https://s.seedtag.com/cs/cookiesync/yeahmobi?channeluid=mkcf84bd239f4742578d9549a937328b10
0
284 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.seedtag.com/cs/cookiesync/yeahmobi?channeluid=mkcf84bd239f4742578d9549a937328b10
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
34.149.50.64 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
via
1.1 google
access-control-allow-credentials
true
server
openresty
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD

Redirect headers

location
https://s.seedtag.com/cs/cookiesync/yeahmobi?channeluid=mkcf84bd239f4742578d9549a937328b10
date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
aceexchange
usersycn.clientgear.com/mcm/
Redirect Chain
  • https://event.clientgear.com/re/aceexchange?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
  • https://cm-exchange.toast.com/bi/pixel?cm_pid=1272375336&toast_push&cm_puid=mkcf84bd239f4742578d9549a937328b10
  • https://usersycn.clientgear.com/mcm/aceexchange?partner=aceexchange&pid=HZDMEX7EC7DGCF1E62Z5R6MIA
0
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersycn.clientgear.com/mcm/aceexchange?partner=aceexchange&pid=HZDMEX7EC7DGCF1E62Z5R6MIA
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H2
Server
47.252.78.131 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:56 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers

Redirect headers

Location
https://usersycn.clientgear.com/mcm/aceexchange?partner=aceexchange&pid=HZDMEX7EC7DGCF1E62Z5R6MIA
Date
Thu, 04 Jul 2024 01:01:56 GMT
Cache-Control
no-cache
Server
nginx
Connection
close
Content-Length
0
P3P
CP="NON DSP LAW CURa ADMa DEVa OUR BUS IND COM NAV INT"
bh
event.clientgear.com/re/ 		0
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://event.clientgear.com/re/bh?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.252.78.131 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://event.clientgear.com/re/openx?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
  • https://us-u.openx.net/w/1.0/sd?id=539749039&val=mkcf84bd239f4742578d9549a937328b10&r=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Db9071f04-2c81-48e8-adce-1efcd76f9add%26r%3Dhttps%253A%252F%2...
0
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=539749039&val=mkcf84bd239f4742578d9549a937328b10&r=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Db9071f04-2c81-48e8-adce-1efcd76f9add%26r%3Dhttps%253A%252F%252Fusersycn.clientgear.com%252Fcookie%252Fopenx%253Fpartner%253Dopenx%2526uid%253Dmkcf84bd239f4742578d9549a937328b10%2526cookieid%253D
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
via
1.1 google
server
OXGW/0.0.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
vary
Accept
content-type
image/gif

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=539749039&val=mkcf84bd239f4742578d9549a937328b10&r=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Db9071f04-2c81-48e8-adce-1efcd76f9add%26r%3Dhttps%253A%252F%252Fusersycn.clientgear.com%252Fcookie%252Fopenx%253Fpartner%253Dopenx%2526uid%253Dmkcf84bd239f4742578d9549a937328b10%2526cookieid%253D
date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
/
s.ad.smaato.net/c/
Redirect Chain
  • https://event.clientgear.com/re/smaato?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
  • https://s.ad.smaato.net/c/?dspInit=1001409&dspCookie=mkcf84bd239f4742578d9549a937328b10
0
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.ad.smaato.net/c/?dspInit=1001409&dspCookie=mkcf84bd239f4742578d9549a937328b10
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
2600:9000:211e:d400:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
cache-control
no-cache, must-revalidate
via
1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
RXKGZMYaUnuX_vcvMJUQqCJU4NxckFUsz1hkKXA-1U-Kpod9hy4l4g==
x-cache
Miss from cloudfront

Redirect headers

location
https://s.ad.smaato.net/c/?dspInit=1001409&dspCookie=mkcf84bd239f4742578d9549a937328b10
date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
/
csync.loopme.me/
Redirect Chain
  • https://event.clientgear.com/re/loopme?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
  • https://csync.loopme.me/?partner_id=158&uid=mkcf84bd239f4742578d9549a937328b10
0
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://csync.loopme.me/?partner_id=158&uid=mkcf84bd239f4742578d9549a937328b10
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
35.214.219.158 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
158.219.214.35.bc.googleusercontent.com
Software
_ /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
server
_

Redirect headers

location
https://csync.loopme.me/?partner_id=158&uid=mkcf84bd239f4742578d9549a937328b10
date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
/
sync.taboola.com/sg/yeahmobidsprtb-network/1/rtb-h/
Redirect Chain
  • https://event.clientgear.com/re/taboola?uid=mk4ecbde69-2f61-4305-a92f-a97954aed93c
  • https://sync.taboola.com/sg/yeahmobidsprtb-network/1/rtb-h/?taboola_hm=mkcf84bd239f4742578d9549a937328b10
0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yeahmobidsprtb-network/1/rtb-h/?taboola_hm=mkcf84bd239f4742578d9549a937328b10
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
44764

Redirect headers

location
https://sync.taboola.com/sg/yeahmobidsprtb-network/1/rtb-h/?taboola_hm=mkcf84bd239f4742578d9549a937328b10
date
Thu, 04 Jul 2024 01:01:55 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p
tr6.snapchat.com/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr6.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
via
1.1 google
server
API Gateway
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
collect
q.clarity.ms/ 		0
286 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://q.clarity.ms/collect
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/x-clarity-gzip
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://internal.donefirst.com
Date
Thu, 04 Jul 2024 01:01:55 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-X30H8X2R3S&gtm=45je4730v9125324441za200&_p=1720054914224&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=136121451.1720054915&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&dp=%2F&sid=1720054915&sct=1&seg=0&dl=https%3A%2F%2Finternal.donefirst.com%2F&dt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&en=page_view&_fv=1&_ss=1&tfd=2794&_z=fetch
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://internal.donefirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
plerdy_seo_rules.js
a.plerdy.com/public/screens/48187/ 		26 B
548 B 		Script
General
Check archive.org
Download Go to
Full URL
https://a.plerdy.com/public/screens/48187/plerdy_seo_rules.js?v=0.6212725063182241
Requested by
Host: h.plerdy.com
URL: https://h.plerdy.com/public/js/click/main2.js?v=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2a2154dcdbc3b983dfc718e54c8838bda689957f9e230588c17a6b6016fd9fc

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 15 Mar 2024 10:16:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f41fe9-1a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=haNjI3Y1s3RPL1tKyhqjiZoY7k8Yh8kvppmm%2BtPmhZ79XrOf9AXmC4kOWHhoFNJzdl4avqc8YOzDinza%2F6yum8pr%2FXAmXw38C9fAk28SVnYwRiMSyhIuG3xmBrxSeg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
89db2fd46bca9f2e-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
plerdy_video_rules.js
a.plerdy.com/public/screens/48187/ 		897 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.plerdy.com/public/screens/48187/plerdy_video_rules.js?v=0.8426570934627546
Requested by
Host: h.plerdy.com
URL: https://h.plerdy.com/public/js/click/main2.js?v=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3afe8cff71e83f9c245858398fdceb2b8074c4fecd6e7e945c15d3484b79f96

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 15 Mar 2024 10:16:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f41fe9-381"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7INrWzULPPwRDf81kU6txCEvKO7iub0Eg5e8Kx8XIEddoWQfFe1NxnThbmHMS6O86FWmDQTGKDyeQmvSWham285jUtvmyGg%2Bhj2V5%2FgHw%2F1BZjuEDVI3tcdSnqIn3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
89db2fd46bce9f2e-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
plerdy_ga_events.js
a.plerdy.com/public/screens/48187/ 		911 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.plerdy.com/public/screens/48187/plerdy_ga_events.js?v=0.10562185371597232
Requested by
Host: h.plerdy.com
URL: https://h.plerdy.com/public/js/click/main2.js?v=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
613e55eeedad6144284986ac495323da078b2b0d7851af6133241c6b11d41d49

