travel.northeast.aaa.com Open in urlscan Pro
34.231.184.91 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_me...
Submission: On January 07 via manual (January 7th 2023, 4:20:02 am UTC) from IN — Scanned from DE

Summary HTTP 187 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 66 IPs in 9 countries across 56 domains to perform 187 HTTP transactions. The main IP is 34.231.184.91, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is travel.northeast.aaa.com. The Cisco Umbrella rank of the primary domain is 506856.
TLS certificate: Issued by Trustwave Organization Validation SHA... on June 6th 2022. Valid for: a year.

This is the only time travel.northeast.aaa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	34.231.184.91 34.231.184.91	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400d:80a::200a	15169 (GOOGLE) (GOOGLE)
5	52.216.141.86 52.216.141.86	16509 (AMAZON-02) (AMAZON-02)
10	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	45.60.154.98 45.60.154.98	19551 (INCAPSULA) (INCAPSULA)
1 1	52.1.243.72 52.1.243.72	14618 (AMAZON-AES) (AMAZON-AES)
1	3.210.55.22 3.210.55.22	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700:303... 2606:4700:3033::ac43:a1c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.86.1.22 99.86.1.22	16509 (AMAZON-02) (AMAZON-02)
1	65.9.66.80 65.9.66.80	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
1	2a05:d014:275... 2a05:d014:275:cb01:190c:7f02:2b97:3b21	16509 (AMAZON-02) (AMAZON-02)
2	2a02:6ea0:c70... 2a02:6ea0:c700::18	60068 (CDN77 ^_^) (CDN77 ^_^)
4	2a00:1450:400... 2a00:1450:400d:80c::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
11	52.215.109.101 52.215.109.101	16509 (AMAZON-02) (AMAZON-02)
4	45.60.64.121 45.60.64.121	19551 (INCAPSULA) (INCAPSULA)
1	13.32.23.106 13.32.23.106	16509 (AMAZON-02) (AMAZON-02)
1	96.16.147.243 96.16.147.243	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
7	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2600:1901:0:7... 2600:1901:0:7a0b::	15169 (GOOGLE) (GOOGLE)
1	18.213.53.43 18.213.53.43	14618 (AMAZON-AES) (AMAZON-AES)
2	15.236.125.10 15.236.125.10	16509 (AMAZON-02) (AMAZON-02)
1 1	54.171.1.252 54.171.1.252	16509 (AMAZON-02) (AMAZON-02)
1	63.34.41.96 63.34.41.96	16509 (AMAZON-02) (AMAZON-02)
8 9	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
5 14	2a00:1450:400... 2a00:1450:400d:806::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:39f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
5 16	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:802::2001	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:11a... 2a02:26f0:11a::217:9a4a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	2600:9000:206... 2600:9000:206f:d800:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	15.236.117.205 15.236.117.205	16509 (AMAZON-02) (AMAZON-02)
5	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	18.196.133.7 18.196.133.7	16509 (AMAZON-02) (AMAZON-02)
1	13.32.27.111 13.32.27.111	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.149.79.247 34.149.79.247	15169 (GOOGLE) (GOOGLE)
1	34.95.102.126 34.95.102.126	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.95.68.5 34.95.68.5	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
1	2606:4700:10:... 2606:4700:10::ac43:aac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:16ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:400d:804::2001	15169 (GOOGLE) (GOOGLE)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	3.125.70.222 3.125.70.222	16509 (AMAZON-02) (AMAZON-02)
1	34.107.191.194 34.107.191.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.193.48 34.102.193.48	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	23.44.78.119 23.44.78.119	16625 (AKAMAI-AS) (AKAMAI-AS)
1	44.207.146.71 44.207.146.71	14618 (AMAZON-AES) (AMAZON-AES)
2 2	99.86.4.32 99.86.4.32	16509 (AMAZON-02) (AMAZON-02)
1	52.49.185.121 52.49.185.121	16509 (AMAZON-02) (AMAZON-02)
1	142.251.39.2 142.251.39.2	15169 (GOOGLE) (GOOGLE)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1 2	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1 1	34.249.37.235 34.249.37.235	16509 (AMAZON-02) (AMAZON-02)
2 2	54.171.40.8 54.171.40.8	16509 (AMAZON-02) (AMAZON-02)
1 1	52.205.53.251 52.205.53.251	14618 (AMAZON-AES) (AMAZON-AES)
187	66

23 34.231.184.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-184-91.compute-1.amazonaws.com

travel.northeast.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80a::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.216.141.86 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.60.154.98 (United States)

ASN19551 (INCAPSULA, US)

nm.northeast.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.1.243.72 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-243-72.compute-1.amazonaws.com

assets.tstllc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.55.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-55-22.compute-1.amazonaws.com

assets.green.kube.tstllc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::ac43:a1c5 (United States)

ASN13335 (CLOUDFLARENET, US)

content.airhex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.1.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-1-22.fra6.r.cloudfront.net

d1taxzywhomyrl.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-80.fra56.r.cloudfront.net

web-assets.tstllc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:275:cb01:190c:7f02:2b97:3b21 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

www.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

rec.smartlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80c::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.215.109.101 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.60.64.121 (United States)

ASN19551 (INCAPSULA, US)

www.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.23.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-23-106.fra56.r.cloudfront.net

d2wy8f7a9ursnm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.147.243 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-147-243.deploy.static.akamaitechnologies.com

www.everestjs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:7a0b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

sessions.bugsnag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.213.53.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-53-43.compute-1.amazonaws.com

aaanortheast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.125.10 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-125-10.eu-west-3.compute.amazonaws.com

mcdmetrics.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.1.252 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-1-252.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.41.96 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-41-96.eu-west-1.compute.amazonaws.com

mcdmetrics2.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.2.49 (United States) 8 redirects

ASN54113 (FASTLY, US)

lasteventf-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:400d:806::2002 (Ireland) 5 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:39f5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:400d:80a::2004 (Ireland) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:802::2001 (Ireland)

ASN15169 (GOOGLE, US)

6a46913f59a8b6c1016e57ad7f97650a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::217:9a4a (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:d800:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.117.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

adobedc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
edge.adobedc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.133.7 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-133-7.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-111.fra56.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.79.247 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 247.79.149.34.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.102.126 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 126.102.95.34.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.68.5 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 5.68.95.34.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:aac (United States)

ASN13335 (CLOUDFLARENET, US)

hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:16ea (United States)

ASN13335 (CLOUDFLARENET, US)

idpix.media6degrees.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:804::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.125.70.222 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-70-222.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.191.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.191.107.34.bc.googleusercontent.com

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.193.48 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 48.193.102.34.bc.googleusercontent.com

e.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.44.78.119 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-44-78-119.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.207.146.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-207-146-71.compute-1.amazonaws.com

usersync.videoamp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.32 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-32.fra6.r.cloudfront.net

ads.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.185.121 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-185-121.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.39.2 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s37-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.211.84 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.37.235 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-37-235.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.40.8 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-40-8.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.53.251 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-53-251.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	aaa.com travel.northeast.aaa.com — Cisco Umbrella Rank: 506856 nm.northeast.aaa.com — Cisco Umbrella Rank: 628239 www.aaa.com — Cisco Umbrella Rank: 94858 mcdmetrics.aaa.com — Cisco Umbrella Rank: 369523 mcdmetrics2.aaa.com — Cisco Umbrella Rank: 351910	4 MB
19	doubleclick.net 5 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 285 googleads.g.doubleclick.net — Cisco Umbrella Rank: 64 stats.g.doubleclick.net — Cisco Umbrella Rank: 179 cm.g.doubleclick.net — Cisco Umbrella Rank: 321	141 KB
17	google.com 5 redirects www.google.com — Cisco Umbrella Rank: 16 adservice.google.com — Cisco Umbrella Rank: 142	2 KB
16	google.de www.google.de — Cisco Umbrella Rank: 3658 adservice.google.de — Cisco Umbrella Rank: 5450	2 KB
13	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 301 aaanortheast.demdex.net — Cisco Umbrella Rank: 421395 adobedc.demdex.net — Cisco Umbrella Rank: 12497	18 KB
11	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 123	845 KB
10	everesttech.net 9 redirects cm.everesttech.net — Cisco Umbrella Rank: 1416 lasteventf-tm.everesttech.net — Cisco Umbrella Rank: 11113 sync-tm.everesttech.net — Cisco Umbrella Rank: 918	2 KB
10	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 500	176 KB
8	googlesyndication.com 6a46913f59a8b6c1016e57ad7f97650a.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 145 tpc.googlesyndication.com — Cisco Umbrella Rank: 187	42 KB
6	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 3133 api.bounceexchange.com — Cisco Umbrella Rank: 3236	143 KB
5	bing.com bat.bing.com — Cisco Umbrella Rank: 619	12 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 103 region1.google-analytics.com — Cisco Umbrella Rank: 2124	20 KB
5	amazonaws.com s3.amazonaws.com	513 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 840 www.linkedin.com — Cisco Umbrella Rank: 712 px4.ads.linkedin.com — Cisco Umbrella Rank: 7528	4 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 1625	1 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 5466 page.cdnbasket.net — Cisco Umbrella Rank: 5474 view.cdnbasket.net — Cisco Umbrella Rank: 5464	1014 B
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	271 B
3	inspectlet.com cdn.inspectlet.com — Cisco Umbrella Rank: 19365 hn.inspectlet.com — Cisco Umbrella Rank: 19606	63 KB
3	tstllc.net 1 redirects assets.tstllc.net assets.green.kube.tstllc.net web-assets.tstllc.net — Cisco Umbrella Rank: 660307	36 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 814	1 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 815	1 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 318	2 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 843	1 KB
2	scorecardresearch.com 2 redirects ads.scorecardresearch.com — Cisco Umbrella Rank: 4248	602 B
2	cdnwidget.com ids.cdnwidget.com — Cisco Umbrella Rank: 4543 e.cdnwidget.com — Cisco Umbrella Rank: 11949	306 B
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 525	107 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1172	1 KB
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1787	374 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	114 KB
2	bugsnag.com sessions.bugsnag.com — Cisco Umbrella Rank: 1028	35 B
2	smartlook.com rec.smartlook.com — Cisco Umbrella Rank: 25183	17 KB
2	cloudfront.net d1taxzywhomyrl.cloudfront.net d2wy8f7a9ursnm.cloudfront.net	55 KB
2	airhex.com content.airhex.com	3 KB
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 1014	560 B
1	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 2287	261 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 1316	451 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 698	273 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 452	239 B
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 1114	265 B
1	videoamp.com usersync.videoamp.com — Cisco Umbrella Rank: 36966	79 B
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 1541	675 B
1	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 1405	418 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 456	265 B
1	media6degrees.com idpix.media6degrees.com — Cisco Umbrella Rank: 3259	205 B
1	turn.com 1 redirects d.turn.com — Cisco Umbrella Rank: 1600	402 B
1	adobedc.net edge.adobedc.net — Cisco Umbrella Rank: 9610	2 KB
1	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 9562
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 679	684 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1579	5 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 175	17 KB
1	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 5516	4 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 943	30 KB
1	everestjs.net www.everestjs.net — Cisco Umbrella Rank: 7989	3 KB
1	fullstory.com www.fullstory.com — Cisco Umbrella Rank: 41838
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 221	28 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 127	1 KB
187	56

	Domain	Requested by
23	travel.northeast.aaa.com	travel.northeast.aaa.com d2wy8f7a9ursnm.cloudfront.net
16	www.google.com	5 redirects travel.northeast.aaa.com tpc.googlesyndication.com
15	www.google.de	travel.northeast.aaa.com
13	googleads.g.doubleclick.net	5 redirects www.googletagmanager.com www.googleadservices.com
11	dpm.demdex.net	assets.adobedtm.com travel.northeast.aaa.com
11	www.googletagmanager.com	travel.northeast.aaa.com assets.adobedtm.com www.googletagmanager.com
10	assets.adobedtm.com	travel.northeast.aaa.com assets.adobedtm.com
8	sync-tm.everesttech.net	8 redirects
5	bat.bing.com	www.googletagmanager.com bat.bing.com travel.northeast.aaa.com
5	assets.bounceexchange.com	tag.wknd.ai assets.bounceexchange.com
5	s3.amazonaws.com	travel.northeast.aaa.com s3.amazonaws.com
4	pagead2.googlesyndication.com	cdn.inspectlet.com tpc.googlesyndication.com
4	www.aaa.com	assets.adobedtm.com
4	www.google-analytics.com	travel.northeast.aaa.com www.google-analytics.com
3	px.owneriq.net	2 redirects
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	www.facebook.com	travel.northeast.aaa.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	match.prod.bidr.io	2 redirects
2	sync.search.spotxchange.com	1 redirects
2	ib.adnxs.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ads.scorecardresearch.com	2 redirects
2	idsync.rlcdn.com	travel.northeast.aaa.com
2	hn.inspectlet.com	cdn.inspectlet.com
2	pm.w55c.net	2 redirects
2	px.ads.linkedin.com	2 redirects
2	cdn.linkedin.oribi.io	snap.licdn.com
2	connect.facebook.net	travel.northeast.aaa.com connect.facebook.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	mcdmetrics.aaa.com	assets.adobedtm.com
2	sessions.bugsnag.com	d2wy8f7a9ursnm.cloudfront.net
2	rec.smartlook.com	travel.northeast.aaa.com rec.smartlook.com
2	content.airhex.com	travel.northeast.aaa.com
2	nm.northeast.aaa.com	travel.northeast.aaa.com
1	sync.srv.stackadapt.com	1 redirects
1	g2.gumgum.com	1 redirects
1	image2.pubmatic.com
1	us-u.openx.net
1	pixel.rubiconproject.com
1	cm.g.doubleclick.net
1	sync.crwdcntrl.net
1	usersync.videoamp.com
1	e.cdnwidget.com
1	api.bounceexchange.com	assets.bounceexchange.com
1	cms.analytics.yahoo.com	1 redirects
1	ids.cdnwidget.com	cdn.inspectlet.com
1	ps.eyeota.net	1 redirects
1	match.adsrvr.org
1	idpix.media6degrees.com	travel.northeast.aaa.com
1	d.turn.com	1 redirects
1	edge.adobedc.net	assets.adobedtm.com
1	view.cdnbasket.net	assets.bounceexchange.com
1	page.cdnbasket.net	assets.bounceexchange.com
1	data.cdnbasket.net	assets.bounceexchange.com
1	cdn.pbbl.co	travel.northeast.aaa.com
1	adobedc.demdex.net	assets.adobedtm.com
1	px4.ads.linkedin.com	travel.northeast.aaa.com
1	www.linkedin.com	1 redirects
1	sync.mathtag.com	1 redirects
1	snap.licdn.com	travel.northeast.aaa.com
1	www.googleadservices.com	assets.adobedtm.com
1	6a46913f59a8b6c1016e57ad7f97650a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	cdn.inspectlet.com	travel.northeast.aaa.com
1	lasteventf-tm.everesttech.net	www.everestjs.net
1	mcdmetrics2.aaa.com	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	aaanortheast.demdex.net	assets.adobedtm.com
1	tag.wknd.ai	travel.northeast.aaa.com
1	code.jquery.com	assets.adobedtm.com
1	www.everestjs.net	assets.adobedtm.com
1	d2wy8f7a9ursnm.cloudfront.net	assets.adobedtm.com
1	www.fullstory.com	travel.northeast.aaa.com
1	www.googletagservices.com	travel.northeast.aaa.com
1	web-assets.tstllc.net	travel.northeast.aaa.com
1	d1taxzywhomyrl.cloudfront.net	travel.northeast.aaa.com
1	assets.green.kube.tstllc.net	travel.northeast.aaa.com
1	assets.tstllc.net	1 redirects
1	fonts.googleapis.com	travel.northeast.aaa.com
187	82

This site contains links to these domains. Also see Links.

Domain
northeast.aaa.com
www.cdc.gov
www.faa.gov
developer.ean.com
www.allianzworldwidepartners.com
api.arrivalguides.com
tourbook.aaa.com

Subject Issuer	Validity	Valid
cruises.northeast.aaa.com Trustwave Organization Validation SHA256 CA, Level 1	`2022-06-06` - `2023-07-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
*.northeast.aaa.com Trustwave Organization Validation SHA256 CA, Level 1	`2022-01-03` - `2023-01-27`	a year	crt.sh
airhex.com Cloudflare Inc ECC CA-3	`2022-05-10` - `2023-05-10`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.tstllc.net Go Daddy Secure Certificate Authority - G2	`2022-06-29` - `2023-07-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
bionic.fullstory.com R3	`2023-01-04` - `2023-04-04`	3 months	crt.sh
1610534878.rsc.cdn77.org R3	`2022-11-02` - `2023-01-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-14` - `2023-05-13`	6 months	crt.sh
www.everestjs.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
tag.wknd.ai R3	`2022-11-25` - `2023-02-23`	3 months	crt.sh
*.bugsnag.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-26` - `2023-04-26`	a year	crt.sh
mcdmetrics.aaa.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-01` - `2023-04-01`	a year	crt.sh
mcdmetrics2.aaa.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-02` - `2023-03-02`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-07` - `2023-12-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-17` - `2023-06-17`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-10-16` - `2023-01-14`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
adobedc.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-20` - `2023-11-20`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2022-11-29` - `2023-02-27`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
*.pbbl.co Amazon	`2022-10-04` - `2023-11-02`	a year	crt.sh
data.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
edge.adobedc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-19` - `2023-11-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
dstillery.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-05` - `2023-04-28`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
ids.cdnwidget.com R3	`2022-12-03` - `2023-03-03`	3 months	crt.sh
*.wunderkind.co R3	`2022-12-11` - `2023-03-11`	3 months	crt.sh
e.cdnwidget.com R3	`2022-11-10` - `2023-02-08`	3 months	crt.sh
*.videoamp.com Amazon	`2022-09-06` - `2023-10-04`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Frame ID: 75B72F2878F6F2D411EBAAF6D192925B
Requests: 158 HTTP requests in this frame

Frame: https://aaanortheast.demdex.net/dest5.html?d_nsid=0
Frame ID: BFF0B72AD8E31DB4B0D6B92773CFAA61
Requests: 25 HTTP requests in this frame

Frame: https://6a46913f59a8b6c1016e57ad7f97650a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5968B64C35FA4977900BC9AAC84E2D18
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 79CF3A027D953D9E96E0327ADD1469DD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 20B8ADA4E29D3ACC051FAF2C351C67D8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 007EE936E3EEADEFD8D95F5334FE5BE6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Travel BookingTerms And ConditionsTerms And Conditions

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

BugSnag (Analytics) Expand

Overall confidence: 100%
Detected patterns

/bugsnag.*\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Inspectlet (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.inspectlet\.com

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

187
Requests

86 %
HTTPS

38 %
IPv6

56
Domains

82
Subdomains

66
IPs

9
Countries

6995 kB
Transfer

17269 kB
Size

79
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://northeast.aaa.com/travel/plan-your-trip/travel-insurance.html
Title: Insurance

Search URL Search Domain Scan URL

URL: https://www.cdc.gov/coronavirus/2019-ncov/travelers/index.html
Title: https://www.cdc.gov/coronavirus/2019-ncov/travelers/index.html

Search URL Search Domain Scan URL

URL: https://www.faa.gov/hazmat/packsafe/
Title: https://www.faa.gov/hazmat/packsafe/

Search URL Search Domain Scan URL

URL: http://developer.ean.com/terms/en/
Title: Additional Terms & Conditions

Search URL Search Domain Scan URL

URL: https://www.allianzworldwidepartners.com/usa/terms-and-conditions/001005141
Title: Click here for more details

Search URL Search Domain Scan URL

URL: https://api.arrivalguides.com/EN/Dynamic/Download?dest=ROME&partner=tst&lang=EN

Search URL Search Domain Scan URL

URL: https://tourbook.aaa.com/?utm_source=TST&utm_medium=Email&utm_term=Confirmation&utm_content=TST-Confirmation-Email&utm_campaign=DTB

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://assets.tstllc.net/resources/acp/images/wss-4CAAA.png HTTP 303
https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png

Request Chain 54

https://cm.everesttech.net/cm/dd?d_uuid=89735547118607592841557660754142006277 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y7jy7AAAAB8iNQOY

Request Chain 95

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=89735547118607592841557660754142006277&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d89735547118607592841557660754142006277 HTTP 302
https://dpm.demdex.net/ibs:dpid=269&dpuuid=88a763b8-f2ed-4200-96ac-6e178c6a7a08&ddsuuid=89735547118607592841557660754142006277

Request Chain 99

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2021154%26time%3D1673065197584%26url%3Dhttps%253A%252F%252Ftravel.northeast.aaa.com%252Ftrip%252FeHDaDYTcSbOqrwzAReSHMw%252Fconsumer%252Fbooking%253Ftst_email%253Dconfirmation%2526utm_source%253Dconf_email%2526utm_medium%253Demail%2526utm_campaign%253Dair_hotel_insurance%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&liSync=true&e_ipv6=AQJLrbkP_PKYCwAAAYWKdPF49GcHJEmzdZ9T-32pntMU4xbbhZ-7NoMQLCOI-Wsn_3jMXBydciRImA

Request Chain 116

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/?random=1673065197650&cv=11&fst=1673065197650&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/956500681/?random=1673065197650&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=380054432 HTTP 302
https://www.google.de/pagead/1p-user-list/956500681/?random=1673065197650&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=380054432&ipr=y

Request Chain 117

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/?random=1673065197651&cv=11&fst=1673065197651&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/768643034/?random=1673065197651&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1052036207 HTTP 302
https://www.google.de/pagead/1p-user-list/768643034/?random=1673065197651&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1052036207&ipr=y

Request Chain 118

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/?random=1673065197652&cv=11&fst=1673065197652&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/836762974/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=41413872 HTTP 302
https://www.google.de/pagead/1p-user-list/836762974/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=41413872&ipr=y

Request Chain 119

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/?random=1673065197652&cv=11&fst=1673065197652&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/962827280/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1684461645 HTTP 302
https://www.google.de/pagead/1p-user-list/962827280/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1684461645&ipr=y