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 15 Mar 2024 10:16:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f41fe9-38f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSrrVMh6P2nduJlehbLMtDcz4vALffBjAYLGQFyFA%2FzLO904CkquXZZ1B0YC7WwUYbF1XQ8eFuH6NtKk4f9CZpm8Oz6FUgxr9HPnLJ5dku4cpKzVSoPiGrFNUPddKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
89db2fd46bd39f2e-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
data_plerdy_form.js
a.plerdy.com/public/screens/48187/data/ 		945 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.plerdy.com/public/screens/48187/data/data_plerdy_form.js?v=0.9576465159668472
Requested by
Host: h.plerdy.com
URL: https://h.plerdy.com/public/js/click/main2.js?v=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb46a5b4c71fa12212ab17cae7f2251d26ad1da4f1abb32fd837aef873d5c1a7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 15 Mar 2024 10:16:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f41fe9-3b1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtGzAOf53ZTIxa8%2F7dfccqTshIzjaT6eQiOt9LOSRdOb83GIxu0G5AEnJbGehoeBTw3%2FLEuAmVw5KQr8%2FEO33H8g%2Ft06jx6MqGKx0tiJMk0KkVYPy4147ebNhi%2B6tg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
89db2fd46bd69f2e-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
www.facebook.com/tr/ 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=865118271708259&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com%2F&rl=&if=false&ts=1720054915251&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720054915110.353562782956873012&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&tm=1&rqm=GET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=3141, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jul 2024 01:01:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=865118271708259&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com%2F&rl=&if=false&ts=1720054915251&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720054915110.353562782956873012&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&tm=1&rqm=FGET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x732ffae0cd35d086","source_keys":["1","2"]},{"key_piece":"0x5b0be9acd04ad6b5","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 04 Jul 2024 01:01:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387579609392290094", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=6486, tp=-1, tpl=-1, uplat=106, ullat=0
pragma
no-cache
x-fb-debug
Xl61GcG15X7bMOQD0l4Fm6oQO7d4f/XknjXxF5Gs4QcK7Jfo5HVKSgYRCzG34Kk+Qj4Sk4lu5gfS2qqzuR33AQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387579609392290094"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
ip
h.plerdy.com/click/ 		37 B
526 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://h.plerdy.com/click/ip?params=%7B%0A%20%20%22site_url%22%3A%20%22internal.donefirst.com%22%2C%0A%20%20%22ip_visitor%22%3A%20%22%22%2C%0A%20%20%22position%22%3A%20%5B%5D%2C%0A%20%20%22page_url%22%3A%20%22https%3A%2F%2Finternal.donefirst.com%2F%22%2C%0A%20%20%22user_hash%22%3A%20%22083758ee1dd1cae47743d85efb28c36c%22%2C%0A%20%20%22suid%22%3A%2048187%2C%0A%20%20%22plerdy_url%22%3A%20%22https%3A%2F%2Fa.plerdy.com%2Fclick%2F%22%2C%0A%20%20%22device%22%3A%20%22desktop%22%2C%0A%20%20%22cookie_form%22%3A%20%22%22%2C%0A%20%20%22doingrequest%22%3A%200%2C%0A%20%20%22tag_name%22%3A%20%5B%5D%2C%0A%20%20%22el_on_click%22%3A%20%5B%5D%2C%0A%20%20%22class_name%22%3A%20%5B%5D%2C%0A%20%20%22node_number%22%3A%20%5B%5D%2C%0A%20%20%22click_number%22%3A%20%5B%5D%2C%0A%20%20%22reserve_selector%22%3A%20%5B%5D%2C%0A%20%20%22class_list%22%3A%20%5B%5D%2C%0A%20%20%22id_list%22%3A%20%5B%5D%2C%0A%20%20%22dom_levels%22%3A%20%5B%5D%2C%0A%20%20%22page_title%22%3A%20%22Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You%22%2C%0A%20%20%22plerdy_url0%22%3A%20%22https%3A%2F%2Fa.plerdy.com%2F%22%2C%0A%20%20%22plerdy_url_live%22%3A%20%22https%3A%2F%2Fa.plerdy.com%2F%22%2C%0A%20%20%22plerdy_url_save%22%3A%20%22https%3A%2F%2Fh.plerdy.com%2Fclick%2F%22%2C%0A%20%20%22plerdy_url_save_test%22%3A%20%22https%3A%2F%2Fh.plerdy.com%2Fclick_test%2F%22%2C%0A%20%20%22traffic_source%22%3A%20%22direct%22%2C%0A%20%20%22id_page%22%3A%204033%2C%0A%20%20%22country_code%22%3A%20%22DE%22%0A%7D&cooki=%5B%5D&ip_a=1
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f1b249d377f954a037e7d633bc97feceb93c5c3da8b2cad800c8282d667de51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
strict-transport-security
max-age=31536000;
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ei7hzvM44k4ofPYHhWRX%2F2Ihz2cxUKcxNUxQzbp39Nu0tzE4FbNY4jIKzvhPGlcPtxSEeZk6SQOVyV%2BGSqXXhcxJC1ByiwQHuhsus6l8IDpzK%2BzQvFRz84tWe8ZjPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0
cf-apo-via
origin,host
cf-ray
89db2fd4df458f32-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 04 Jul 2024 01:01:55 GMT
p
tr.snapchat.com/ 		0
44 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via
1.1 google
server
API Gateway
access-control-allow-origin
https://internal.donefirst.com
x-envoy-upstream-service-time
0
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
collect
q.clarity.ms/ 		0
286 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.34/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://internal.donefirst.com
Date
Thu, 04 Jul 2024 01:01:55 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
0
bat.bing.com/actionp/ 		0
121 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/actionp/0?ti=97055290&Ver=2&mid=4a95b24d-afd7-472e-a1c0-c7ea1cbc9cbd&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=1&msclkid=N&evt=pageHide
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0349C616A2084AA4AD9FF0006E49324C Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:55Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/actionp/ 		0
121 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/actionp/0?ti=97055290&Ver=2&mid=58ba6b4e-16ad-47a5-9e6b-2f58feb9f2fb&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&evt=pageHide
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5C79D62615494D9C852919334C9C1159 Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:55Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/actionp/ 		0
122 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/actionp/0?ti=343123620&Ver=2&mid=c64029ea-68b6-461a-a171-698b6234bce0&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&evt=pageHide
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 189C9EF9740F4CA985442DBACD16FB28 Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:55Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
px.ads.linkedin.com/wa/ 		0
143 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Accept
*
Referer
https://internal.donefirst.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 093F1522C31E40F0811A73BE0909E25F Ref B: FRAEDGE2006 Ref C: 2024-07-04T01:01:55Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
access-control-allow-origin
https://internal.donefirst.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYcYX47vqZP/KtApD6H9w==
0
bat.bing.com/action/ 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=97055290&Ver=2&mid=b34be413-aec7-480d-93f1-3ecfb1ea5be6&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&page_path=%2Fv2%2Flogin&spa=Y&p=https%3A%2F%2Finternal.donefirst.com%2Fv2%2Flogin&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&kw=done%20treatment,%20done%20adhd,%20done%20first,%20add%20treatment%20los%20angeles,%20add%20treatment%20san%20francisco,%20add%20treatment%20san%20diego,%20adhd%20treatment,%20dextroamphetamine,%20add%20assessment,%20vyvance%20effect,%20adult%20add%20diagnosis,%20adhd%20treatment%20los%20angeles,%20adhd%20treatment%20san%20francisco,%20adhd%20treatment%20san%20diego,%20psychiatrist%20san%20diego,%20psychiatrist%20san%20francisco,%20psychiatrist%20los%20angeles,%20mental%20health%20help%20online,%20online%20adhd%20help,%20adult%20attention%20deficit,%20online%20psychiatrist,%20vyvanse%20price,%20adderall%20price,%20adderall%20XR%20side%20effect,%20adderall%20XR%20price&r=https%3A%2F%2Finternal.donefirst.com%2F&evt=pageLoad&sv=1&rn=253743
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 91E47F548905447D993ADEB406E0191E Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:55Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/ 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=97055290&Ver=2&mid=4d0ac8b5-e37c-462d-8ce8-bd94928590d7&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&page_path=%2Fv2%2Flogin&spa=Y&p=https%3A%2F%2Finternal.donefirst.com%2Fv2%2Flogin&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&kw=done%20treatment,%20done%20adhd,%20done%20first,%20add%20treatment%20los%20angeles,%20add%20treatment%20san%20francisco,%20add%20treatment%20san%20diego,%20adhd%20treatment,%20dextroamphetamine,%20add%20assessment,%20vyvance%20effect,%20adult%20add%20diagnosis,%20adhd%20treatment%20los%20angeles,%20adhd%20treatment%20san%20francisco,%20adhd%20treatment%20san%20diego,%20psychiatrist%20san%20diego,%20psychiatrist%20san%20francisco,%20psychiatrist%20los%20angeles,%20mental%20health%20help%20online,%20online%20adhd%20help,%20adult%20attention%20deficit,%20online%20psychiatrist,%20vyvanse%20price,%20adderall%20price,%20adderall%20XR%20side%20effect,%20adderall%20XR%20price&r=https%3A%2F%2Finternal.donefirst.com%2F&evt=pageLoad&sv=1&rn=893583
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B877E441C32B42279FDD15D4743830F9 Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:55Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/ 		0
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=343123620&Ver=2&mid=eab7e0bc-cb1a-46d0-9e7b-251f825d6b52&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&page_path=%2Fv2%2Flogin&spa=Y&p=https%3A%2F%2Finternal.donefirst.com%2Fv2%2Flogin&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&kw=done%20treatment,%20done%20adhd,%20done%20first,%20add%20treatment%20los%20angeles,%20add%20treatment%20san%20francisco,%20add%20treatment%20san%20diego,%20adhd%20treatment,%20dextroamphetamine,%20add%20assessment,%20vyvance%20effect,%20adult%20add%20diagnosis,%20adhd%20treatment%20los%20angeles,%20adhd%20treatment%20san%20francisco,%20adhd%20treatment%20san%20diego,%20psychiatrist%20san%20diego,%20psychiatrist%20san%20francisco,%20psychiatrist%20los%20angeles,%20mental%20health%20help%20online,%20online%20adhd%20help,%20adult%20attention%20deficit,%20online%20psychiatrist,%20vyvanse%20price,%20adderall%20price,%20adderall%20XR%20side%20effect,%20adderall%20XR%20price&r=https%3A%2F%2Finternal.donefirst.com%2F&evt=pageLoad&sv=1&rn=189373
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: BB2602CE2BBA473596F20AFB48DC769B Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:55Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
q.quora.com/_/ad/535d353f6371448aaed39c670a9641a4/ 		43 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q.quora.com/_/ad/535d353f6371448aaed39c670a9641a4/pixel?j=1&u=https%3A%2F%2Finternal.donefirst.com%2Fv2%2Flogin&tag=ViewContent&ts=1720054915411&i=gtm
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.71.218.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-218-52.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 04 Jul 2024 01:01:55 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Server
nginx
Connection
keep-alive
Content-Length
43
X-Q-Stat
,65c6af2786b1636956163967bf136106,10.0.0.13,28040,80.255.7.103,,259135208585,1,1720054915.477,0.002,,.,0,0,0.000,0.000,-,0,0,203,147,73,10,34729,,,,,,-,
Content-Type
image/gif
/
www.facebook.com/tr/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=180371899699472&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com&rl=&if=false&ts=1720054915413&sw=1600&sh=1200&v=2.9.160&r=stable&ec=1&o=4124&fbp=fb.1.1720054915110.353562782956873012&cs_est=true&pm=1&hrl=0a9842&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&cs_cc=1&cas=7818288984958486%2C7864999303535005%2C24759454967031899%2C6730491137050805%2C7866829106666779%2C7902839299746293%2C7411158759002378%2C4840673112701589%2C6101706193254194%2C4841090345969264%2C4371929522886565%2C3500760763303829%2C2950321081757692%2C3102053186542837%2C3133685336722527%2C3495031623862522&rqm=GET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=4317, tp=9, tpl=0, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jul 2024 01:01:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=180371899699472&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com&rl=&if=false&ts=1720054915413&sw=1600&sh=1200&v=2.9.160&r=stable&ec=1&o=4124&fbp=fb.1.1720054915110.353562782956873012&cs_est=true&pm=1&hrl=0a9842&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&cs_cc=1&cas=7818288984958486%2C7864999303535005%2C24759454967031899%2C6730491137050805%2C7866829106666779%2C7902839299746293%2C7411158759002378%2C4840673112701589%2C6101706193254194%2C4841090345969264%2C4371929522886565%2C3500760763303829%2C2950321081757692%2C3102053186542837%2C3133685336722527%2C3495031623862522&rqm=FGET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xc21e6b16d4d038ff","source_keys":["1","2"]},{"key_piece":"0x46add8fdd513399e","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 04 Jul 2024 01:01:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387579607856082816", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=8109, tp=18, tpl=0, uplat=50, ullat=0
pragma
no-cache
x-fb-debug
5E7fPKQXDkWEqoLPLH5ix1ft3cZYawAO7bN+N89zKeLCoCscFbbaenpVEpnXsom+39p4L/1CpYeZeIsW/WW7Vg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387579607856082816"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=865118271708259&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com%2Fv2%2Flogin&rl=&if=false&ts=1720054915414&sw=1600&sh=1200&v=2.9.160&r=stable&ec=1&o=4126&fbp=fb.1.1720054915110.353562782956873012&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&rqm=GET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=4733, tp=13, tpl=0, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jul 2024 01:01:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=865118271708259&ev=PageView&dl=https%3A%2F%2Finternal.donefirst.com%2Fv2%2Flogin&rl=&if=false&ts=1720054915414&sw=1600&sh=1200&v=2.9.160&r=stable&ec=1&o=4126&fbp=fb.1.1720054915110.353562782956873012&ler=empty&cdl=API_unavailable&it=1720054914745&coo=false&rqm=FGET
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x732ffae0cd35d086","source_keys":["1","2"]},{"key_piece":"0x5b0be9acd04ad6b5","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 04 Jul 2024 01:01:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387579608647254393", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=4925, tp=15, tpl=0, uplat=43, ullat=0
pragma
no-cache
x-fb-debug
4DA1+sgIkUiXS+c+mfxXLzr9vUaZce4qHmyiDjagvxaMcd/N5DWQzANLZxR30z7o8nIeBaYOWHlmoJeJ6IjzDQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387579608647254393"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=982336082&t=pageview&_s=2&dl=https%3A%2F%2Finternal.donefirst.com%2F&dp=%2Fv2%2Flogin&ul=de-de&de=UTF-8&dt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aBDAAUABAAAAACAAI~&jid=&gjid=&cid=136121451.1720054915&tid=UA-151876340-2&_gid=1226386994.1720054915&gtm=457e4730za200zb834275605&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&npa=1&z=116364409
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 03 Jul 2024 15:17:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
35077
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
logo.svg
internal.donefirst.com/assets/img/v2/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://internal.donefirst.com/assets/img/v2/logo.svg
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
6fa19bcd07b8227b2626d4d0de7b85292148349278b1689595b6e37b18226b6c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/v2/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-b64"
content-type
image/svg+xml
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2916
google_logo.png
internal.donefirst.com/assets/img/ 		750 B
767 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://internal.donefirst.com/assets/img/google_logo.png
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
ef1acf313c9114686d7744ed646f52b2ebe93db99bdc94890645e916fd81a400

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/v2/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-2ee"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
750
profile
internal.donefirst.com/api/user/ 		61 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/api/user/profile
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
/
Resource Hash
624840550c5cacf930593bccf5e10e7e06c354ffdb2c6515d2a37db97b13cfd5

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://internal.donefirst.com/v2/login
patientCountry
us
timezone
Europe/Berlin
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61
content-type
application/json; charset=utf-8
pixel
analytics.tiktok.com/api/v2/ 		0
846 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
41b05395.934a4f3
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24070401015509B0D8872D9A22424337-0A9B755C4859A85E-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
347,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=96, origin; dur=259, inner; dur=256
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024070401015509B0D8872D9A22424337
x-cache-remote
TCP_MISS from a23-220-104-24.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
260,23.220.104.24
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258139d1452e4e83434dfbfad0575f7a098c27e8292db8f189d9d47bc8cc1814cbacd0886a773f60f7d73d145b408086d6ecff316859448e9d0a4822905bf3814825f8a1dd2f64d678f44351c66bd354f13
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
846 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
a2ec2321.934a4f4
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-240704010155D3D1D035328DB535E85B-07F4FC6248D3AA77-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
348,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=108, origin; dur=246, inner; dur=241
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20240704010155D3D1D035328DB535E85B
x-cache-remote
TCP_MISS from a23-220-104-203.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
247,23.220.104.203
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a2589b0da109b0815f8ac166ae59500511238ad14a6879e8564094bd669f73632d51176c1931f4a7c62bd9239e739f0e12fed026beace4ea3a1b4cdbe2c7d997d47d86bb5ddca1d979dcf04cd2bddcdcb613
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
843 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
41b053e8.934a4f5
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24070401015587D55F877301202DDA27-1777F6EB7814F82E-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
111,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=94, origin; dur=23, inner; dur=17
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024070401015587D55F877301202DDA27
x-cache-remote
TCP_MISS from a23-220-104-24.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
23,23.220.104.24
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a258139d1452e4e83434dfbfad0575f7a098906f560cee7b5eb7face48a2f8c3f9524c71dea4e693951d7a9604e0a68143435b77ae1ca02d4c3b80248732e2b3717b1d88b8d15cd61ec18e98b059263315d2
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
845 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.161.217 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-213-161-217.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
82a06043.934a4f6
date
Thu, 04 Jul 2024 01:01:55 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24070401015523FC531D63DB6339C14A-027038F52AFEFB25-00
x-cache
TCP_MISS from a23-213-160-217.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time
117,23.213.160.217
server-timing
cdn-cache; desc=MISS, edge; dur=96, origin; dur=30, inner; dur=21
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2024070401015523FC531D63DB6339C14A
x-cache-remote
TCP_MISS from a23-220-104-204.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
30,23.220.104.204
x-tt-trace-host
01f6bb0cf4844e897ed9b879250ec23f0f8cc1f36300aa468eae4dbee35619a25889bc6928079186e0533d86b4f2a35125940073e64fbb24f932db22fb3d00bf2da92cf3c7de9a6888e8bb7c0fd748e50bfeb3d341f45881b620b467a40cab1a0834f034d4879a5af1e64aaab4e8a76ca1
access-control-allow-headers
Authorization,*
expires
Thu, 04 Jul 2024 01:01:55 GMT
register-trigger
measurement-api.criteo.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://measurement-api.criteo.com/register-trigger?partner_id=101724&uid=8d56bf16-48e2-4727-affd-1030b5391507&event_name=Page&islcc=0&amount_local=0&amount_euro=0&client_side_event_id=46d4d55d-578d-41de-b12d-1fb769b14693
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::19 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0","priority":"0"}],"debug_key":"1123789874761570877","debug_reporting":true,"aggregatable_values":{},"aggregatable_source_registration_time":"include"}
strict-transport-security
max-age=31536000; preload;
server
Kestrel
vary
Origin
access-control-allow-origin
https://internal.donefirst.com
access-control-allow-credentials
true
content-length
0
register-trigger
measurement-api.criteo.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://measurement-api.criteo.com/register-trigger?partner_id=101724&uid=8d56bf16-48e2-4727-affd-1030b5391507&event_name=Page&islcc=0&amount_local=0&amount_euro=0&client_side_event_id=411e9520-cc05-4b3d-a12b-27ebd9dda3d2
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::19 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:55 GMT
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0","priority":"0"}],"debug_key":"10542461467028310697","debug_reporting":true,"aggregatable_values":{},"aggregatable_source_registration_time":"include"}
strict-transport-security
max-age=31536000; preload;
server
Kestrel
vary
Origin
access-control-allow-origin
https://internal.donefirst.com
access-control-allow-credentials
true
content-length
0
0
bat.bing.com/action/ 		0
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=343123620&Ver=2&mid=eab7e0bc-cb1a-46d0-9e7b-251f825d6b52&sid=011be2a039a111ef9b1aede537665bf5&vid=011bd78039a111ef8a99a3433afde145&vids=0&msclkid=N&ea=NewViewPhoneSignInV2&en=Y&p=https%3A%2F%2Finternal.donefirst.com%2Fv2%2Flogin&sw=1600&sh=1200&sc=24&evt=custom&rn=15479
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/v2/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 04 Jul 2024 01:01:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: BDD1B64E3B3A4A7AB52E83664C53BDAD Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:55Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
event_tracking
internal.donefirst.com/api/ 		0
12 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/api/event_tracking
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://internal.donefirst.com/v2/login
patientCountry
us
timezone
Europe/Berlin
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Thu, 04 Jul 2024 01:01:55 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
access-control-allow-methods
GET,POST,PUT,DELETE
st
px.mountain.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://px.mountain.com/st?ga_tracking_id=G-4PBKP8YN1D&ga_client_id=136121451.1720054915&shpt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-4PBKP8YN1D%22%2C%22ga_client_id%22%3A%22136121451.1720054915%22%2C%22shpt%22%3A%22Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You%22%2C%22dcm_cid%22%3A%221720054914.1%22%2C%22dcm_gid%22%3A%221226386994.1720054915%22%2C%22mntnis%22%3A%22niX4bbmVQoWTLztsscR45syjKTpQnAoa%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A5%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1720054914.1&dcm_gid=1226386994.1720054915&available_ga=%5B%7B%22id%22%3A%22G-4PBKP8YN1D%22%2C%22sess_id%22%3A%221720054914%22%7D%2C%7B%22id%22%3A%22G-X30H8X2R3S%22%2C%22sess_id%22%3A%221720054915%22%7D%2C%7B%22id%22%3A%22UA-151876340-2%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22UA-182438183-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-4PBKP8YN1D&dxver=4.0.0&shaid=37716&plh=https%3A%2F%2Finternal.donefirst.com%2F&cb=54760518575743020term%3Dvalue&shadditional=googletagmanager%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue%2Ccriteo%3Dtrue&shoid=136121451.1720054915
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=37716&tdr=&plh=https%3A%2F%2Finternal.donefirst.com%2F&cb=54760518575743020term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.37.218.4 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-37-218-4.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
54231f83b140394456ed44f982621af3b60588a89210e8e1aa83cc371ac5d0aa

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:56 GMT
content-encoding
gzip
server
istio-envoy
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time
1
connection
close
collect
q.clarity.ms/ 		0
286 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://q.clarity.ms/collect
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/x-clarity-gzip
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://internal.donefirst.com
Date
Thu, 04 Jul 2024 01:01:55 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
/
ariane.abtasty.com/ 		43 B
98 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ariane.abtasty.com/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 04 Jul 2024 01:01:55 GMT
x-envoy-decorator-operation
entrypoint.workload.svc.cluster.local:8080/*
via
1.1 google
access-control-allow-methods
GET,HEAD,POST
content-type
image/gif
access-control-allow-origin
https://internal.donefirst.com
cache-control
must-revalidate, no-cache, private
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Origin,Accept,Set-Cookie,X-ABTasty-CrossDomain
content-length
43
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
metrics
unleash.donefirst.com/proxy/client/ 		2 B
225 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://unleash.donefirst.com/proxy/client/metrics
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/vendor.2a2e87513c9ce7c3c0b8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.94.155.128 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
128.155.94.34.bc.googleusercontent.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
U0cuRklOMTBPZ1JUcENOWWwxNS13TUc5dy53TllzYXNkYXNk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://internal.donefirst.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:56 GMT
strict-transport-security
max-age=15724800; includeSubDomains
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
content-length
2
metrics
unleash.donefirst.com/proxy/client/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://unleash.donefirst.com/proxy/client/metrics
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.94.155.128 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
128.155.94.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://internal.donefirst.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
authorization,content-type
access-control-allow-methods
POST,GET,PUT,DELETE,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
ETag
access-control-max-age
172800
content-length
0
date
Thu, 04 Jul 2024 01:01:56 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Access-Control-Request-Headers
gs
gs.mountain.com/ 		144 B
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gs.mountain.com/gs
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-4PBKP8YN1D&ga_client_id=136121451.1720054915&shpt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-4PBKP8YN1D%22%2C%22ga_client_id%22%3A%22136121451.1720054915%22%2C%22shpt%22%3A%22Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You%22%2C%22dcm_cid%22%3A%221720054914.1%22%2C%22dcm_gid%22%3A%221226386994.1720054915%22%2C%22mntnis%22%3A%22niX4bbmVQoWTLztsscR45syjKTpQnAoa%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A5%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1720054914.1&dcm_gid=1226386994.1720054915&available_ga=%5B%7B%22id%22%3A%22G-4PBKP8YN1D%22%2C%22sess_id%22%3A%221720054914%22%7D%2C%7B%22id%22%3A%22G-X30H8X2R3S%22%2C%22sess_id%22%3A%221720054915%22%7D%2C%7B%22id%22%3A%22UA-151876340-2%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22UA-182438183-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-4PBKP8YN1D&dxver=4.0.0&shaid=37716&plh=https%3A%2F%2Finternal.donefirst.com%2F&cb=54760518575743020term%3Dvalue&shadditional=googletagmanager%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue%2Ccriteo%3Dtrue&shoid=136121451.1720054915
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.12.117.226 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-12-117-226.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
28ee60a8b952824969158d7813ada0f9fe8e2b1776c6baaa5b593b5820f781e1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:57 GMT
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control
public, max-age=31536000
x-envoy-upstream-service-time
1
connection
close
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
144
x-application-context
application:prod:8080
/
us.i.posthog.com/i/v0/e/ 		15 B
248 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://us.i.posthog.com/i/v0/e/?ip=1&_=1720054917221&ver=1.121.1&compression=gzip-js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.224.91.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-224-91-174.compute-1.amazonaws.com
Software
envoy /
Resource Hash
0c40bafcfdc8adc6db63a6a5bfdb3dd5201798e6163fc674dc2fcbdb2a4134f1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 04 Jul 2024 01:01:57 GMT
server
envoy
vary
origin, access-control-request-method, access-control-request-headers
content-type
application/json
access-control-allow-origin
https://internal.donefirst.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
69
content-length
15
st
px.mountain.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://px.mountain.com/st?ga_tracking_id=G-4PBKP8YN1D&ga_client_id=136121451.1720054915&shpt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-4PBKP8YN1D%22%2C%22ga_client_id%22%3A%22136121451.1720054915%22%2C%22shpt%22%3A%22Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You%22%2C%22dcm_cid%22%3A%221720054914.1%22%2C%22dcm_gid%22%3A%221226386994.1720054915%22%2C%22mntnis%22%3A%22niX4bbmVQoWTLztsscR45syjKTpQnAoa%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A5%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1720054914.1&dcm_gid=1226386994.1720054915&available_ga=%5B%7B%22id%22%3A%22G-4PBKP8YN1D%22%2C%22sess_id%22%3A%221720054914%22%7D%2C%7B%22id%22%3A%22G-X30H8X2R3S%22%2C%22sess_id%22%3A%221720054915%22%7D%2C%7B%22id%22%3A%22UA-151876340-2%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22UA-182438183-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-4PBKP8YN1D&dxver=4.0.0&shaid=37716&plh=https%3A%2F%2Finternal.donefirst.com%2F&shadditional=googletagmanager%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue%2Ccriteo%3Dtrue&shoid=136121451.1720054915&cb=1720054916442685&shguid=6a8ce816-a7d9-31bb-bb87-e6bbc7c6a25c&shgts=1720054917301
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-4PBKP8YN1D&ga_client_id=136121451.1720054915&shpt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-4PBKP8YN1D%22%2C%22ga_client_id%22%3A%22136121451.1720054915%22%2C%22shpt%22%3A%22Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You%22%2C%22dcm_cid%22%3A%221720054914.1%22%2C%22dcm_gid%22%3A%221226386994.1720054915%22%2C%22mntnis%22%3A%22niX4bbmVQoWTLztsscR45syjKTpQnAoa%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A5%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1720054914.1&dcm_gid=1226386994.1720054915&available_ga=%5B%7B%22id%22%3A%22G-4PBKP8YN1D%22%2C%22sess_id%22%3A%221720054914%22%7D%2C%7B%22id%22%3A%22G-X30H8X2R3S%22%2C%22sess_id%22%3A%221720054915%22%7D%2C%7B%22id%22%3A%22UA-151876340-2%22%2C%22sess_id%22%3Anull%7D%2C%7B%22id%22%3A%22UA-182438183-1%22%2C%22sess_id%22%3Anull%7D%5D&hardcoded_ga=G-4PBKP8YN1D&dxver=4.0.0&shaid=37716&plh=https%3A%2F%2Finternal.donefirst.com%2F&cb=54760518575743020term%3Dvalue&shadditional=googletagmanager%3Dtrue%2Cga4%3Dtrue%2Cappnexus%3Dtrue%2Ccriteo%3Dtrue&shoid=136121451.1720054915
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.37.218.4 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-37-218-4.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
422b962aff597c5aca5f9c3aa114fcea7f3fda6abcad9584510b36b3eecd0f09