Request Chain 120

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/?random=1673065197653&cv=11&fst=1673065197653&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/994252266/?random=1673065197653&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=2985715103 HTTP 302
https://www.google.de/pagead/1p-user-list/994252266/?random=1673065197653&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=2985715103&ipr=y

Request Chain 124

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://dpm.demdex.net/ibs:dpid=359&dpuuid=mtgJizTQ1Pe0Gx5

Request Chain 153

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3143472098635846590

Request Chain 164

https://ps.eyeota.net/match?bid=6j5b2cv&uid=89735547118607592841557660754142006277&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 168

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=89735547118607592841557660754142006277&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lrREZ9hE2pGxqx47N58bk0fUu7lzrvuO._o-~A

Request Chain 173

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7263515981037984239&uid=Q7263515981037984239&ref=%2Feucm%2Fp%2Fadpq HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 176

https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=89735547118607592841557660754142006277&rn=1673065196539&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D89735547118607592841557660754142006277 HTTP 302
https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=89735547118607592841557660754142006277&rn=1673065196539&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D89735547118607592841557660754142006277 HTTP 302
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=89735547118607592841557660754142006277

Request Chain 178

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTdqeTdBQUFBQjhpTlFPWQ==

Request Chain 179

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y7jy7AAAAB8iNQOY&expires=90

Request Chain 180

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y7jy7AAAAB8iNQOY HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y7jy7AAAAB8iNQOY&C=1

Request Chain 182

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=Y7jy7AAAAB8iNQOY HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY7jy7AAAAB8iNQOY

Request Chain 184

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y7jy7AAAAB8iNQOY

Request Chain 185

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7jy7AAAAB8iNQOY

Request Chain 186

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y7jy7AAAAB8iNQOY&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y7jy7AAAAB8iNQOY&img=1&__user_check__=1&sync_id=8ca28fbd-8e42-11ed-8b5f-182a6e990406

Request Chain 187

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y7jy7AAAAB8iNQOY&t=2592000&o=0

Request Chain 188

https://g2.gumgum.com/adobe/s2s HTTP 302
https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_55756629-7b8d-478c-9404-3b2a830e1d7c

Request Chain 189

https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHpdk7HceYAAB9CEUarQQ?gdpr=0

Request Chain 190

https://sync.srv.stackadapt.com/sync?nid=adobe HTTP 302
https://dpm.demdex.net/ibs:dpid=390122&dpuuid=-qRSJQz4RQloMSRk7zjuqrKi0YY

187 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request booking Show response
travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/ 147 KB
147 KB 8022ms
7680ms Document
text/html 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

f99311b71428f3f8d81ecb74c3c1c0e995a5913dd89af1ab97b49ae7f6315d93

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, max-age=0, must-revalidate, no-store
content-length: 150019
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
content-type: text/html; charset=UTF-8
date: Sat, 07 Jan 2023 04:19:54 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: bd2f1419719d979e

GET
H2 404 trip.css
travel.northeast.aaa.com/trip/assets/stylesheets/v1/ 0
0 105ms
103ms Stylesheet
text/html 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/assets/stylesheets/v1/trip.css

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:55 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 509c29daa1ba50af
content-length: 1150
content-type: text/html; charset=UTF-8

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 130ms
51ms Stylesheet
text/css 2a00:1450:400d:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&lang=en

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 07 Jan 2023 04:19:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:22:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 07 Jan 2023 04:19:55 GMT

GET
H/1.1 200
OK antd.min.css
s3.amazonaws.com/tstllc-assets/css/antd/dist/ 451 KB
451 KB 441ms
119ms Stylesheet
text/css 52.216.141.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/css/antd/dist/antd.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.141.86 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 897600b074c2a2e02b176f2d3e5caf964883dc5ea1c340c7576723e3932b9128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 07 Jan 2023 04:19:56 GMT
x-amz-version-id: null
Last-Modified: Mon, 07 Jan 2019 18:42:01 GMT
Server: AmazonS3
x-amz-request-id: A4EG6QC1PGX82TZT
ETag: "5178b4827ce4ac2d7f96ed9861b4cd6d"
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 461624
x-amz-id-2: XEi+CMpz65LascSMMby/2ZYbaMkSilBtER0H2cpyKVD4M10Y9dCD22jh3MPWKQSecYyCI3OjW+8=

GET
H/1.1 200
OK proxima-nova.min.css
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ 4 KB
4 KB 440ms
118ms Stylesheet
text/css 52.216.141.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.141.86 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: d7de9b79990bb103408b06aacc98307309774f564e70ba905949e80b5ba47f14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 07 Jan 2023 04:19:56 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:09 GMT
Server: AmazonS3
x-amz-request-id: A4EK5VKWRQEHRQSV
ETag: "371ff5a9f43f342812125d9e1497f068"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 4191
x-amz-id-2: b5X0mgbo3AxbU8PvvPqtNWc4diSn/4ndDVEAbdEkgiYO4bwmpdpqn3pIuGm5uwwrKf1/HRMKBE8=

GET
H/1.1 200
OK black-tie.min.css
s3.amazonaws.com/tstllc-assets/fonts/black-tie/css/ 22 KB
22 KB 443ms
120ms Stylesheet
text/css 52.216.141.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/black-tie/css/black-tie.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.141.86 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 3ff7b0b317b417d887b4d1b311ac5a390b85345337838d182296dad380682a87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 07 Jan 2023 04:19:56 GMT
x-amz-version-id: null
Last-Modified: Fri, 12 Oct 2018 23:42:34 GMT
Server: AmazonS3
x-amz-request-id: A4EN44210D5H3AHQ
ETag: "c9a2ca04d6ec76b7da644506f215fc4b"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 22456
x-amz-id-2: zpUdUOmRwWY1joTBJjefDk9XJ4ACJLKXIGt1W1RJJtj02LewfJAFmRB63jnWZSXJ3ITQcqSmNIA=

GET
H2 200 gtm-helper-script-bundle.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/ 31 KB
10 KB 101ms
100ms Script
application/javascript 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/gtm-helper-script-bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

ed2b9de8f36895ff8e5324067c9a27a15ba63337c2a3232bd757863585507ef9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:55 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"7a95-184f7d163e1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 legacy-confirmation-styles.css
travel.northeast.aaa.com/web-services/assets/resource/stylesheets/ 657 KB
329 KB 101ms
100ms Stylesheet
text/css 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

1d32627006e0e63d706ca39ec8735807bc8f73946f38f4985740679edea22edd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:55 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"a4449-184f7d163fd"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 legacy-confirmation-page-bundle.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/ 3 MB
849 KB 105ms
104ms Script
application/javascript 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

de1271b75470960be5b33d00f9264602eab356f0b86045292a33713d79d21a89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:55 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"30b69e-184f7d163e1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js Show response
assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/ 627 KB
150 KB 102ms
7ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a3c3648c779d597d42c7353ccc52035811eca4409c38932c4094e66b6766d280

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:55 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 15:26:29 GMT
server: AkamaiNetStorage
etag: "44cd1a7a2ea8d8491228886af2986c87:1672932389.603963"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 152982
expires: Sat, 07 Jan 2023 05:19:55 GMT

GET
H2 403 remote_header.js
nm.northeast.aaa.com/assets/remote/js/ 0
0 85ms
8ms Script
text/html 45.60.154.98
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://nm.northeast.aaa.com/assets/remote/js/remote_header.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.154.98 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2

200

wss-4CAAA.png
assets.green.kube.tstllc.net/resources/acp/images/
Redirect Chain

https://assets.tstllc.net/resources/acp/images/wss-4CAAA.png
https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png

7 KB
7 KB

318ms
98ms

Image
image/png

3.210.55.22
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png

Requested by

Protocol

Server

3.210.55.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-210-55-22.compute-1.amazonaws.com

Software

Resource Hash

96ec675a4fab3039503907507b779ba05af8716418a84dac63e308bfb9701d02

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Tue, 12 May 2020 19:06:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
etag: W/"5ebaf3ca-1a79"
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

location: https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png
date: Sat, 07 Jan 2023 04:19:56 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 166
content-type: text/html

GET
H2 200 airlines_DL_100_100_s.png
content.airhex.com/content/logos/ 921 B
1 KB 58ms
23ms Image
image/png 2606:4700:3033::ac43:a1c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.airhex.com/content/logos/airlines_DL_100_100_s.png?md5apikey=78e2cc3b837588f05965b6088b8d1d43&proportions=keep
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a1c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1967f4fd1ec6067c500e07006709b6fd8c46142e7a8121c3deab4de4763a4719

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 921
pragma: no-cache
last-modified: Fri, 06 Jan 2023 17:25:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnpmvl2yvhrg5aEXxHQMTY2xfJwzz%2FAc%2FozDkCacwtnL47dE131mQ2a0MrfjubNuSRlBhDbjUwKw1F%2F24dmbhNfFSLe6MGW6VxprnRBntPOJzhP4T7nTDEzlcRAonJvVw%2B0DG9OM07nhYZ61pqTxbMk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=86400, must-revalidate
accept-ranges: bytes
cf-ray: 7859e5e44a6491ff-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 airlines_AZ_100_100_s.png
content.airhex.com/content/logos/ 1 KB
1 KB 29ms
26ms Image
image/png 2606:4700:3033::ac43:a1c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.airhex.com/content/logos/airlines_AZ_100_100_s.png?md5apikey=29c58bedb0dfd158ef5955522ea9dc33&proportions=keep
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a1c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38a1d7e47ea9424509090f675da14d2dccde2e9ac1128f9e02489d7b033e7660

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1075
pragma: no-cache
last-modified: Fri, 06 Jan 2023 19:29:59 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0XNdhw%2BHIcOKcb9fCozeaxg1uY1srwoC5Nu24g5S2BIcbm9pkspG1vX6bO%2Beyy5LiJWHsmr%2F1XDmN7KcBDJ45ZP7H6NBKQ%2F2gw43ThaiVnlY%2BeeZBeJDCITOSqsIuYvKLhZUpWIPABLoHUUGLykYOI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=86400, must-revalidate
accept-ranges: bytes
cf-ray: 7859e5e53b1291ff-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 images
travel.northeast.aaa.com/external/ 2 MB
2 MB 104ms
100ms Image
image/jpeg 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://travel.northeast.aaa.com/external/images?url=http://travelport.leonardocontentcloud.com/imageRepo/7/0/105/420/595/Lobby_view_O.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

eca5ed48fb8270069356710e121d04800175681b387d45ebf60b7f5d5ce9ef90

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
via: 1.1 5b2c25375d693d0fb882145cde66154e.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Mon, 25 Oct 2021 04:30:12 GMT
x-amz-meta-s3cmd-attrs: atime:1635136165/ctime:1635136165/gid:504/gname:aspadmin/md5:30e89485dc34f95f60b834f5473c3e49/mode:33188/mtime:1635136165/uid:504/uname:aspadmin
x-amz-cf-pop: IAD55-P1
age: 228
etag: "30e89485dc34f95f60b834f5473c3e49"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 1706665
x-amz-cf-id: TYe4f73rPF5h4MSUt0Kr3dFD27Sv_6FYCgWj9r0Lzr3eZ63vrXkQ4w==