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:57 GMT
content-encoding
gzip
server
istio-envoy
transfer-encoding
chunked
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time
22
connection
close
collect
q.clarity.ms/ 		0
286 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://q.clarity.ms/collect
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/x-clarity-gzip
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://internal.donefirst.com
Date
Thu, 04 Jul 2024 01:01:58 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
track
event.clientgear.com/ 		0
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://event.clientgear.com/track?event=ViewContent3&params=%7B%22event%22%3A%22ViewContent3%22%2C%22upc%22%3A%22287d5ac9-13fd-44c8-9c19-b897a6011e06%22%2C%22referrer%22%3A%22%22%2C%22domain%22%3A%22internal.donefirst.com%22%2C%22pagurl%22%3A%22https%253A%252F%252Finternal.donefirst.com%252Fv2%252Flogin%22%2C%22winwidh%22%3A1600%2C%22winheight%22%3A1200%2C%22uid%22%3A%22guest%22%2C%22timezone%22%3A%22UTC%2B2%22%2C%22time%22%3A%222024-7-4%203%3A1%3A58%22%2C%22mkPixelId%22%3A%2242487381192255%22%2C%22uidCookie%22%3A%22832642e0-6514-479a-b499-82b7df2698c5%22%2C%22uidLocalStore%22%3A%22mk4ecbde69-2f61-4305-a92f-a97954aed93c%22%2C%22uidCanvas%22%3A%2281acf7f1%22%2C%22thirdCookie%22%3Atrue%7D
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.252.78.131 , United States, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://internal.donefirst.com
date
Thu, 04 Jul 2024 01:01:58 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=UTF-8
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=0D5C4E3648254965BD324DF6AF792CDD&RedC=c.clarity.ms&MXFR=3A700514A34564E32EA911A6A7456A54
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0D5C4E3648254965BD324DF6AF792CDD&MUID=229B379083386602145A232282B367F3
42 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0D5C4E3648254965BD324DF6AF792CDD&MUID=229B379083386602145A232282B367F3
Protocol
H2
Server
13.74.129.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:57 GMT
last-modified
Tue, 25 Jun 2024 19:30:12 GMT
server
Microsoft-IIS/10.0
etag
"7473f1936c7da1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D4FE4AE66F2E490B84E73A6EF095715F Ref B: FRA31EDGE0513 Ref C: 2024-07-04T01:01:58Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0D5C4E3648254965BD324DF6AF792CDD&MUID=229B379083386602145A232282B367F3
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 9AE2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-112.fra60.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://internal.donefirst.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2565
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 04 Jul 2024 00:50:02 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 14 Jun 2024 20:01:05 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 cb0a9b0d01a1b0cc9278d9875ce23c92.cloudfront.net (CloudFront)
x-amz-cf-id
mbKhRpjEEyzUbGMdjWHIkXc_YznFLODgaRIaBlW_tFZ6niRIF9A4xw==
x-amz-cf-pop
FRA60-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame 8A3E 		170 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-LfLSIchX95B-01oRBkNTbJUL-R8ToJPj4oTxaw&google_cm&google_hm=ay1MZkxTSWNoWDk1Qi0wMW9SQmtOVGJKVUwtUjhUb0pQajRvVHhhdw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
x.bidswitch.net/ Frame 8A3E 		43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=46&user_id=k-ynAVQchX95B-01oRBkNTbJUL-R-H9tkXuBekCA&expires=30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
91.149.214.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 04 Jul 2024 01:01:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 8A3E
Redirect Chain
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2188792494268331009
43 B
370 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2188792494268331009
Protocol
H2
Server
178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:57 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1196180
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
an-x-request-uuid
88d9ecb8-960f-45c3-9ddd-22a677c0c300
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2188792494268331009
x-proxy-origin
80.255.7.103; 80.255.7.103; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame 8A3E 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-U7CZ1chX95B-01oRBkNTbJUL-R8619eyrphv0g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.196.111.73 , France, ASN16276 (OVH, FR),
Reverse DNS
ip73.ip-5-196-111.eu
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:57 GMT
transfer-encoding
chunked
content-type
image/gif
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 8A3E 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-i6R3vshX95B-01oRBkNTbJUL-R-94JXZIx1Z4Q
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
49876
k-MnixE8hX95B-01oRBkNTbJUL-R-11oNOaIy0ag
sync.1rx.io/usersync/criteodsp/ Frame 8A3E 		0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync/criteodsp/k-MnixE8hX95B-01oRBkNTbJUL-R-11oNOaIy0ag
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-store, no-cache, must-revalidate
expires
0
sync
ads.yieldmo.com/v000/ Frame 8A3E 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=criteo&ext=1&id=k-90hTc8hX95B-01oRBkNTbJUL-R--3v45HZtndQ&gdpr_consent=$&gdpr=$
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.111.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-111-171.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
content-length
0
sync
visitor.omnitagjs.com/visitor/ Frame 8A3E 		49 B
342 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-SSEzOMhX95B-01oRBkNTbJUL-R-FxXUJH37VdQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.153 , France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:57 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
5
content-length
49
expires
0
rum
r.casalemedia.com/ Frame 8A3E
Redirect Chain
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Db48j8hX95B-01oRBkNTbJUL-R9iAo8XIoBPsA
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Db48j8hX95B-01oRBkNTbJUL-R9iAo8XIoBPsA&C=1
43 B
323 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Db48j8hX95B-01oRBkNTbJUL-R9iAo8XIoBPsA&C=1
Protocol
H2
Server
172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=249MMuWt6FpKro2guLyCBO0%2F8M7LA90%2BcO8plDbmHR0JWzftayoYeKMwR8HAEdFV4CKG9GSr4fOIgj3yH254lMaEXB8GnTtve0sfBeDUnjfLF5dfOjX%2F4msbB8ql1aQNyxIX"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
89db2fe7991a6a78-TXL
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i5TIKuEDZYicpF%2BO1%2FWpQptiMtjTPBEJvy37iFcZClJtcCl3CAEpb6nOHU1venX%2FNuE1FwJW73%2F3zOPVA4hS5pstD5oJVWzAN1RehAic8f4nxV80UuRev5B%2F6pfDcIviG4Pr"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=20&external_user_id=k-Db48j8hX95B-01oRBkNTbJUL-R9iAo8XIoBPsA&C=1
cache-control
no-cache
cf-ray
89db2fe7387d6a78-TXL
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
demconf.jpg
dpm.demdex.net/ Frame 8A3E
Redirect Chain
  • https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
  • https://dpm.demdex.net/ibs:dpid=28645&dpuuid=pgNhiir_K47jQNCjaRqyIYDQYV67IPGh
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=pgNhiir_K47jQNCjaRqyIYDQYV67IPGh
42 B
717 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=pgNhiir_K47jQNCjaRqyIYDQYV67IPGh
Protocol
H2
Server
99.81.228.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-228-109.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-irl1-1-v062-09e60318f.edge-irl1.demdex.com 2 ms
pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
4LBlOZ3BSPg=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs
dcs-prod-irl1-2-v062-0e4dc97a3.edge-irl1.demdex.com 0 ms
pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-tid
v1Vb86lFSgE=
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=pgNhiir_K47jQNCjaRqyIYDQYV67IPGh
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
9.gif
id5-sync.com/s/966/ Frame 8A3E 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/s/966/9.gif?puid=k-B6_yMshX95B-01oRBkNTbJUL-R_OysX90ldgaA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
image/gif;charset=UTF-8
date
Thu, 04 Jul 2024 01:01:58 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
match
ad.360yield.com/ Frame 8A3E 		43 B
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-9TRw5chX95B-01oRBkNTbJUL-R9ugGa4oZ--hw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.249.44.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-44-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Thu, 04 Jul 2024 01:01:58 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sync
matching.ivitrack.com/ Frame 8A3E 		42 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://matching.ivitrack.com/sync?realm=criteo&uid=k-yF0l48hX95B-01oRBkNTbJUL-R_IvSGyswFOiA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
22.157.117.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
x-envoy-decorator-operation
tag-manager.programmatic.svc.cluster.local:3000/*
via
1.1 google
server
istio-envoy
content-type
image/gif
cache-control
public, max-age=86400
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
cksync.php
contextual.media.net/ Frame 8A3E 		60 B
814 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-lzp2wshX95B-01oRBkNTbJUL-R-8L-7Mjzw89w
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.148.20 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-20.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a3c78e2cfd04611e069c3edfc58f8f9866c89a0a383e3556bbdeff54ddceef74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Thu, 04 Jul 2024 01:01:58 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
alt-svc
h3=":443"; ma=93600
content-length
60
x-mnet-hl2
E
expires
Thu, 04 Jul 2024 01:01:58 GMT
push
exchange.mediavine.com/usersync/ Frame 8A3E 		0
882 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-hzbBDshX95B-01oRBkNTbJUL-R9MdRVffnZn1w
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.189.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-189-227.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
private, no-cache
access-control-allow-credentials
true
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
text/html; charset=utf-8
1017
jadserve.postrelease.com/suid/ Frame 8A3E 		43 B
423 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/suid/1017?vk=k-8uIkf8hX95B-01oRBkNTbJUL-R-Vu4g3zl1_QQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.238.139.12 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-238-139-12.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
server
nginx
content-type
image/gif
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
cookie-sync
sync.outbrain.com/ Frame 8A3E 		0
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-7I02XMhX95B-01oRBkNTbJUL-R9Q3w0t5x1RWA&initiator=partner
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-traceid
e2008241684a3354e94cff0c919bbe97
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 8A3E 		0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-WHUBsshX95B-01oRBkNTbJUL-R9YO3NKC3AW2Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/html; charset=utf-8
date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-store, no-cache, private
content-encoding
gzip
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
tap.php
pixel.rubiconproject.com/ Frame 8A3E 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-MYCRj8hX95B-01oRBkNTbJUL-R9Cjf3oRYEUjw&expires=30
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
match.sharethrough.com/sync/ Frame 8A3E 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-7j2UEMhX95B-01oRBkNTbJUL-R802kItw8IHRw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.65.142.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-65-142-90.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
um
criteo-sync.teads.tv/ Frame 8A3E 		23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://criteo-sync.teads.tv/um?eid=80&uid=k-MyRONchX95B-01oRBkNTbJUL-R9r0KVsNNbuBQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-75.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.1 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 04 Jul 2024 01:01:58 GMT
pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.1
content-length
23
content-type
image/gif
sync
criteo-partners.tremorhub.com/ Frame 8A3E 		43 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://criteo-partners.tremorhub.com/sync?UICR=k-Qy4T98hX95B-01oRBkNTbJUL-R85VNe1_PjLbQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4280:b416:9208:c279:7ba8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Thu, 04 Jul 2024 01:01:58 GMT
server
nginx
content-type
image/gif
xuid
eb2.3lift.com/ Frame 8A3E 		37 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2711&xuid=k-0Jl0x8hX95B-01oRBkNTbJUL-R-2KCKisOq2zA&dongle=013b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
getusermatch.php
a.twiago.com/rtb/ Frame 8A3E 		43 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-4_PZ-shX95B-01oRBkNTbJUL-R8fRKdGE2fWDQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.215.5.31 , Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software
Apache / PHP/7.3.29
Resource Hash
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Thu, 04 Jul 2024 01:01:58 GMT
server
Apache
x-powered-by
PHP/7.3.29
content-length
43
content-type
image/gif
m
ad.yieldlab.net/ Frame 8A3E 		0
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-GfjqV8hX95B-01oRBkNTbJUL-R_p4VNIUZRa6w
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.17.243 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-17-243.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2024 01:01:58 GMT
Cache-Control
no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection
keep-alive
Expires
Wed, 03 Jul 2024 01:01:58 GMT
sync
sync-criteo.ads.yieldmo.com/ Frame 8A3E 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-criteo.ads.yieldmo.com/sync?id=k-90hTc8hX95B-01oRBkNTbJUL-R--3v45HZtndQ&pn_id=criteo&ext=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.121.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-121-185.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
content-length
0
put
e1.emxdgt.com/ Frame 8A3E 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e1.emxdgt.com/put?d=d53&uid=k-NkO9cMhX95B-01oRBkNTbJUL-R9fEr9uZysCrA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.168.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-168-76.eu-central-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
server
awselb/2.0
pixel
cm.adform.net/ Frame 8A3E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w
  • https://c1.adform.net/serving/cookie/match?CC=1&party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w
  • https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1
Protocol
H2
Server
37.157.2.230 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
last-modified
Thu, 26 Oct 2023 07:49:04 GMT
server
nginx
accept-ranges
bytes
etag
"653a19f0-2b"
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame 3F71 		170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-LfLSIchX95B-01oRBkNTbJUL-R8ToJPj4oTxaw&google_cm&google_hm=ay1MZkxTSWNoWDk1Qi0wMW9SQmtOVGJKVUwtUjhUb0pQajRvVHhhdw
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
x.bidswitch.net/ Frame 3F71 		43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=46&user_id=k-ynAVQchX95B-01oRBkNTbJUL-R-H9tkXuBekCA&expires=30
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
91.149.214.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 04 Jul 2024 01:01:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 3F71
Redirect Chain
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=197902833233615402
43 B
370 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=197902833233615402
Protocol
H2
Server
178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:57 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1080004
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
an-x-request-uuid
c6586f1f-7c86-4d71-954e-4cc58e47b910
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=197902833233615402
x-proxy-origin
80.255.7.103; 80.255.7.103; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame 3F71 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-U7CZ1chX95B-01oRBkNTbJUL-R8619eyrphv0g
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.196.111.73 , France, ASN16276 (OVH, FR),
Reverse DNS
ip73.ip-5-196-111.eu
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:57 GMT
transfer-encoding
chunked
content-type
image/gif
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 3F71 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-i6R3vshX95B-01oRBkNTbJUL-R-94JXZIx1Z4Q
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
48757
k-MnixE8hX95B-01oRBkNTbJUL-R-11oNOaIy0ag
sync.1rx.io/usersync/criteodsp/ Frame 3F71 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync/criteodsp/k-MnixE8hX95B-01oRBkNTbJUL-R-11oNOaIy0ag
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-store, no-cache, must-revalidate
expires
0
sync
ads.yieldmo.com/v000/ Frame 3F71 		0
37 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=criteo&ext=1&id=k-90hTc8hX95B-01oRBkNTbJUL-R--3v45HZtndQ&gdpr_consent=$&gdpr=$
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.111.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-111-171.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
content-length
0
sync
visitor.omnitagjs.com/visitor/ Frame 3F71 		49 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-SSEzOMhX95B-01oRBkNTbJUL-R-FxXUJH37VdQ
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.153 , France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
content-length
49
expires
0
rum
r.casalemedia.com/ Frame 3F71 		43 B
756 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Db48j8hX95B-01oRBkNTbJUL-R9iAo8XIoBPsA
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2FZs1XYkt%2Bpugs6uimpz9cujdpWFYxqzO6CRH0yXAj1CIepVfUF7BYAYecNYvSHwHyzkvDAczICoR32QRwKVR50BYMi1BoRkkIDkgWNZSJnCr%2B8u6LQXN88r1K9k4D4UoDpJ"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
89db2fe9acc258d8-TXL
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0
ibs:dpid=28645&dpuuid=1neMyax3Vl0jL7QPUDsf2eNIn1kmwkj9
dpm.demdex.net/ Frame 3F71
Redirect Chain
  • https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
  • https://dpm.demdex.net/ibs:dpid=28645&dpuuid=1neMyax3Vl0jL7QPUDsf2eNIn1kmwkj9
42 B
717 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=1neMyax3Vl0jL7QPUDsf2eNIn1kmwkj9
Protocol
H2
Server
99.81.228.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-228-109.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-irl1-2-v062-0aec0e841.edge-irl1.demdex.com 2 ms
pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
xyJ1kFTKT3I=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=1neMyax3Vl0jL7QPUDsf2eNIn1kmwkj9
date
Thu, 04 Jul 2024 01:01:57 GMT
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security
max-age=31536000; preload;
server
Kestrel
server-processing-duration-in-ticks
839025
content-length
0
9.gif
id5-sync.com/s/966/ Frame 3F71 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/s/966/9.gif?puid=k-B6_yMshX95B-01oRBkNTbJUL-R_OysX90ldgaA
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
image/gif;charset=UTF-8
date
Thu, 04 Jul 2024 01:01:58 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
match
ad.360yield.com/ Frame 3F71 		43 B
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-9TRw5chX95B-01oRBkNTbJUL-R9ugGa4oZ--hw
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.249.44.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-44-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Thu, 04 Jul 2024 01:01:58 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sync
matching.ivitrack.com/ Frame 3F71 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://matching.ivitrack.com/sync?realm=criteo&uid=k-yF0l48hX95B-01oRBkNTbJUL-R_IvSGyswFOiA
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
22.157.117.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
x-envoy-decorator-operation
tag-manager.programmatic.svc.cluster.local:3000/*
via
1.1 google
server
istio-envoy
content-type
image/gif
cache-control
public, max-age=86400
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
cksync.php
contextual.media.net/ Frame 3F71 		60 B
651 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-lzp2wshX95B-01oRBkNTbJUL-R-8L-7Mjzw89w
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.148.20 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-20.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a3c78e2cfd04611e069c3edfc58f8f9866c89a0a383e3556bbdeff54ddceef74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Thu, 04 Jul 2024 01:01:58 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
alt-svc
h3=":443"; ma=93600
content-length
60
x-mnet-hl2
E
expires
Thu, 04 Jul 2024 01:01:58 GMT
push
exchange.mediavine.com/usersync/ Frame 3F71 		0
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-hzbBDshX95B-01oRBkNTbJUL-R9MdRVffnZn1w
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.189.227 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-189-227.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
private, no-cache
access-control-allow-credentials
true
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
text/html; charset=utf-8
1017
jadserve.postrelease.com/suid/ Frame 3F71 		43 B
422 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/suid/1017?vk=k-8uIkf8hX95B-01oRBkNTbJUL-R-Vu4g3zl1_QQ
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.238.139.12 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-238-139-12.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:59 GMT
server
nginx
content-type
image/gif
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
cookie-sync
sync.outbrain.com/ Frame 3F71 		0
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-7I02XMhX95B-01oRBkNTbJUL-R9Q3w0t5x1RWA&initiator=partner
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-traceid
c2b8ad127e26baaa095d916cf8e8a658
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 3F71 		0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-WHUBsshX95B-01oRBkNTbJUL-R9YO3NKC3AW2Q
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/html; charset=utf-8
date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-store, no-cache, private
content-encoding
gzip
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
tap.php
pixel.rubiconproject.com/ Frame 3F71 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-MYCRj8hX95B-01oRBkNTbJUL-R9Cjf3oRYEUjw&expires=30
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
match.sharethrough.com/sync/ Frame 3F71 		0
34 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-7j2UEMhX95B-01oRBkNTbJUL-R802kItw8IHRw
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.65.142.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-65-142-90.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
um
criteo-sync.teads.tv/ Frame 3F71 		23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://criteo-sync.teads.tv/um?eid=80&uid=k-MyRONchX95B-01oRBkNTbJUL-R9r0KVsNNbuBQ
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-75.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.1 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 04 Jul 2024 01:01:58 GMT
pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.1
content-length
23
content-type
image/gif
sync
criteo-partners.tremorhub.com/ Frame 3F71 		43 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://criteo-partners.tremorhub.com/sync?UICR=k-Qy4T98hX95B-01oRBkNTbJUL-R85VNe1_PjLbQ
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4280:b416:9208:c279:7ba8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Thu, 04 Jul 2024 01:01:58 GMT
server
nginx
content-type
image/gif
xuid
eb2.3lift.com/ Frame 3F71 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2711&xuid=k-0Jl0x8hX95B-01oRBkNTbJUL-R-2KCKisOq2zA&dongle=013b
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
getusermatch.php
a.twiago.com/rtb/ Frame 3F71 		43 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-4_PZ-shX95B-01oRBkNTbJUL-R8fRKdGE2fWDQ
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.215.5.31 , Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software
Apache / PHP/7.3.30
Resource Hash
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Thu, 04 Jul 2024 01:01:58 GMT
server
Apache
x-powered-by
PHP/7.3.30
content-length
43
content-type
image/gif
m
ad.yieldlab.net/ Frame 3F71 		0
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-GfjqV8hX95B-01oRBkNTbJUL-R_p4VNIUZRa6w
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.17.243 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-17-243.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2024 01:01:58 GMT
Cache-Control
no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection
keep-alive
Expires
Wed, 03 Jul 2024 01:01:58 GMT
sync
sync-criteo.ads.yieldmo.com/ Frame 3F71 		0
37 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-criteo.ads.yieldmo.com/sync?id=k-90hTc8hX95B-01oRBkNTbJUL-R--3v45HZtndQ&pn_id=criteo&ext=1
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.121.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-121-185.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
content-length
0
put
e1.emxdgt.com/ Frame 3F71 		0
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e1.emxdgt.com/put?d=d53&uid=k-NkO9cMhX95B-01oRBkNTbJUL-R9fEr9uZysCrA
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.168.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-168-76.eu-central-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
server
awselb/2.0
pixel
cm.adform.net/ Frame 3F71
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w
  • https://c1.adform.net/serving/cookie/match?CC=1&party=10015&cid=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w
  • https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1
43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1
Protocol
H2
Server
37.157.2.230 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
last-modified
Thu, 26 Oct 2023 07:49:04 GMT
server
nginx
accept-ranges
bytes
etag
"653a19f0-2b"
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-Ti4kaMhX95B-01oRBkNTbJUL-R-NfU9nNN1W6w&adform_v=1
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
setuid
ib.adnxs.com/ Frame 8A3E 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=52&code=k-7j-HschX95B-01oRBkNTbJUL-R87wV5ufx5wTw
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
an-x-request-uuid
78ebcc3e-fb42-4e5d-89af-f2de1fd5c2b6
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
80.255.7.103; 80.255.7.103; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
ib.adnxs.com/ Frame 3F71 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=52&code=k-7j-HschX95B-01oRBkNTbJUL-R87wV5ufx5wTw
Requested by
Host: internal.donefirst.com
URL: https://internal.donefirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:58 GMT
an-x-request-uuid
86a8d0c6-b7dd-4874-8c61-66fb4b5698b3
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
80.255.7.103; 80.255.7.103; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
logo-icon.png
internal.donefirst.com/assets/img/ 		3 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/assets/img/logo-icon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
1adf2c54270268a0fc2e9c7cea3857cd04ae967f4c110500b1807a9b3c72c198

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/v2/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:58 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-de5"
content-type
text/html
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3557
common.js
maps.googleapis.com/maps-api-v3/api/js/57/7/intl/de_ALL/ 		255 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/57/7/intl/de_ALL/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyALFmDoVNb5DrQbvRkAUghtQw1dvqZgg6Q&libraries=places
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e1fd8fc3ab2352def12849ca035ccfe5b5ff27d034b455be45456ada02d8a8fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 18:31:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
109848
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57008
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 19:30:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Jul 2025 18:31:11 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/57/7/intl/de_ALL/ 		185 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/57/7/intl/de_ALL/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyALFmDoVNb5DrQbvRkAUghtQw1dvqZgg6Q&libraries=places
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
893ac88beec73d8836d11c0d4138056ab04c10e2e617a919ccbf276b533b33b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 15:44:40 GMT
content-encoding
br
x-content-type-options
nosniff
age
33439
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57848
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 19:30:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 03 Jul 2025 15:44:40 GMT
/
internal.donefirst.com/ 		3 KB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://internal.donefirst.com/
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.114.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
35.114.149.34.bc.googleusercontent.com
Software
nginx/1.19.1 /
Resource Hash
1adf2c54270268a0fc2e9c7cea3857cd04ae967f4c110500b1807a9b3c72c198