GET
H2 200 images
travel.northeast.aaa.com/external/ 141 KB
142 KB 126ms
123ms Image
image/jpeg 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://travel.northeast.aaa.com/external/images?url=http://media.iceportal.com/87514/photos/3816957_XXL.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

93041107bace79e949ab6c47e2f0f8725d46132c880d736e63fed6d9bfe40812

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
x-amz-version-id: ZVjjhdyCoQIWjDT9Y9xNcNnRj5vXk2yl
via: 1.1 b18bcd54d0f77ca53d7c0ba4b9e54284.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Thu, 02 Feb 2017 00:57:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: IAD89-P2
age: 228
etag: "35e991d5b6de52e20be95a7c6b0e20ff"
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 144301
x-amz-cf-id: Td5csz2eBX_kALAgVtoOZ8sneidK4cIqBCRJ6AkUwhfaFvwtUPSvuA==

GET
H2 200 3e74a74689fa5e77605d82180d52857e.jpg
d1taxzywhomyrl.cloudfront.net/s3/ag-images-eu/07/ 12 KB
12 KB 53ms
12ms Image
image/jpeg 99.86.1.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1taxzywhomyrl.cloudfront.net/s3/ag-images-eu/07/3e74a74689fa5e77605d82180d52857e.jpg?width=220&height=180&mode=crop
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.1.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-1-22.fra6.r.cloudfront.net
Software: Microsoft-IIS/7.5 /
Resource Hash: bde477308984e4a82a5086dfad840c8c844338d3ac4168c9e137fc64798bf358

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:16:04 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Tue, 25 Jan 2022 20:30:32 GMT
server: Microsoft-IIS/7.5
x-amz-cf-pop: FRA6-C1
age: 232
etag: "c7b636662a12d81:0"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: public
accept-ranges: bytes
content-length: 12365
x-amz-cf-id: biihO87CeyJOAkEG_Rr3dRntLvMaLa2xqyRzsZwt3KVGMdnUuqss1w==
expires: Sat, 14 Jan 2023 04:16:04 GMT

GET
H2 200 PPN_DTB_Banner.png
web-assets.tstllc.net/static-content/images/common/aaa_tour_book/ 28 KB
29 KB 45ms
11ms Image
image/png 65.9.66.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web-assets.tstllc.net/static-content/images/common/aaa_tour_book/PPN_DTB_Banner.png
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-80.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08bbcc64722e668378612103e52728e7d9ba0bedea0baddcd235269546b17878

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: cF7oNZN6lC.Awbw2GkBLQa7PTu7tERr3
date: Sat, 07 Jan 2023 04:16:05 GMT
via: 1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
last-modified: Sun, 20 Nov 2022 21:37:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 232
etag: "3bb3ce6e22ea00e930938e94cb652d98"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
content-length: 29043
x-amz-cf-id: dU2qyJT-uDK5GfrIPY6eeXruAzKKlJSpyeU3deX0znPlBfWsovpjHQ==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 81 KB
28 KB 146ms
66ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c98ec8fe9ba7a1d743089ff82c15d72a4f5b2942e6bd41ee9e67952fecb79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27701
x-xss-protection: 0
server: sffe
etag: "1444 / 401 of 1000 / last-modified: 1673046381"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H2 403 remote_footer.js
nm.northeast.aaa.com/assets/remote/js/ 0
0 23ms
7ms Script
text/html 45.60.154.98
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://nm.northeast.aaa.com/assets/remote/js/remote_footer.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.154.98 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 0.css
travel.northeast.aaa.com/web-services/assets/resource/stylesheets/ 90 KB
44 KB 101ms
99ms Stylesheet
text/css 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/0.css

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

901a3d923f29e1e5722d7978b88a487fe3e2b38f2870fb968a29f8df66e79122

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"1660c-184f7d163ed"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 0-chunk.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/chunk/ 4 MB
1 MB 118ms
116ms Script
application/javascript 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/chunk/0-chunk.js

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

fe13408d11ff849139c4b0dc24d1d81714c47bdb2fe2a59f5b79d8c9c4052d6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"47602d-184f7d163dd"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 404 fs.js
www.fullstory.com/s/ 0
0 66ms
9ms Script
text/html 2a05:d014:275:cb01:190c:7f02:2b97:3b21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fullstory.com/s/fs.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:275:cb01:190c:7f02:2b97:3b21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 recorder.js Show response
rec.smartlook.com/ 3 KB
2 KB 82ms
14ms Script
application/javascript 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://rec.smartlook.com/recorder.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

c3a4ba7b1acc28b5ffba8d4cdefb889b29216230f0148121bd7487a8cc7cb37a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 07 Jan 2023 04:19:56 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
cross-origin-resource-policy: cross-origin
x-age: 549
x-77-nzt: AZySIRkIIqD/JQIAAA
x-accel-expires: @1673065247
last-modified: Fri, 06 Jan 2023 11:00:03 GMT
server: CDN77-Turbo
etag: W/"63b7ff33-c4a"
x-77-nzt-ray: cf878727ea3bb979ecf2b863feeb4b19
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 157ms
74ms Script
text/javascript 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 07 Jan 2023 02:27:13 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6763
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sat, 07 Jan 2023 04:27:13 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 459 KB
103 KB 86ms
47ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c501e8ed32f9af9a335c78780533a0c37111437fab490bec5a6ef6b6a07cae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105026
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 519 KB
114 KB 145ms
106ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc35fce2c9bafcf5ce3b9186e064dd3dfd60e88ee72a03d7632ffab72d603527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 116953
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 5 KB
2 KB 191ms
37ms XHR
application/json 52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F5237FF958248ED40A495E58%40AdobeOrg&d_nsid=0&ts=1673065196369

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c46fc63d7462af41ea54d3530db8c21659ed55df7c19f473169d8f9245b8cf2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v045-0284b356a.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: rGuaLAn4QcM=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://travel.northeast.aaa.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1675
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 9ms
8ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12384
expires: Sat, 07 Jan 2023 05:19:56 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "b89fcb8870ac40eecb6d3cc844d35389:1663863409.92483"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1598
expires: Sat, 07 Jan 2023 05:19:56 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 25 KB
9 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:50 GMT
server: AkamaiNetStorage
etag: "d220d501715e0484d0dddeac614f902c:1663863410.217006"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8755
expires: Sat, 07 Jan 2023 05:19:56 GMT

GET
H2 200 AAA_ForeSeeAPI.js Show response
www.aaa.com/configuration/ 5 KB
2 KB 88ms
10ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/AAA_ForeSeeAPI.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 15f1fde7deb1f2cfecb62abe9d99d230384ecbb429e962bd449f4259e64fbec6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 18:48:40 GMT
x-cdn: Imperva
etag: "c886fecf1b90d51:0"
content-type: application/x-javascript
x-iinfo: 14-1212339430-0 0CNN RT(1673065196448 10) q(0 -1 -1 0) r(0 -1)
cache-control: max-age=3099, public
content-length: 2003
expires: Sat, 07 Jan 2023 05:11:35 GMT

GET
H2 200 AAA_ActionTags.js Show response
www.aaa.com/configuration/SEM/ 55 KB
18 KB 90ms
12ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/SEM/AAA_ActionTags.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 7fde221486c3e05f825980fec689e0671182230722188921d256b58a7383d9cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
last-modified: Tue, 09 Jul 2019 18:06:54 GMT
x-cdn: Imperva
etag: "facf8178136d51:0"
content-type: application/x-javascript
x-iinfo: 14-1212339430-0 0CNN RT(1673065196448 11) q(0 -1 -1 4) r(0 -1)
cache-control: max-age=73490, public
content-length: 17546
expires: Sun, 08 Jan 2023 00:44:46 GMT

GET
H2 200 dm_gtm.js Show response
www.aaa.com/aaa/common/javascripts/ 1 KB
1 KB 89ms
11ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/aaa/common/javascripts/dm_gtm.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 059d3c257d61801506bdc30c1cfcc61fbdf4c5c94a4163bc0c62ee153253b609

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
last-modified: Mon, 07 Jan 2019 21:13:43 GMT
x-cdn: Imperva
etag: "585c9fdecda6d41:0"
content-type: application/x-javascript
x-iinfo: 14-1212339430-0 0CNN RT(1673065196448 13) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=3600, public
content-length: 884
expires: Sat, 07 Jan 2023 05:19:56 GMT

GET
H2 200 dcs_partnerTag.js Show response
www.aaa.com/configuration/ 33 KB
11 KB 96ms
19ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/dcs_partnerTag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: aaed9dc3a855f5067df7cde88c06ca9ed9de210dfadfaf3f4b49b58ca40df292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
last-modified: Wed, 17 Mar 2021 22:06:38 GMT
x-cdn: Imperva
etag: "c0828bcd791bd71:0"
content-type: application/x-javascript
x-iinfo: 14-1212339430-0 0CNN RT(1673065196448 16) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=22437, public
content-length: 11113
expires: Sat, 07 Jan 2023 10:33:53 GMT

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb2e1a97e3bc84334fa38904266d7ef01dc9407e17b3fcf54ea4a8ecbf494abf

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H/1.1 200
OK bugsnag.min.js Show response
d2wy8f7a9ursnm.cloudfront.net/v7/ 42 KB
43 KB 49ms
8ms Script
application/javascript 13.32.23.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.23.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-23-106.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 71a980fae18c2c5ab33f47cbac734ab86aaa815e0325ce68be34ccd55b04cfb9

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 13 Dec 2022 04:46:31 GMT
x-amz-version-id: null
Via: 1.1 1c12254585d1d316d9380549d59e3c80.cloudfront.net (CloudFront)
Last-Modified: Thu, 22 Sep 2022 18:32:16 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C2
Age: 2158406
ETag: "b573ad919b015dde79c3274356ad9d47"
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43193
X-Amz-Cf-Id: 3SIFKrOA0hcO4V5J_s2UOQtVGdWhzKR6lM9bxAiy0qLq-m4RYZQtnQ==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 182 KB
67 KB 82ms
42ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1063159333

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8c0ae4ff09554a68c5a1638da94bb4178a9494a1b20f9c52a0734fe3035c86df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68714
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 114 KB
45 KB 70ms
30ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8520721

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

12ec394edb732a62a905859f5cbb8147a541ca53d7eba679a56b317791d6f7ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45912
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H/1.1 200
OK last-event-tag-latest.min.js Show response
www.everestjs.net/static/le/ 7 KB
3 KB 113ms
11ms Script
application/javascript 96.16.147.243
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.147.243 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-147-243.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-amz-version-id: null
Content-Encoding: gzip
Date: Sat, 07 Jan 2023 04:19:56 GMT
Last-Modified: Wed, 16 Jun 2021 15:18:41 GMT
Server: AmazonS3
x-amz-request-id: R6X1Z4GZMHQJ34R0
ETag: "d5991c18a0042eb33f92c6b5b44ffe8d"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2663
x-amz-id-2: jm8UZxXlNwBRe5MV76nXmfeJxyOsHxAxlRqx4Yx6Lk22skfaD1o6r2gLlsQkG8CibRTuc9Pz10M=