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://internal.donefirst.com/v2/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 01:01:52 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 08:10:32 GMT
server
nginx/1.19.1
etag
"6683b5f8-de5"
content-type
text/html
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3557
seo
h.plerdy.com/click/admin/ 		68 B
494 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://h.plerdy.com/click/admin/seo
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.73.224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd4f2f0972b7a9eb7febbcece5f4e93c6b96ced44e50914232e277ca2e7a5d97

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2024 01:01:59 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j6lUz49Zepzg478Gkw7mrpJjbo3EyUSgAbQe%2BRLqPnhGYUDAtFVZLzWeZnOVpNupzaI28G9p8cvhdcsUleU8HSqEaapGJCVMhZcdIKhjJt9UeutR%2B158SPGZSnvZ4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, private
cf-ray
89db2fed78fa8f32-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 04 Jul 2024 01:01:59 GMT
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-4PBKP8YN1D&gtm=45je4730v9118323173za200zb834275605&_p=1720054914224&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=95250752&cid=136121451.1720054915&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&sid=1720054914&sct=1&seg=0&dl=https%3A%2F%2Finternal.donefirst.com%2F&dt=Done.%20ADHD%20Managed%20%7C%20ADHD%20Treatment%20Made%20Just%20For%20You&_s=2&tfd=7247&_z=fetch
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 01:01:59 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://internal.donefirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
q.clarity.ms/ 		0
286 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://q.clarity.ms/collect
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWU2NDEzYzJiMQ.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/x-clarity-gzip
Referer
https://internal.donefirst.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://internal.donefirst.com
Date
Thu, 04 Jul 2024 01:02:00 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

Verdicts & Comments Add Verdict or Comment

310 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 undefined| event object| fence object| sharedStorage object| webpackChunktag boolean| ABTastyTagPerforming object| tatari object| uetq number| ordnumber string| sscUrl object| x object| ABTasty function| ABTastyStartTest function| ABTastyReload function| ABTastyPageView object| abtasty function| ABTastyClickTracking function| ABTastyEvent object| _abtasty function| TatariXandrManager function| pixie object| TatariXandr object| ttm function| UET function| UET_init function| UET_push object| ueto_5aaa486175 function| clarity object| clarityuetq object| google object| litHtmlVersions object| module$exports$mapsapi$geometry$spherical object| litElementVersions object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView object| webpackJsonp object| regeneratorRuntime function| IMask function| _ function| Payment object| dataLayer function| gtag object| AWIN function| AwinCustomEvent object| webpackChunkStripeJSouter function| noop function| Stripe object| google_tag_manager object| google_tag_data function| hj object| _hjSettings function| qp string| qpGtm function| twq object| _linkedin_data_partner_ids boolean| _already_called_lintrk function| rdt function| fbq function| _fbq string| TiktokAnalyticsObject object| ttq string| ire_o function| ire function| mkq function| _mkq object| uetq2 function| snaptr object| r number| _suid string| _protocol object| plerdymainscript string| _site_hash_code object| plerdyScript object| ueto_5d41f6fb20 object| ueto_0405e32083 object| qevents string| GoogleAnalyticsObject function| ga object| GooglebQhCsO function| onYouTubeIframeAPIReady object| gaGlobal object| VWO object| twttr function| lintrk object| ORIBILI object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled function| redditNormalizeEmail object| Criteo object| criteo_q string| deviceType object| irEvent object| _scPxHelper object| _scPxTeller function| _0xdb95 function| _0xcbd0c4 string| MAINPLERDYURL object| mainScriptPlerdy string| mainScriptPlerdy_host string| mainScriptPlerdy_host_tracker function| _0x22fc object| plerdy_config undefined| plerdy_ab_saved_changesglobal undefined| plerdy_ab_styles_changesglobal object| plerdy_AB_changes function| addRemoveCssPlerdyStyle function| applyAbChangesPlerdy function| customSubstringPlerdyDataGa function| sendGaPlerdyTestAb function| plerdyReceiveMessageAB function| Init object| gaplugins object| gaData object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks function| _0x13896b function| _0x12d1 function| _0x5208 function| getPlerdy_PageUrl function| mobilecheck function| mobileAndTabletcheck function| plerdyGetOS function| plerdyGetBrouser boolean| plerdyShowEventsPopup object| startSessionInPageTime boolean| eventHandledSessionInPageTime number| plerdyTypeTrack number| Plerdy_lastScrollTop number| Plerdy_lastScrollTop_2 number| pledyTimeOfClick number| PlerdyFormIsShowed number| PlerdyFormIsShowed_2 number| PlerdyFormIsShowedButtonLabel number| PlerdyFormIsShowedButtonLabel_2 string| initPlerdyUrlOriginal object| initPlerdyUrlOriginalO number| hoverActiveOnOff number| plerdy_click_number_on_page undefined| my_selector_generator number| on_off_mode_show undefined| old_device string| pageUrl object| parts string| plerdy_refferer string| part2 object| trfficSource object| object object| timeClose string| plerdyIframeData object| plerdyIframeDataHover function| plerdyReceiveMessage object| plEventsAll string| pageUrl2 number| plerdy_active_elements number| plerdy_inactive_elements object| position_array object| plerdy_real_elements number| plerdy_sc object| previous_data number| maxCntVl number| averageCntVl number| allCntVl number| ratioCntVl object| selectors object| selectors_hovers number| corector object| allS object| plerdySelectorsArray boolean| plerdy_path_ref undefined| url_ref_arr undefined| segments undefined| dataForshowPanel string| plerdyCurrencySales number| intervalPlerdycycleStopVar undefined| firstTime number| maxCntSelectorsPlerdy number| maxCntSelectorsPlerdy_critical boolean| plerdy_mouseSelect boolean| plerdyTypeShow string| plerdySalasCurrency number| maxCntVlHovers undefined| positions undefined| isScrolling number| timerFarBreakCykle function| plerdySourseBusterFunc string| plerdyVisitorId object| FingerprintJSPlerdy object| plerdySession string| sesNameP string| sesNamePuserSes undefined| plerdy_selectors_for_mouse_move object| cash_selectros_for_mouse_move object| plerdy_referrals number| plerdy_do_now function| plerdy_getHTML object| plerdy_scroll_cache object| plerdy_scroll_cache_send object| plerdy_scroll_dataOLD number| plerdy_scroll_data number| plerdy_on_off_send_scroll object| send_data function| init_click_count_plerdy function| checkUrlforBannersAkcia function| checkIprules function| unserialize function| checkUrlForHide function| checkUrl function| rtrim function| checkDevice function| fullPath function| sendDataForInitPlerdy function| setFormIframeStyles function| loadAddPlerdyScript function| hide_popupPlerdy function| plerdyAddMultipleListeners function| addPlerdyEvent1 function| on_plerdy function| addPlerdyStylesheetTag function| plerdyCheckElementAppear function| plerdyClearnUrlfunction function| addStyle_Plerdy function| createCORSRequest function| offset_pl function| selectDevise function| do_kostyl function| checkChildrenForAddDisplay function| plerdy_elem_over function| plerdy_elem_out function| inArray function| doWhenMouseOver function| addRemoveHeight function| plerdyClicksStyle function| sendToIframe function| getClassOrIdPlerdyEvent function| addEventCustomInCabinetPlerdy function| showHidePanel function| initFingerprintJSPlerdy function| plerdySessionFunctions function| plerdySeoAudit function| sendPlerdyDataToSeo function| sendSatistic_Before function| getCookiePlerdy function| plerdySerialize function| sendSatistic function| urlencode function| currentDate function| plerdy_filterNone function| plerdy_getAllComments function| plerdyAverageValue function| proccesVideoData function| initGaEvents function| plerdysend function| plerdyCommerse function| proccesConverssionData function| doPlerdyConvStep function| validConverssionURL function| getTrafficsPlerdyArr function| getDevicePlerdyArr function| plerdySeoRulesCheck function| plerdyDetectIfAlloved function| sendConv_v2 function| plerdyClearnWords function| plerdyClearnString function| getForLua function| plerdyGetImagesWithMissingAlt function| PlerdyRobots function| sendDataScroll function| doSeo function| addInPage function| detect function| makrPlerdyReal function| showMarkedSeoNum function| plerdyUnMakrWords object| plerdy_tags_arr function| CssSelectorGenerator function| wmkq string| seo_url number| seo_do_now object| mkqc function| _s1_31 string| dcm_cid undefined| dcm_tid undefined| dcm_gid string| country_code_plerdy object| _0xc19e function| _0xe23c object| plerdy_video_rules object| plerdy_seo_rules object| plerdy_seo_rules2 boolean| doSeoOrNot object| _0xc67e function| _0xe95c object| plerdy_ga_events object| _0xc74e function| _0xe43c object| plerdy_form_data_params string| avail_ga_sorted object| irongate object| mntn

95 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: 0931215d128346ad979bb099e4b17240
.trkn.us/ Name: barometric[cuid]
Value: cuid_6685f481-99d0-4170-8248-30d874fe8d16
internal.donefirst.com/ Name: tatari-cookie-test
Value: 9895086
.donefirst.com/ Name: t-ip
Value: 1
.donefirst.com/ Name: tatari-session-cookie
Value: 6caad7cb-839a-3f66-991d-931d0ca2f336
.linkedin.com/ Name: bcookie
Value: "v=2&ea4d6f5b-606a-453a-885b-c7c300497722"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjAwNTQ5MTM7MjswMjGS06KF+1H3rjCFS5YjhcQbNW+m0U7jB69mXJ4TQpqFvw==
.linkedin.com/ Name: lidc
Value: "b=OGST05:s=O:r=O:a=O:p=O:g=3112:u=1:x=1:i=1720054913:t=1720141313:v=2:sig=AQHR6d1w3pDAWPdQxmiakZjPNthaqpSk"
.bidr.io/ Name: bito
Value: AAFJTk7NC-kAABRWEdrpLQ
.bidr.io/ Name: bitoIsSecure
Value: ok
www.clarity.ms/ Name: CLID
Value: 5fdbbc94fe034f52a3dad136ee3f7274.20240704.20250704
.donefirst.com/ Name: _clck
Value: 19x2wbm%7C2%7Cfn6%7C0%7C1646
.donefirst.com/ Name: mp_2bc507fe20f56cf38b9e6465ea0e8315_mixpanel
Value: %7B%22distinct_id%22%3A%20%221907b431ca6f5-0dd9901888b085-26001f51-1d4c00-1907b431ca7914%22%2C%22%24device_id%22%3A%20%221907b431ca6f5-0dd9901888b085-26001f51-1d4c00-1907b431ca7914%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
internal.donefirst.com/ Name: duuid
Value: 832642e0-6514-479a-b499-82b7df2698c5
.bing.com/ Name: MUID
Value: 229B379083386602145A232282B367F3
.donefirst.com/ Name: _gcl_au
Value: 1.1.860882043.1720054915
.bing.com/ Name: MSPTC
Value: vJEHKPGFcJ2Skn_mFaw_GRyHLN_60iYjbk6hL6nFOUo
.donefirst.com/ Name: _rdt_uuid
Value: 1720054914712.7fd0670b-3c6d-4d37-91dd-1129bdbbf7a0
.donefirst.com/ Name: _scid
Value: 089f3de9-24df-4b17-b798-322e90971d3d
.donefirst.com/ Name: _scid_r
Value: 089f3de9-24df-4b17-b798-322e90971d3d
.tiktok.com/ Name: _ttp
Value: 2ilAiFceITVtl1GF6zJEx3koeec
.criteo.com/ Name: receive-cookie-deprecation
Value: 1
.criteo.com/ Name: uid
Value: 8d56bf16-48e2-4727-affd-1030b5391507
.donefirst.com/ Name: _gid
Value: GA1.2.1226386994.1720054915
.donefirst.com/ Name: _gat_gtag_UA_182438183_1
Value: 1
.donefirst.com/ Name: _tt_enable_cookie
Value: 1
.donefirst.com/ Name: _ttp
Value: XZ1XrjGFSB__4yPvGmIb-H4xJ6V
.donefirst.com/ Name: _hjSessionUser_3026948
Value: eyJpZCI6IjE5ZjlkYTA3LTFmMzktNTc2NC05ODZkLTVkZDhhZGIyMjU0NSIsImNyZWF0ZWQiOjE3MjAwNTQ5MTQ5NTUsImV4aXN0aW5nIjp0cnVlfQ==
.donefirst.com/ Name: _hjSession_3026948
Value: eyJpZCI6IjNlNWU2MGMzLWEwMWMtNDdlNi1iNTRhLTcxNjI2YjM2YzczZSIsImMiOjE3MjAwNTQ5MTQ5NTYsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.donefirst.com/ Name: cto_bundle
Value: XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.twitter.com/ Name: guest_id_marketing
Value: v1%3A172005491493266293
.twitter.com/ Name: guest_id_ads
Value: v1%3A172005491493266293
.twitter.com/ Name: personalization_id
Value: "v1_EAHSfKoDG+s8W3tuGZKpzQ=="
.twitter.com/ Name: guest_id
Value: v1%3A172005491493266293
.clientgear.com/ Name: mkuuid
Value: mkcf84bd239f4742578d9549a937328b10
.donefirst.com/ Name: _ScCbts
Value: %5B%5D
.donefirst.com/ Name: _fbp
Value: fb.1.1720054915110.353562782956873012
.t.co/ Name: muc_ads
Value: dba4c46d-c13b-4f08-9d32-256a1152ec32
.donefirst.com/ Name: _gat_gtag_UA_151876340_2
Value: 1
.donefirst.com/ Name: uid
Value: mk5141d3e8-e49b-41ee-82b5-675d4eb757c2
.donefirst.com/ Name: _mk_sync
Value: 1720065715180
.donefirst.com/ Name: _ga_X30H8X2R3S
Value: GS1.1.1720054915.1.0.1720054915.0.0.0
.donefirst.com/ Name: _ga
Value: GA1.1.136121451.1720054915
.clientgear.com/ Name: mksession
Value: mks71a58923-bb31-4f89-b64f-0378c0f7cd6a
.donefirst.com/ Name: ABTastySession
Value: mrasn=&lp=https%253A%252F%252Finternal.donefirst.com%252F
.donefirst.com/ Name: ABTasty
Value: uid=v64mxz18ph1yenmv&fst=1720054913012&pst=-1&cst=1720054913012&ns=1&pvt=2&pvis=2&th=
.csync.loopme.me/ Name: viewer_token
Value: 26181173-15f9-4da2-bf18-60f0186b7326
.donefirst.com/ Name: ab.storage.sessionId.5b95de42-137c-49e8-a68e-299c94d59e4b
Value: %7B%22g%22%3A%22391f4100-40ae-3571-dd43-8b49ac758463%22%2C%22e%22%3A1720056715624%2C%22c%22%3A1720054915624%2C%22l%22%3A1720054915624%7D
.donefirst.com/ Name: ph_phc_l1LeD6EVM1Ze5fMAzFJCM0HR1Q1L4bjsP4yAr8uon6y_posthog
Value: %7B%22distinct_id%22%3A%2201907b43-1cac-7bf7-bcd2-0d5e6d687582%22%2C%22%24sesid%22%3A%5B1720054915627%2C%2201907b43-1cec-7e35-ad32-103446718f00%22%2C1720054914284%5D%7D
.donefirst.com/ Name: _uetsid
Value: 011be2a039a111ef9b1aede537665bf5
.donefirst.com/ Name: _uetvid
Value: 011bd78039a111ef8a99a3433afde145
measurement-api.criteo.com/ Name: ar_debug
Value: 1
.donefirst.com/ Name: _clsk
Value: 1pf7lb%7C1720054915884%7C2%7C1%7Cq.clarity.ms%2Fcollect
.toast.com/ Name: BID
Value: HZDMEX7EC7DGCF1E62Z5R6MIA
.toast.com/ Name: txpub_1272375336
Value: mkcf84bd239f4742578d9549a937328b10_:_EXP_:_1735606916
.toast.com/ Name: txsync
Value: 1720054916
.donefirst.com/ Name: _ga_4PBKP8YN1D
Value: GS1.1.1720054914.1.1.1720054916.58.0.0
.mountain.com/ Name: guid
Value: 02644c65-39a1-11ef-9421-f50b08e8b47a
internal.donefirst.com/ Name: _hjShownFeedbackMessage
Value: true
.px.mountain.com/ Name: tt
Value: H4sIAAAAAAAAAKtWKlOyMqoFAP609q8HAAAA
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.clientgear.com/ Name: updatetime
Value: 1720054918257
.casalemedia.com/ Name: CMID
Value: ZoX0hrmqPeYAAFgQA98XngAA
.casalemedia.com/ Name: CMPS
Value: 5289
.casalemedia.com/ Name: CMPRO
Value: 5289
.omnitagjs.com/ Name: ayl_visitor
Value: 36d3bfc3b2ebd20f964e8fed596785c5
.adnxs.com/ Name: XANDR_PANID
Value: jvsH67OMKPBDUcMZPb13VqOVyzs8F7I_DUkRRxZLH9Pdy7Zv_5FNXJQxrsYD-bRcqUEn1iaMw3-Dn4_HkI1yH0a2AkWXnT_ISAHaTHrVoWI.
.adnxs.com/ Name: anj
Value: dTM7k!M4/rCxrEQF']wIg2HaOG(NHa!@wnfH1YdP.dEXlSkeHoZ@d!OW1X4HqH26)UqpGVr5*wL*%dT8E:<ihEr4]*D=ScQ3%x@7vE*xvP(hw9P-HC_#tvto+=Ho^
.adnxs.com/ Name: uuid2
Value: 2188792494268331009
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 229B379083386602145A232282B367F3
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 229B379083386602145A232282B367F3
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
exchange.mediavine.com/ Name: mv_tokens
Value: %7B%22mv_uuid%22%3A%22039acfd0-39a1-11ef-be0e-7f5bb52adc08%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/ Name: mv_tokens_eu-v1
Value: %7B%22mv_uuid%22%3A%22039acfd0-39a1-11ef-be0e-7f5bb52adc08%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/ Name: am_tokens
Value: %7B%22mv_uuid%22%3A%22039acfd0-39a1-11ef-be0e-7f5bb52adc08%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/ Name: am_tokens_eu-v1
Value: %7B%22mv_uuid%22%3A%22039acfd0-39a1-11ef-be0e-7f5bb52adc08%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/ Name: criteo
Value: %7B%22id%22%3A%22k-hzbBDshX95B-01oRBkNTbJUL-R9MdRVffnZn1w%22%2C%22version%22%3A%22criteo%22%7D
.demdex.net/ Name: demdex
Value: 28616683283356255762736272252665803883
.media.net/ Name: visitor-id
Value: 3630565189085528000V10
.media.net/ Name: data-c-ts
Value: 1720054918
.media.net/ Name: data-c
Value: k-lzp2wshX95B-01oRBkNTbJUL-R-8L-7Mjzw89w~~3
.dpm.demdex.net/ Name: dpm
Value: 28616683283356255762736272252665803883
.criteo.com/ Name: cto_bundle
Value: LdWqQV9Uc2VxSjl2VXdEYkVRZFFiWjhOanJWcER6OW9qZkxHJTJGT2pHVXF5dG1QTjNJZlNiJTJGb2Jmd1ZqcFhTQVdkSE01Nw
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 2990860944500454064
.tremorhub.com/ Name: tv_UICR
Value: k-Qy4T98hX95B-01oRBkNTbJUL-R85VNe1_PjLbQ
.tremorhub.com/ Name: tvid
Value: a735dc4260874732a0ed9de46467eea7
.postrelease.com/ Name: opt_out
Value: 1
m.stripe.com/ Name: m
Value: 9703e0ed-1a6a-45e4-a99e-212a6a35c4b5259385
.internal.donefirst.com/ Name: __stripe_mid
Value: b6d0b3bf-ee2a-4b35-8104-0ad29390093cdcd573
.internal.donefirst.com/ Name: __stripe_sid
Value: ecc1926b-7d56-41dd-9429-04ab49460477a94125