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
30 KB 50ms
9ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://travel.northeast.aaa.com/
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
x-sp-metadata: HS256.CPyB5J0GEpMBCiQ2OTZhMDkwMy1iZTgzLTQ1YTktOTNlNS0xZTA5ZjZmOGQ1YjEQ+OiCoKvU+wIaBgjs5eOdBiIYMmEwMDpjOTg6MjA1MDphMDA3OjI6OjEwKML9AjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkZDdjYjUwOGEtNzc5ZS00NmUyLTk0MTgtNGVjNGMzOTE1M2UxGPPoASIYCAISFGNkczE0MC5mcjguaHdjZG4ubmV0.aI19UKL0ml5SPYzR85SUaS5dCheN397beTSqBUhX4ZU=
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-14e4a"
vary: Accept-Encoding
x-hw: 1673065196.dop106.fr8.t,1673065196.cds334.fr8.hn,1673065196.cds140.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H2 200 pubads_impl_2023010406.js Show response
securepubads.g.doubleclick.net/gpt/ 384 KB
130 KB 93ms
18ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010406.js?cb=31071460

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93a8a44cca820f9a7aa320974a3b8026218839c9829e86d4cff4eaa3b645a45c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 13:44:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52535
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132776
x-xss-protection: 0
last-modified: Wed, 04 Jan 2023 18:33:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 06 Jan 2024 13:44:21 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 301 B
769 B 100ms
29ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=travel.northeast.aaa.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c7fe750bd3616100f1d7384cf830625c9efc81391e3abd51b47bfe2a344afb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H/1.1 200
OK ProximaNovaSemibold.woff2
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Semibold/ 17 KB
18 KB 313ms
123ms Font
binary/octet-stream 52.216.141.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Semibold/ProximaNovaSemibold.woff2
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.141.86 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f529cf4430e32ae0b07d7d606ca1043e8cd9ebb9476456589578a299bad459bd

Request headers

Referer: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 07 Jan 2023 04:19:57 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:12 GMT
Server: AmazonS3
x-amz-request-id: 7QAV52P9BBKY2WKK
ETag: "e0642ce0df568ffbe72cafaf526fea41"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
Content-Type: binary/octet-stream
Accept-Ranges: bytes
Content-Length: 17512
x-amz-id-2: cbjePvaPAoyfi3AOT4PdF0+rHLNI4ZB1mYxn65wDvxFUlT3nHl/X8OeLv4XgNF8eNDqQszdmRnQ=

GET
H2 200 init.d5c74b9763645f753cc4.js Show response
rec.smartlook.com/es6/ 54 KB
16 KB 58ms
28ms Script
application/javascript 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://rec.smartlook.com/es6/init.d5c74b9763645f753cc4.js

Requested by

Host: rec.smartlook.com
URL: https://rec.smartlook.com/recorder.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

6f5d61b825bfcd03aa93ae334607c30f7cb26c280a03b8d9965749131b4422b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://travel.northeast.aaa.com/
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 07 Jan 2023 04:19:56 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
cross-origin-resource-policy: cross-origin
x-age: 61259
x-77-nzt: AZySIRkLub3/S+8AAA
x-accel-expires: @1704539937
last-modified: Fri, 06 Jan 2023 11:00:03 GMT
server: CDN77-Turbo
etag: W/"63b7ff33-d887"
x-77-nzt-ray: cf8787278a3ee07aecf2b863ced3b41f
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable

GET
H2 200 i.js Show response
tag.wknd.ai/3328/ 10 KB
4 KB 97ms
14ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/3328/i.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 5beffa87b027babb68fa4aef73ef1337b1af48d9325775f115e170e0a4fdf601

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 03:53:03 GMT
content-encoding: gzip
via: 1.1 google
age: 1613
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3760
server: istio-envoy
etag: e539c6030777a2
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 231ms
158ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Access-Control-Request-Method: POST
Origin: https://travel.northeast.aaa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sat, 07 Jan 2023 04:19:56 GMT
via: 1.1 google

POST
H3 202 / Show response
sessions.bugsnag.com/ 21 B
35 B 191ms
148ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://travel.northeast.aaa.com/
Bugsnag-Sent-At: 2023-01-07T04:19:56.528Z
accept-language: de-DE,de;q=0.9
Bugsnag-Api-Key: 36d1a525468562b55876a446329823be
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Sat, 07 Jan 2023 04:19:56 GMT
via: 1.1 google
bugsnag-session-uuid: 49b119af-a8e2-4cb4-91a3-39dc4a5c6a36
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21
content-type: application/json

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 228 KB
79 KB 47ms
47ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-65YG7JM4M0&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6044a9c3fefd4b4f586919a4ebb610b9e0ee6d1fdc2fdfb381dda3038f346efa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80876
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 182 KB
67 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1063159333&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6404c155bcf2a680911e2c231d1d2b4bf440f29aef0297aabceb0721749f0307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68751
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 182 KB
67 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748297981&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eca42fb09936e7f4fe65c89e32803545bf2759fb40c97fc27f9df3c6599d82bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68676
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 114 KB
45 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8520721&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

753f27e681bc708667773517a56b125d384a16b096601b2985734cad1fa94298

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45917
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:56 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 113ms
50ms XHR
text/plain 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=663042904&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&dp=%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking&ul=en-us&de=UTF-8&dt=Travel%20Booking&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAACAEK~&jid=96345517&gjid=480894589&cid=1930048407.1673065197&tid=UA-55392727-1&_gid=2027781963.1673065197&_r=1&gtm=2wg120W79ZLQ&cd1=customer&cd2=d0aaa546-0cc6-4ce5-aa32-ceb13e11c778&cd11=2023-01-07T04%3A19%3A56%2B00%3A00&cd13=430782151.1673065196186&cd9=1930048407.1673065197&z=1505383680

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dest5.html Show response
aaanortheast.demdex.net/ Frame BFF0 7 KB
3 KB 419ms
95ms Document
text/html 18.213.53.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://aaanortheast.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.53.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-53-43.compute-1.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-va6-2-v044-0ae3ede54.edge-va6.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: SsfqVzDyS3Q=
content-encoding: gzip
date: Sat, 7 Jan 2023 04:19:56 GMT
last-modified: Fri, 28 Oct 2022 13:32:39 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
mcdmetrics.aaa.com/ 48 B
461 B 163ms
20ms XHR
application/x-javascript 15.236.125.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcdmetrics.aaa.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=F5237FF958248ED40A495E58%40AdobeOrg&mid=89512942554474021621525865916907266115&ts=1673065196602

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.125.10 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-125-10.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

de4e33fc8c1f6a00eb8244883c5f8fdeaddac902544a3032eb0de0e484d93c3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y7jy7AAAAB8iNQOY
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=89735547118607592841557660754142006277
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y7jy7AAAAB8iNQOY

42 B
942 B

38ms
37ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y7jy7AAAAB8iNQOY

Requested by

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 4hnKTTN2Sb4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y7jy7AAAAB8iNQOY
Date: Sat, 07 Jan 2023 04:19:56 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 json Show response
mcdmetrics2.aaa.com/m2/aaanortheast/mbox/ 2 KB
1 KB 212ms
51ms XHR
application/json 63.34.41.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdmetrics2.aaa.com/m2/aaanortheast/mbox/json?mbox=target-global-mbox&mboxSession=15b7ead0ef114efeb019e23496d401c1&mboxPC=&mboxPage=f662849f051e4784acf1d5e0befa1805&mboxRid=fed4b28102154e608d415d3d549cb7f8&mboxVersion=1.8.3&mboxCount=1&mboxTime=1673065196441&mboxHost=travel.northeast.aaa.com&mboxURL=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&mboxReferrer=&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&mboxMCSDID=1646F6B700E5C0B9-20EBA33991B8464D&vst.trk=mcdmetric.aaa.com&vst.trks=mcdmetrics.aaa.com&mboxMCGVID=89512942554474021621525865916907266115&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.41.96 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-41-96.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0a84b0311ce00c9e04b079da5759ea3fa7465210f2cda024f4c004c144498881

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://travel.northeast.aaa.com
content-type: application/json;charset=UTF-8
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: fed4b28102154e608d415d3d549cb7f8

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 51ms
51ms XHR
text/plain 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=663042904&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&ul=en-us&de=UTF-8&dt=Travel%20Booking&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEHAAEABAAAAACAEK~&jid=974496052&gjid=1362316704&cid=1930048407.1673065197&tid=UA-96133587-4&_gid=2027781963.1673065197&_r=1&gtm=2wg120T6BPC96&cd1=000&cd2=Travel&cd3=TST&cd108=travel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking&cd109=&cd111=&cd156=430782151.1673065196186&cd161=Not%20Collected&z=1712408459

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
lasteventf-tm.everesttech.net/ 0
218 B 75ms
7ms XHR
text/plain 151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lasteventf-tm.everesttech.net/?_les_imsOrgId=F5237FF958248ED40A495E58@AdobeOrg&_les_sdid=1646F6B700E5C0B9-20EBA33991B8464D&_les_last_search_click=&_les_rsid=aaanortheastprod&_les_mid=89512942554474021621525865916907266115&_les_url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance
Requested by: Host: www.everestjs.net
URL: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 07 Jan 2023 04:19:56 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1673065197.778409,VS0,VE0
x-cache: MISS
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-fra-eddf8230080-FRA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/ 2 KB
2 KB 140ms
57ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/?random=1673065196730&cv=11&fst=1673065196730&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1063159333

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21690e70184ca8889c95f929ff84525a5cdff3a0b35ddc004c3651274c966ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 967
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
448 B 79ms
19ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-55392727-1&cid=1930048407.1673065197&jid=96345517&gjid=480894589&_gid=2027781963.1673065197&_u=YEDAAEAAAAAAACAEK~&z=76187707

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 TST-Icon-Font.woff
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/ 0
0 100ms
99ms Font
text/html 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.woff

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H/1.1 200
OK ProximaNovaRegular.woff2
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Regular/ 17 KB
18 KB 232ms
106ms Font
binary/octet-stream 52.216.141.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Regular/ProximaNovaRegular.woff2
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.141.86 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: fd9044a309ef7d51ad98d6a471d5ba00af04478843631e0cf5e2bfc36b509c2c

Request headers

Referer: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 07 Jan 2023 04:19:57 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:11 GMT
Server: AmazonS3
x-amz-request-id: 7QAG20M40E57QA42
ETag: "1c43f9c5378fbcf84333719c88c6b0e0"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
Content-Type: binary/octet-stream
Accept-Ranges: bytes
Content-Length: 17728
x-amz-id-2: Y8s8AmAEFZuGm/OjeVaNxoS+X35N1rf/1Cg6YPB6kfeiueHgnRBMKI7PZfUf+iORYKkzukVSxKQ=

GET
DATA 200
OK truncated
/ 34 KB
34 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8aa5efde86c226b1c6daaa9e29be64ba62beb170ec6329bde6927f77c9292b02

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 inspectlet.js Show response
cdn.inspectlet.com/ 188 KB
62 KB 437ms
391ms Script
text/javascript 2606:4700:10::6816:39f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464740
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
via: 1.1 vegur
content-encoding: gzip
cf-cache-status: MISS
last-modified: Sat, 07 Jan 2023 04:19:57 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: s-maxage=60, max-age=14400
cf-ray: 7859e5e80cc79183-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 64ms
20ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-96133587-4&cid=1930048407.1673065197&jid=974496052&gjid=1362316704&_gid=2027781963.1673065197&_u=aEHAAEABAAAAACAEK~&z=1180252506

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
353 B 47ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-65YG7JM4M0&gtm=2oe120&_p=663042904&cid=1930048407.1673065197&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673065196&sct=1&seg=0&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&dt=Travel%20Booking&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-65YG7JM4M0&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/748297981/ 2 KB
1 KB 87ms
86ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/748297981/?random=1673065196835&cv=11&fst=1673065196835&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748297981&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

363f88bf60b73f3f96f129b384fe1d91c488a027486938d92c4ffaac33bc1bcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 966
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 smiley-ratings.png
travel.northeast.aaa.com/web-services/assets/images/ 88 KB
89 KB 100ms
100ms Image
image/png 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://travel.northeast.aaa.com/web-services/assets/images/smiley-ratings.png

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

b3f085bdbf23c973cba5bf8877b0ec61659a40b65e853515674c9f3be383def6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
x-powered-by: Express
etag: W/"161dc-184f7d163b9"
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 90588

GET
DATA 200
OK truncated
/ 20 KB
20 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b3e8e10db2f90bdb8710b478c200588b2396146e4b07b22a795ad79e062360f

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 404 fontawesome-webfont.woff2
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/ 0
0 98ms
98ms Font
text/html 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 130ms
52ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=1930048407.1673065197&jid=96345517&_u=YEDAAEAAAAAAACAEK~&z=454160390

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 66ms
30ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=1930048407.1673065197&jid=96345517&_u=YEDAAEAAAAAAACAEK~&z=454160390

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 TST-Icon-Font.ttf
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/ 0
0 99ms
99ms Font
text/html 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.ttf

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:56 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
DATA 200
OK truncated
/ 22 KB
22 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f5f43c8df2ecc31862880c3645d2d0a6d067467e9de9a302d683d92e78af63a

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 75ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=1930048407.1673065197&jid=974496052&_u=aEHAAEABAAAAACAEK~&z=1726560994

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 27ms
26ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=1930048407.1673065197&jid=974496052&_u=aEHAAEABAAAAACAEK~&z=1726560994

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 fontawesome-webfont.woff
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/ 0
0 99ms
98ms Font
text/html 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff?v=4.7.0

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H3 200 /
www.google.com/pagead/1p-user-list/1063159333/ 42 B
64 B 119ms
58ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1063159333/?random=1673065196730&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1598574150&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/1063159333/ 42 B
64 B 63ms
30ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1063159333/?random=1673065196730&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1598574150&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AAANationalAdInfo Show response
travel.northeast.aaa.com/trip/api/trips/eHDaDYTcSbOqrwzAReSHMw/ 290 B
616 B 296ms
295ms XHR
application/json 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/api/trips/eHDaDYTcSbOqrwzAReSHMw/AAANationalAdInfo

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

fa580e527cb54a9bac12a995f3167d0f759d6d976c8626a3eecd7fc563e6ec97

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: a364a48715652069
content-length: 290
content-type: application/json

GET
H2 200 TST-Icon-Font.woff
travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/ 33 KB
34 KB 101ms
101ms Font
font/woff 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/TST-Icon-Font.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

13e3f896db6fea2e223e274e381af0e81c016292b4e3ee0be3dd5cfdd07af88f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
x-powered-by: Express
etag: W/"84ec-184f7d16409"
content-type: font/woff
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 34028

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 132ms
51ms Script
application/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=travel.northeast.aaa.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010406.js?cb=31071460

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 128ms
50ms Script
application/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=travel.northeast.aaa.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010406.js?cb=31071460

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 867 B
535 B 78ms
49ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4003496951875688&correlator=3372735370047272&eid=31071460%2C44761478&output=ldjh&gdfp_req=1&vrg=2023010406&ptt=17&impl=fifs&iu_parts=307753755%2CAAA_Confirmation_Page&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=1&adks=1883487226&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1673065197090&lmt=1673065197&dlt=1673065195347&idt=1464&adxs=1420&adys=280&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&frm=20&vis=1&psz=1600x1200&msz=160x600&fws=0&ohw=0&ga_vid=1930048407.1673065197&ga_sid=1673065197&ga_hid=663042904&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010406.js?cb=31071460

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4aa571aec498242441a1205531e1300d5a8caa8b881bace7d354f433c98b66f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 504
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6a46913f59a8b6c1016e57ad7f97650a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5968 6 KB
3 KB 211ms
61ms Document
text/html 2a00:1450:400d:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6a46913f59a8b6c1016e57ad7f97650a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010406.js?cb=31071460

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:19:57 GMT
expires: Sun, 07 Jan 2024 04:19:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 105 KB
28 KB 47ms
17ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cba8862bc0eeff77ab390c0669021b95055e809f226aa0e7dc438d79e3ad399f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 07 Jan 2023 04:19:57 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27613
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: eJ0YKZFHHYYuPwtyfK6EPvDuIF95S1geXxEKY0+pyNaGJIsjZmBVV2UHQ2qo7rWnh4qIst1KHCu4nDQgiiMawg==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 119ms
25ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

70452768692e6a31a4ac81defa05cf56af2b6a27db93df10d79a6c81ddae41a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16883
x-xss-protection: 0
server: cafe
etag: 9715194535308492572
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 07 Jan 2023 04:19:57 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 396 KB
98 KB 49ms
48ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea80fa6a7bffdbfd77dd6a6179911161c01716568cf46f55d4a46df54b180888

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100694
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:57 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 98ms
20ms Script
application/x-javascript 2a02:26f0:11a::217:9a4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::217:9a4a Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 3fe29b8c78990a7b9438b55099db5603e79ad1438a8c3efab09cedf8eb415b66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
last-modified: Wed, 04 Jan 2023 15:09:15 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=21724
accept-ranges: bytes
content-length: 4773

GET
H2 200 jsonp Show response
travel.northeast.aaa.com/web-services/assets/featureToggles/ld/ 119 B
477 B 101ms
101ms XHR
text/javascript 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/featureToggles/ld/jsonp?key=ItineraryAccessPoint&anonymous=false&callback=jQuery36007099825477021284_1673065196238&_=1673065196239

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

3d9e638eb07148d91a70743f01762acdf17667c176af6c948c5f90f8c30c0bc6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"77-YRqmEQJtTZ7zAoJQMNCJzGFzvRg"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
content-length: 119

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 /
www.google.com/pagead/1p-user-list/748297981/ 42 B
64 B 55ms
55ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/748297981/?random=1673065196835&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1833588607&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/748297981/ 42 B
64 B 27ms
27ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/748297981/?random=1673065196835&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2oa120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1833588607&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 fontawesome-webfont.ttf
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/ 0
0 98ms
98ms Font
text/html 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.ttf?v=4.7.0

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 fontawesome-webfont.woff
travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/ 34 KB
34 KB 103ms
102ms Font
font/woff 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/fontawesome-webfont.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

4e58b78b5844a988d67532b4683a6e8b3235b3d56d319727e65f460805bbdec4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
x-powered-by: Express
etag: W/"8674-184f7d16419"
content-type: font/woff
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 34420

GET
H/1.1

200
OK

ibs:dpid=269&dpuuid=88a763b8-f2ed-4200-96ac-6e178c6a7a08&ddsuuid=89735547118607592841557660754142006277
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=89735547118607592841557660754142006277&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d89735547118607...
https://dpm.demdex.net/ibs:dpid=269&dpuuid=88a763b8-f2ed-4200-96ac-6e178c6a7a08&ddsuuid=89735547118607592841557660754142006277

42 B
942 B

36ms
36ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=269&dpuuid=88a763b8-f2ed-4200-96ac-6e178c6a7a08&ddsuuid=89735547118607592841557660754142006277

Requested by

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-024ef1325.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: G1UfN156Tvg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Sat, 07 Jan 2023 04:19:57 GMT
Server: MT3 277 3f0ad7a master cdg-pixel-x10 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://dpm.demdex.net/ibs:dpid=269&dpuuid=88a763b8-f2ed-4200-96ac-6e178c6a7a08&ddsuuid=89735547118607592841557660754142006277
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 07 Jan 2023 04:19:56 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/ 2 KB
1 KB 119ms
59ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/?random=1673065197577&cv=9&fst=1673065197577&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4096cae93ea91c539a4ab87ccee842628a3371d8045a5c4f9478e848c7cf6ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1009
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 token
cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/ Frame 0
0 68ms
8ms Preflight 2600:9000:206f:d800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://travel.northeast.aaa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 1800
age: 44358
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Fri, 06 Jan 2023 16:00:39 GMT
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
x-amz-cf-id: 9w5s38kjRe6HjXluEiGJDYGBDios07UvbSSQhTXbpWX6XnJfFBoaJw==
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/ 36 B
374 B 11ms
10ms XHR
application/json 2600:9000:206f:d800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 07 Jan 2023 03:07:11 GMT
content-encoding: gzip
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 4366
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=18790
x-amz-cf-id: 2svc3eaETZenp9QlqzYxo3iJmQjowW23s1Otcc3p8r_FIeeUW1xQ5g==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmat...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2021154%26time%3D1673065197584%26url%3Dhttps%253A%252F%252Ftravel.northeast.aaa.c...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmat...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirma...