4 Console Messages

Source Level URL
Text
network error URL: https://internal.donefirst.com/api/user/profile
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://internal.donefirst.com/api/user/profile
Message:
Failed to load resource: the server responded with a status of 401 ()
security warning URL: https://sslwidget.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvpg&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=46d4d55d-578d-41de-b12d-1fb769b14693
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security warning URL: https://sslwidget.criteo.com/event?a=101724&v=5.26.0&otl=1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis%26a%3D%255B101724%252C101724%255D&adce=1&bundle=XV0OBV82R0loVzA3MHoyTDVuRkZsRllFOXdLcXgyYTVKRDNxMTlpM1JiMWtySEw3ZmlqWlkxZGs1ZHd4aEdqajBndVJHcEVRaU44QmNlakw4ciUyQmRtYiUyRkZzUjF4VTJtV2h4RWtsdVpNNHVIbnJBckklMkZWZWNLZGJXVlUzVk5XOW9nUmdxNEVUaFBSTUtyYnlpckc2R3lOYTZIVmclM0QlM0Q&sc=%7B%22fbp%22%3A%22fb.1.1720054915110.353562782956873012%22%2C%22ttp%22%3A%22XZ1XrjGFSB__4yPvGmIb-H4xJ6V%22%7D&tld=donefirst.com&dy=1&fu=https%253A%252F%252Finternal.donefirst.com%252F&ceid=411e9520-cc05-4b3d-a12b-27ebd9dda3d2
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.plerdy.com
a.quora.com
a.twiago.com
acdn.adnxs.com
ad.360yield.com
ad.yieldlab.net
ads.yieldmo.com
alb.reddit.com
analytics.tiktok.com
analytics.twitter.com
ariane.abtasty.com
bat.bing.com
c.bing.com
c.clarity.ms
c1.adform.net
cm-exchange.toast.com
cm.adform.net
cm.g.doubleclick.net
connect.facebook.net
content.hotjar.io
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
csync.loopme.me
d2hrivdxn8ekm8.cloudfront.net
dcinfos-cache.abtasty.com
dis.criteo.com
dpm.demdex.net
dx.mountain.com
dynamic.criteo.com
e1.emxdgt.com
eb2.3lift.com
event.clientgear.com
exchange.mediavine.com
f.plerdy.com
fonts.googleapis.com
googleads.g.doubleclick.net
gs.mountain.com
gum.criteo.com
h.plerdy.com
ib.adnxs.com
id5-sync.com
internal.donefirst.com
jadserve.postrelease.com
js.stripe.com
maps.googleapis.com
match.sharethrough.com
matching.ivitrack.com
measurement-api.criteo.com
pixel-config.reddit.com
pixel.rubiconproject.com
pixeltrack.clientgear.com
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
q.clarity.ms
q.quora.com
r.casalemedia.com
region1.analytics.google.com
region1.google-analytics.com
rtb-csync.smartadserver.com
s.ad.smaato.net
s.seedtag.com
sc-static.net
script.hotjar.com
segment.prod.bidr.io
simage2.pubmatic.com
snap.licdn.com
sslwidget.criteo.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.1rx.io
sync.outbrain.com
sync.taboola.com
t.co
tr.snapchat.com
tr6.snapchat.com
trkn.us
try.abtasty.com
tte-prod.telemetry.vaultdcr.com
ttip-ipv4-prod.telemetry.vaultdcr.com
ttip-ipv6-prod.telemetry.vaultdcr.com
unleash.donefirst.com
us-u.openx.net
us.i.posthog.com
usersycn.clientgear.com
utt.impactcdn.com
vc.hotjar.io
visitor.omnitagjs.com
widget.us.criteo.com
www.clarity.ms
www.dwin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.redditstatic.com
x.bidswitch.net
103.243.202.190
104.244.42.195
104.75.89.75
13.107.42.14
13.32.121.112
13.32.121.64
13.32.27.107
13.32.27.30
13.32.99.105
13.74.129.1
141.226.228.48
142.250.181.226
142.250.184.200
142.250.184.228
142.250.186.162
142.250.186.67
146.75.120.157
151.101.1.140
151.101.129.140
157.240.0.35
157.240.0.6
162.159.152.17
162.19.138.82
163.181.130.165
172.217.16.202
172.217.18.2
172.217.23.110
172.64.151.101
172.67.73.224
178.250.1.9
18.172.112.72
18.66.102.53
184.30.16.183
184.30.17.243
185.255.84.153
185.64.191.210
185.89.210.20
20.231.53.73
2001:4860:4802:32::36
23.213.161.217
2600:1f18:612b:4280:b416:9208:c279:7ba8
2600:9000:211e:d400:1b:5138:8a40:93a1
2600:9000:214f:9e00:f:8ce2:fb80:93a1
2600:9000:235a:e00:0:f171:6100:93a1
2600:9000:26e8:c800:17:3f5c:f800:21
2620:1ec:21::14
2620:1ec:bdf::60
2620:1ec:c11::237
2a00:1450:4001:800::200e
2a00:1450:4001:802::200a
2a00:1450:4001:81c::2008
2a00:1450:4001:830::200a
2a00:1450:400c:c1d::9d
2a02:2638:3::19
2a02:2638:3::c
2a02:2638:3::e
2a02:26f0:3500:10::210:a9a
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42::396
3.127.168.76
3.161.82.74
3.163.248.4
3.64.189.227
3.65.142.90
34.117.157.22
34.149.114.35
34.149.50.64
34.249.44.129
34.36.178.232
34.94.155.128
35.186.249.72
35.190.43.134
35.214.149.91
35.214.219.158
35.244.159.8
37.157.2.229
37.157.2.230
44.238.139.12
46.228.174.117
47.252.78.131
5.196.111.73
52.12.117.226
52.208.243.88
52.37.218.4
52.50.246.167
52.7.151.245
52.71.121.170
52.71.218.52
54.224.91.174
54.77.121.185
63.33.111.171
64.202.112.159
69.173.144.165
74.119.117.16
76.223.111.18
85.215.5.31
93.184.221.165
95.101.111.153
95.101.148.20
99.81.228.109
00c231500beb2a8b54784dc269bcb3f96f1465ca35ef4f5ce4da0f1c8b05c0df
09df6d1354ef765c81c580f9c928eceba08c4d9a96fa67e05be9e2b30d29c65d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c40bafcfdc8adc6db63a6a5bfdb3dd5201798e6163fc674dc2fcbdb2a4134f1
0f7187bf13ffdbfd1129686a236e8d5f48ccc5160408b270d53715c989445374
1256234c3e3fa9d1b0201c72980c88f78cbb20060a3536de80566d96c405591a
175f273fda2632180b89555b497dd46c26eaee7e8c498130a2ec469fb202d4af
17b9a0d37a5c79515baf5e2588c6849fcb98a0e94befc480988c29d3ae020c09
1adf2c54270268a0fc2e9c7cea3857cd04ae967f4c110500b1807a9b3c72c198
1f8f06b20c720b422e52f2fea8b8013f452af1168132bc378d39b86724dfc3a2
2752450f74ccaf34a73d35bcabbf90415cd40b3993ac39e7895d1c07fe8421c5
2761a6698395fb13fd3785c16dd380ec5d618de2abcc28eeaffe090b46a51fc4
28ee60a8b952824969158d7813ada0f9fe8e2b1776c6baaa5b593b5820f781e1
291fc0f423fb2eabe5959317cf6b34c7e87c6c8e799732dd0f03625003ce5ecf
31dc8cf37429a0988b3980dfcfc8f4a982fb907e5e004d580cec96b672f25102
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
35de42b2f8b1b2794394f6df1dc99d1145b3fdf21f7d3703d682a9b638ffc5c3
36abd1add6b7651bbd0a2b82cd35dda48f7de7544004b9f0e168efa3c88cac7e
36cc1dbb3d2bc9f845873a7e9ed11e119dcff85429d8ee5e5aab973a18eb8014
3913a3083decb201f08e5f3dd57279d5647939749255ac29d85929f365aaf2bd
399e2acfd463d78e23bd01e18c42240d5184b1c73dcffafbe1879397fb14098d
3a74a90dbffe0575f938505345f2250626a576303e534287381fb035934cc152
3d3adeb96b9f97e636101415d27685603ee10a9eeb263918b3ab8e864c6c4ba0
3f178ce7323be0aba0ab996c22b8646d8786044ba59027245d8d86a8321c88df
410f3c8c25d171e7be35ac5038a6830da60e6a5b3e609ac8cb847eaa81722d1c
422b962aff597c5aca5f9c3aa114fcea7f3fda6abcad9584510b36b3eecd0f09
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44b201144ebe2ed6713b37a3ebbe9eef99aeed0657f1a912c65a9f5e467067a0
45d3316ce3fd1496596938557f941ed94f1cfa79af64405e9006a185ab22da0f
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fcab2cb309663ccecacee87ac5282424026713d8ef6575a1998a9c760ec74ba
54231f83b140394456ed44f982621af3b60588a89210e8e1aa83cc371ac5d0aa
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
57dc568fabcabcbc6ecab28fb369fc7cf36db2dc082f3dde83a58ef3ad4e4f4a
5a10f5522c22c065a7816dad2d489171c5e8e75c9008fec2f89a131a554b0641
5aab894467b7acf3f82c0d2b0bb70b5c76cbfd87e049198bf3bac7f53e05f999
5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db
613e55eeedad6144284986ac495323da078b2b0d7851af6133241c6b11d41d49
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
624840550c5cacf930593bccf5e10e7e06c354ffdb2c6515d2a37db97b13cfd5
63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850
66daf6dd9cbd26fe25bf9b3ccf7d759787a833384a627e931d18a6124cd7fde2
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
6b26cef94d7114ab2253f65625bbf062f26553ea18d500b59eb03d7c9ab4e073
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bfc01c5497b70861a5b110f472a2c6291665711df36eb2425246f48dbfab489
6db4032e547ca1994e1bf21488dab79c10cdfbcc0c54f4d2faa7ff3cf885feaf
6f1b249d377f954a037e7d633bc97feceb93c5c3da8b2cad800c8282d667de51
6fa19bcd07b8227b2626d4d0de7b85292148349278b1689595b6e37b18226b6c
798923cf9bc4c8d30ca45e5c529ccb635ca4f409e9c8f8e9c91da55b5297570f
7b97f96940bdb868294fd2ae881d3e2a9c79f4949d60eeae8aa4e9df561eb1b1
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86bb4515d850266ba9329c4f5f8e9ad31664615391681570b4f37720b3fbb948
8878a6113d3767fcb0f7c88fdc432c839a4e4e6fe97dec5e24b0d5eb32addd88
893ac88beec73d8836d11c0d4138056ab04c10e2e617a919ccbf276b533b33b5
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b5eaf40218075cea5deeb7f5b1f281030c970a307707acb1a2057518c64a902
90b3cb512c84b622cd8be3f1b011388a150ddcd9f14474c71821dda35c87e9af
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cdc35e26fa95bfbe67faab29ac9a0e8b08c4f8faa8d014fcab5793d9b7b5aa3
9d3b5fa0ef825696e739e51af484299cf857613a5d8b6b68277a6fcaad02a5b6
9d90df67dffd5b3b0d27646c7df88bd24dfb5edfb9d4fb72474073a6847609c5
9f36cf26f67fcc9f0612f69d2001d98902f36772ec60cf434eed1c039b258b6d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2a2154dcdbc3b983dfc718e54c8838bda689957f9e230588c17a6b6016fd9fc
a3c78e2cfd04611e069c3edfc58f8f9866c89a0a383e3556bbdeff54ddceef74
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad49747e6e45b57267ed911d909dd64d124d1928875c6de08fe77036d25eef9e
aec102d295af6c079e3a78b20e5a53a04c964011973c890c09596809d13893d4
aeff0ea037bcb57b6e00d7a5962d5274d728e62538030de0470e1ad57faaa6ac
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2f79aaea08345904caece465204692f4201aa9e2a42317c723e864fd59dca30
b6e25dc640e05959ac6dc1302dc974de7d29a68cc3408ae896141f525b78c988
b9465a7a67129d8a97a41bd43fd8b01e182f6cc7e69e08aca601024bb70cb0fa
ba36201bebd40faa9fc9bd8ce6f0c1456e5665054714d8010fbb592609b249c4
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c58ef6688ea79d415a0c590a7346e97a51de70b4f42dbf848f20a78487f86dbc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb46a5b4c71fa12212ab17cae7f2251d26ad1da4f1abb32fd837aef873d5c1a7
cb6deebaf9ce8f17b259c4e0990bc066da0f6c018c0f7ce8423d2ad2b1c9460e
cd4f2f0972b7a9eb7febbcece5f4e93c6b96ced44e50914232e277ca2e7a5d97
ce3a2c1f166951c17a773f8a1e503d7a416d5430854edf0ad5ea1460bfd92672
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d3afe8cff71e83f9c245858398fdceb2b8074c4fecd6e7e945c15d3484b79f96
d57a156c7e1124096c097d389f7554d1ae5107c305561f1e3344288b0a7ce74d
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03
d8b9f8f10c925be1c2cb4bd6ece23720c6865b2500c860e3b7ac616b17e82491
d9ec5b5d70a4e33ed88c835a21be0bafa15b14ced986b5ebda90520bd3d6b964
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1fd8fc3ab2352def12849ca035ccfe5b5ff27d034b455be45456ada02d8a8fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b9a4d34a563158069f54e72a34585d7a2a25f753b9b30220d429d2bc8624b8
e66808292bc499d78f9bb0e28eb22b1627bb6eaaf59f257d3d7aacade6d09b3a
eb69632d9691758bde4f9baaf565731bb33fa546d5b08a7fe0a5bc997aee2619
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1acf313c9114686d7744ed646f52b2ebe93db99bdc94890645e916fd81a400
ef728d99fdf443f5a700d693570b8b9831de5343536a86aec5c10950fcfe5fec
f373476f457a80cb64152a344527827cf01a87414306472cfd3a149c6748e50b
f98b8e32caf0b7fbbed91da56d37b9de8459aa7094d55874970cc102feee1cf8
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
fc740a7dd685e149ac9c20befb93b7e127249aa2d260a3b5f6b0ab696051e8a0
fcc3c439edc63318783aed993f9d2a5be255270297b5453bceb2384d9993886c
fffc6ed23cfeabaaace717503bfabd907816869c8c5ff38a2127b8284e8c5988