0
481 B

163ms
110ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&liSync=true&e_ipv6=AQJLrbkP_PKYCwAAAYWKdPF49GcHJEmzdZ9T-32pntMU4xbbhZ-7NoMQLCOI-Wsn_3jMXBydciRImA
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: BF64AF5A62F84D5EA982FC003CA1666E Ref B: FRAEDGE1207 Ref C: 2023-01-07T04:19:58Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lva1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXxpNjRkRxicyHFOL8pHg==

Redirect headers

date: Sat, 07 Jan 2023 04:19:57 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 2959BA00D1B341D3B239083BC38C08BE Ref B: FRAEDGE1319 Ref C: 2023-01-07T04:19:57Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1673065197584&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&liSync=true&e_ipv6=AQJLrbkP_PKYCwAAAYWKdPF49GcHJEmzdZ9T-32pntMU4xbbhZ-7NoMQLCOI-Wsn_3jMXBydciRImA
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXxpNjPHUeP7ApNDBLYIg==

GET
H3 200 136696297006053 Show response
connect.facebook.net/signals/config/ 302 KB
87 KB 112ms
95ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/136696297006053?v=2.9.91&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0b207154d7f78d02e4b14ee54013fc73beeab61f1cf07e9c3537becbc903de96

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 07 Jan 2023 04:19:57 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: rA1+ojRCHGYWurMqo+gnJQ1Gt0vXtDyvj4GHKj8PqxHTtdCLQ9rfvGZyeFU4HwuRnaHHYQ3xgmMF7oZU90Hz5Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 RC2e88a81f2a034f11adad3cd878b22242-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/ 580 B
631 B 10ms
9ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/RC2e88a81f2a034f11adad3cd878b22242-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9fae58a28180d2c4b4bd25c7eafda06c0a07b8f139b9f5639069d0a60a576d0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 15:26:30 GMT
server: AkamaiNetStorage
etag: "9b28d00e1ce9e04530f85d455011dafd:1672932390.645444"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 360
expires: Sat, 07 Jan 2023 05:19:57 GMT

GET
H2 200 RC05a8fa05392c426a929661d6b3dc0dbd-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/ 404 B
535 B 8ms
8ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/RC05a8fa05392c426a929661d6b3dc0dbd-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b2e3d1cf751ef09fc5b7cb82cd5858a65d76d1d579c9415013a29d044df7eb3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 15:26:30 GMT
server: AkamaiNetStorage
etag: "9b28d00e1ce9e04530f85d455011dafd:1672932390.645444"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 264
expires: Sat, 07 Jan 2023 05:19:57 GMT

GET
H2 200 RC8ebc475ac1be40528ce64ff1ecd6490e-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/ 676 B
670 B 10ms
10ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/RC8ebc475ac1be40528ce64ff1ecd6490e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6cb37d0e222c77e8101b3f0eee2b31b669c084e5a0ba149e1c40de8a0520766e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 15:26:30 GMT
server: AkamaiNetStorage
etag: "9b28d00e1ce9e04530f85d455011dafd:1672932390.645444"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Sat, 07 Jan 2023 05:19:57 GMT

GET
H2 200 RCfe4a7062cc9544f78e7517e23c93c4a3-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/ 642 B
630 B 8ms
7ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/RCfe4a7062cc9544f78e7517e23c93c4a3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8f742cd62bb8097301a1e57b5ba25f78a7aa4b27b650c45a376e65a9ae615945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 15:26:30 GMT
server: AkamaiNetStorage
etag: "9b28d00e1ce9e04530f85d455011dafd:1672932390.645444"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 359
expires: Sat, 07 Jan 2023 05:19:57 GMT

GET
H2 200 RCe50f3c3740444528b1f414e8d2232900-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/ 447 B
564 B 9ms
8ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/RCe50f3c3740444528b1f414e8d2232900-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 782a61c1c32cfde1ac665da49d7b7d4cca8fe9d9bce917de2562e813f24b32da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 15:26:30 GMT
server: AkamaiNetStorage
etag: "9b28d00e1ce9e04530f85d455011dafd:1672932390.645444"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 07 Jan 2023 05:19:57 GMT

POST
H2 200 interact Show response
adobedc.demdex.net/ee/v1/ 8 KB
3 KB 150ms
47ms Fetch
application/json 15.236.117.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adobedc.demdex.net/ee/v1/interact?configId=0c320b08-f1d1-4a2f-b47d-889410ccd7a3&requestId=5db87f65-0f60-4c87-a9d7-184215818fe6

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.117.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

f567024a48641d8c16b298d3d32c5634e979c19e83a9259e3ac74172ae2302f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: deflate
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-rate-limit-remaining: 599
x-adobe-edge: IRL1;6
x-xss-protection: 1; mode=block
x-request-id: 5db87f65-0f60-4c87-a9d7-184215818fe6
server: jag
vary: Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
access-control-expose-headers: Retry-After, X-Adobe-Edge, X-Request-ID
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-konductor: 22.11.2:836cd9b5

GET
H2 200 main_4ac0f17904fbc6a38fcd29fd23bc8b8d.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 381 KB
74 KB 64ms
15ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_4ac0f17904fbc6a38fcd29fd23bc8b8d.br.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/3328/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 60962d02c694caf46398538f59c753a10f42f5771e5391da1f82fc514a0f534e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 19:24:46 GMT
content-encoding: br
age: 118511
x-guploader-uploadid: ADPycdv6nHScVF8zXUodOrPbMgToJD4zf_lpPMDgn_MpL2dmWLX_SxXBNLQ5vxzfgkg_Zg0WxYkVBynaJNwyc8ruYGs3gR7hes_j
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75193
last-modified: Thu, 05 Jan 2023 19:24:41 GMT
server: UploadServer
etag: "5d90e2e2d0972703ff133a42cb325041"
x-goog-generation: 1672946681921033
x-goog-hash: crc32c=mQD92g==, md5=XZDi4tCXJwP/EzpCyzJQQQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 75193
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 05 Jan 2024 19:24:46 GMT

GET
H2 200 cjs_min_62f4846d97d6cffa05fd709123de3ea8.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 46 KB
15 KB 76ms
28ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/3328/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9366be9dc7f0c13655e2a45ce1df32f55b937efc0878b30954969c88151f1482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 21:25:04 GMT
content-encoding: gzip
age: 2530493
x-guploader-uploadid: ADPycdv61DQBN9axekwJuqe5nQhl_-jfIC_2O-oOiR6WHclPK2xsbFUoJq1tKoiAT4JfiuJr7hqR8VOXzSaE6d78TWGeXg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15082
last-modified: Thu, 08 Dec 2022 21:24:53 GMT
server: UploadServer
etag: "02aa3508d07729296f81673e76733b97"
x-goog-generation: 1670534693607850
x-goog-hash: crc32c=NV2AHw==, md5=Aqo1CNB3KSlvgWc+dnM7lw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15082
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
expires: Fri, 08 Dec 2023 21:25:04 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/ 2 KB
972 B 106ms
105ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/?random=1673065197644&cv=11&fst=1673065197644&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0b266f6c8a4eed9a681a4cd71d30355a26ec25b3c940efb2ff23fd86b62ac21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 948
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/ 2 KB
974 B 125ms
124ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/?random=1673065197650&cv=11&fst=1673065197650&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0d24d12b7e0438cb677c09fcd0f0cef99c6efbe4b2323fbdb8a3a00ed07dd5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 950
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/ 2 KB
973 B 120ms
120ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/?random=1673065197651&cv=11&fst=1673065197651&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0685e377015e5d908334e22c6d8e9d0fb5b4b472bbede6adf63bf5b52a0e0be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 949
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/ 2 KB
972 B 105ms
104ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/?random=1673065197652&cv=11&fst=1673065197652&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af55f706a4f9e61d1b0fe6ccc049186499aeeb32fd219e38faeeda3a13597f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 948
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/ 2 KB
973 B 128ms
127ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/?random=1673065197653&cv=11&fst=1673065197653&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&auid=995047753.1673065197&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d775a04829ae942a850c4a6896963f696e50951a46385a47847e6fd7845aa792

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 949
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 80ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sat, 07 Jan 2023 04:19:57 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 06232CBA5D444B7F927A803EC5637ED9 Ref B: FRAEDGE1917 Ref C: 2023-01-07T04:19:57Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 114 KB
45 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10010677

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bde61abbd5f39b4f00e79e0ecf8252c3350a384abcf067faf5ac9dba933dbb3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45913
x-xss-protection: 0
last-modified: Sat, 07 Jan 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 07 Jan 2023 04:19:57 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/956500681/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/?random=1673065197650&cv=11&fst=1673065197650&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/956500681/?random=1673065197650&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/956500681/?random=1673065197650&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

34ms
31ms

Image
image/gif

2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/956500681/?random=1673065197650&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=380054432&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/956500681/?random=1673065197650&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=380054432&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/768643034/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/?random=1673065197651&cv=11&fst=1673065197651&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/768643034/?random=1673065197651&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/768643034/?random=1673065197651&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

30ms
27ms

Image
image/gif

2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/768643034/?random=1673065197651&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1052036207&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/768643034/?random=1673065197651&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1052036207&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/836762974/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/?random=1673065197652&cv=11&fst=1673065197652&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/836762974/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/836762974/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

27ms
27ms

Image
image/gif

2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/836762974/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=41413872&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/836762974/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=41413872&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/962827280/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/?random=1673065197652&cv=11&fst=1673065197652&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/962827280/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/962827280/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

29ms
27ms

Image
image/gif

2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/962827280/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1684461645&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/962827280/?random=1673065197652&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=1684461645&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/994252266/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/?random=1673065197653&cv=11&fst=1673065197653&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/994252266/?random=1673065197653&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/994252266/?random=1673065197653&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

27ms
27ms

Image
image/gif

2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994252266/?random=1673065197653&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=2985715103&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/994252266/?random=1673065197653&cv=11&fst=1673064000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&is_vtc=1&random=2985715103&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 30ms
29ms Image
image/gif 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=663042904&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&ul=en-us&de=UTF-8&dt=Travel%20Booking&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEHAAEABAAAAACAEK~&jid=&gjid=&cid=1930048407.1673065197&tid=UA-96133587-4&_gid=2027781963.1673065197&gtm=2wg120T6BPC96&cd1=000&cd2=Not%20Collected&cd108=travel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking&cd109=&cd111=&cd161=Not%20Collected&cd112=Not%20Applicable&cd113=Not%20Applicable&cd114=Not%20Applicable&cd115=Not%20Applicable&cd116=Not%20Applicable&cd117=Not%20Applicable&cd149=05daff2d-8076-46b9-9dcb-b22133ce030f&cd150=2023-01-07T04%3A19%3A57.666%2B00%3A00&z=1744995182

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 02:42:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5846
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jsonp Show response
travel.northeast.aaa.com/web-services/assets/featureToggles/ld/ 119 B
477 B 103ms
101ms XHR
text/javascript 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/featureToggles/ld/jsonp?key=CruiseSuccessfulSyncMessaging&anonymous=false&callback=jQuery36007099825477021284_1673065196238&_=1673065196240

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

/ Express

Resource Hash

3d9e638eb07148d91a70743f01762acdf17667c176af6c948c5f90f8c30c0bc6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"77-YRqmEQJtTZ7zAoJQMNCJzGFzvRg"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
content-length: 119

GET
H2 403 licensee Show response
travel.northeast.aaa.com/v1/prepack/ 572 B
839 B 101ms
101ms Fetch
application/json 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/v1/prepack/licensee

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

96e1d25644df32c6c303061e5ecef5d74c6d209b0bef55761e841199768dd23e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 572
vary: Origin
content-type: application/json

GET
H/1.1

200
OK

ibs:dpid=359&dpuuid=mtgJizTQ1Pe0Gx5
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://dpm.demdex.net/ibs:dpid=359&dpuuid=mtgJizTQ1Pe0Gx5

42 B
942 B

36ms
36ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=359&dpuuid=mtgJizTQ1Pe0Gx5

Requested by

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0327f6936.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 8VtkxhO6Q9I=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:56 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-075e74b4adcf14728@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://dpm.demdex.net/ibs:dpid=359&dpuuid=mtgJizTQ1Pe0Gx5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/995747453/ 42 B
64 B 55ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995747453/?random=1673065197577&cv=9&fst=1673064000000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2643979039&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/995747453/ 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995747453/?random=1673065197577&cv=9&fst=1673064000000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2643979039&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 2512.js
cdn.pbbl.co/r/ 0
0 192ms
6ms Script
text/html 13.32.27.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/r/2512.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-111.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 inbox_eadf7934437ef8e69fe67ed145d1e39d.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 73 KB
19 KB 42ms
15ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox_eadf7934437ef8e69fe67ed145d1e39d.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_4ac0f17904fbc6a38fcd29fd23bc8b8d.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1ca5593f9ae0412922ebd1a20a6749df3ddc23e111277028fe4a4df1afc57342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 19:24:48 GMT
content-encoding: br
age: 118509
x-guploader-uploadid: ADPycdvl7y7gsW0187S1A_O3H0ZDptoJmTIRxOdFOQWD9ua2yazwo8cQSt7GovYximWAM14g6kGplEnrCnz5j0G0VZjMyQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19171
last-modified: Thu, 05 Jan 2023 19:24:39 GMT
server: UploadServer
etag: "fa46e044bd479593544105c8013aff74"
x-goog-generation: 1672946679087230
x-goog-hash: crc32c=3M7/BQ==, md5=+kbgRL1HlZNUQQXIATr/dA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 19171
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 05 Jan 2024 19:24:48 GMT

GET
H3 200 onsite_c9ad73fa89436d6d7e6a9bd8eb5971ee.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 161 KB
34 KB 46ms
20ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite_c9ad73fa89436d6d7e6a9bd8eb5971ee.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_4ac0f17904fbc6a38fcd29fd23bc8b8d.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b39041ba9f55c2e34dba18751f549b447fbd52077ac7264a9c1f47fe4adaa416

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 19:24:57 GMT
content-encoding: br
age: 118500
x-guploader-uploadid: ADPycdv5hyTCVCc7lk2AnLH1cruub1s1qpijpcv3jfVKlN3A9oDWWu7d9-FyXXiTHI7KXBk_Ly9bWiDfkYi6WF3XCZdMKw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34835
last-modified: Thu, 05 Jan 2023 19:24:44 GMT
server: UploadServer
etag: "a21dcc4cd6f3234c4c49408b60ed46ae"
x-goog-generation: 1672946684797279
x-goog-hash: crc32c=9PnHbw==, md5=oh3MTNbzI0xMSUCLYO1Grg==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 34835
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 05 Jan 2024 19:24:57 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 58ms
15ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136696297006053&ev=PageView&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&rl=&if=false&ts=1673065197770&sw=1600&sh=1200&v=2.9.91&r=stable&ec=0&o=30&fbp=fb.1.1673065197769.292044553&it=1673065197591&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 07 Jan 2023 04:19:57 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 502ms
112ms XHR
application/json 34.149.79.247
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.79.247 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 247.79.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 4ee813dfcacc72d96eba6ccb5680476dfafa7b9bf7773d76aa04f7917de64d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:58 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 355ms
114ms XHR
application/json 34.95.102.126
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.102.126 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 126.102.95.34.bc.googleusercontent.com
Software: /
Resource Hash: 1f90ca8a1ad6076855d571ddee36406012190b1d885dbcadebc56ebd26040afa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:58 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 612ms
112ms XHR
application/json 34.95.68.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.68.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.68.95.34.bc.googleusercontent.com
Software: /
Resource Hash: e41a2db02c3529a17cc3afc212f27005838db46a1da0eb5958ae9b0f5b2baa2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:58 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/997673764/ 42 B
64 B 55ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/997673764/?random=1673065197644&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=1652220298&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/997673764/ 42 B
64 B 27ms
27ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/997673764/?random=1673065197644&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=1652220298&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/969619756/ 42 B
64 B 56ms
55ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/969619756/?random=1673065197652&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3792700508&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/969619756/ 42 B
64 B 30ms
29ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/969619756/?random=1673065197652&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3792700508&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 5950377.js Show response
bat.bing.com/p/action/ 0
117 B 114ms
113ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5950377.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sat, 07 Jan 2023 04:19:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 175316409662462A9B22C0C091EBA2E7 Ref B: FRAEDGE1917 Ref C: 2023-01-07T04:19:57Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
119 B 39ms
39ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5950377&tm=gtm002&Ver=2&mid=752a0b71-434f-4acc-b2e5-465b8e149747&sid=8b812e108e4211edbc1ddf9233430ac6&vid=8b813f708e4211ed873b0f3535d692f7&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Travel%20Booking&p=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&r=&lt=10683&evt=pageLoad&sv=1&rn=428543

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 04:19:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC579B01A4304B17A3596221A8E932A5 Ref B: FRAEDGE1917 Ref C: 2023-01-07T04:19:57Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16002467.js Show response
bat.bing.com/p/action/ 0
137 B 103ms
102ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16002467.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 04:19:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4DCD4971563C4D7CB0DD141ADCF435E3 Ref B: FRAEDGE1917 Ref C: 2023-01-07T04:19:57Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: private,max-age=1800

GET
H2 204 0
bat.bing.com/action/ 0
175 B 29ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16002467&tm=gtm002&Ver=2&mid=bdfc013f-f16b-436e-af18-4f17b85b8ffe&sid=8b812e108e4211edbc1ddf9233430ac6&vid=8b813f708e4211ed873b0f3535d692f7&vids=0&msclkid=N&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Travel%20Booking&p=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&r=&lt=10683&evt=pageLoad&sv=1&rn=563695

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 07 Jan 2023 04:19:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 711BA01B76D0434AA5CAB994E8B9077C Ref B: FRAEDGE1917 Ref C: 2023-01-07T04:19:57Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/995747453/ 42 B
64 B 54ms
53ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995747453/?random=1673065197651&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3738477280&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/995747453/ 42 B
64 B 27ms
26ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995747453/?random=1673065197651&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3738477280&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 interact Show response
edge.adobedc.net/ee/v1/ 3 KB
2 KB 130ms
47ms Fetch
application/json 15.236.117.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://edge.adobedc.net/ee/v1/interact?configId=0c320b08-f1d1-4a2f-b47d-889410ccd7a3&requestId=fe75bafc-0c85-448a-8a82-62fb5d9c7370

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.117.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

3522489f6d3e38b0030b3d62f092f9bff92261ede3b00f005bcdd292b7b19e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: deflate
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-rate-limit-remaining: 599
x-adobe-edge: IRL1;6
x-xss-protection: 1; mode=block
x-request-id: fe75bafc-0c85-448a-8a82-62fb5d9c7370
server: jag
vary: Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
access-control-expose-headers: Retry-After, X-Adobe-Edge, X-Request-ID
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-konductor: 22.11.2:836cd9b5

GET
H3 200 /
www.google.com/pagead/1p-user-list/994591697/ 42 B
64 B 55ms
54ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/994591697/?random=1673065197650&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2996323897&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/994591697/ 42 B
64 B 27ms
26ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994591697/?random=1673065197650&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2996323897&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/933849799/ 42 B
64 B 55ms
55ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/933849799/?random=1673065197653&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2177772692&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/933849799/ 42 B
64 B 28ms
27ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/933849799/?random=1673065197653&cv=11&fst=1673064000000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2177772692&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bookedTripSummary Show response
travel.northeast.aaa.com/trip/v1/trips/eHDaDYTcSbOqrwzAReSHMw/ 32 KB
33 KB 184ms
180ms Fetch
application/json 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/v1/trips/eHDaDYTcSbOqrwzAReSHMw/bookedTripSummary

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

d66bd4d664a16b713aa3cc8b8474d67aa98dac37cf9276617c7a70f64efeb116

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 4c3fcc3586d61ab7
content-length: 33081
content-type: application/json

POST
H2 200 801161170 Show response
hn.inspectlet.com/ginit/ 213 B
467 B 227ms
218ms XHR
application/json 2606:4700:10::6816:39f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/ginit/801161170
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464740
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 7957993b06a497bbb001394c3df9de53da879da69770127671125817dcef1c60

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
via: 1.1 vegur
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"d5-vF8YIPUlqo3812sjSm8MIg"
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7859e5ee5a4b9183-FRA
access-control-allow-headers: X-Requested-With, Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame BFF0 0
98 B 59ms
19ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=89735547118607592841557660754142006277
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 local_storage_frame17.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame 79CF 2 KB
1 KB 17ms
14ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_4ac0f17904fbc6a38fcd29fd23bc8b8d.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 2191426
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: gzip
content-length: 1073
content-type: text/html; charset=UTF-8
date: Mon, 12 Dec 2022 19:36:11 GMT
etag: "c239a293dfea14703fb99e60bd432212"
expires: Tue, 12 Dec 2023 19:36:11 GMT
last-modified: Mon, 12 Dec 2022 19:35:33 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1670873733378183
x-goog-hash: crc32c=P+3Itg== md5=wjmik9/qFHA/uZ5gvUMiEg==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1073
x-guploader-uploadid: ADPycduZ0-5b3XIIdEY2RgcQroCSHMaeXZR2r8ZSGtKEjdVKeXdQ38dHl0mV6W4JOPRpHvBiaQyZ-g5YbghzId8GPvfTTw

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=3143472098635846590
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=3143472098635846590

42 B
942 B

36ms
36ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=3143472098635846590

Requested by

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: jxnhhixyRrM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=3143472098635846590
pragma: no-cache
date: Sat, 07 Jan 2023 04:19:57 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 RC2eeb97d4f2ef46e9b05f577d78f44027-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/ 373 B
508 B 7ms
7ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/799d3883b61e/RC2eeb97d4f2ef46e9b05f577d78f44027-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7e70021ced23fd3fc217f5cbb9731e2d0097f7d4868cc9f8ccd93b0af36e0205

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:57 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 15:26:30 GMT
server: AkamaiNetStorage
etag: "9b28d00e1ce9e04530f85d455011dafd:1672932390.645444"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 237
expires: Sat, 07 Jan 2023 05:19:57 GMT

GET
H3 451 365868.gif
idsync.rlcdn.com/ Frame BFF0 0
9 B 46ms
19ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=89735547118607592841557660754142006277
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 200 tag Show response
hn.inspectlet.com/ 4 B
262 B 219ms
204ms XHR
text/html 2606:4700:10::ac43:aac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/tag
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464740
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:aac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2

Request headers

Accept: */*
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"4-b9sIeqP7+8uCh6WToJGeYQ"
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 7859e5f009279012-FRA
access-control-allow-headers: X-Requested-With, Content-Type
content-length: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 s36125397175766 Show response
mcdmetrics.aaa.com/b/ss/aaanortheastprod/10/JS-2.23.0-LCXS/ 5 KB
6 KB 46ms
46ms Script
application/x-javascript 15.236.125.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcdmetrics.aaa.com/b/ss/aaanortheastprod/10/JS-2.23.0-LCXS/s36125397175766?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=7%2F0%2F2023%204%3A19%3A58%206%200&d.&nsid=0&jsonv=1&coop_safe=1&.d&sdid=1646F6B700E5C0B9-20EBA33991B8464D&mid=89512942554474021621525865916907266115&aamlh=6&ce=UTF-8&pageName=Travel%20Booking&g=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&cc=USD&ch=Travel%20-%20TST&events=event4&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=travel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking&v5=Travel%20Booking&v6=travel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking&c9=%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&c12=D%3DUser-Agent&c15=travel.northeast.aaa.com&v37=89512942554474021621525865916907266115&v47=%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&v55=Light&v69=false&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=F5237FF958248ED40A495E58%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.125.10 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-125-10.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

d21ddf92f92f283b4c53feeddd67cf9c0c1930258b93eba54cb2db543889bf36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-aam-tid: 3r14AmE6T5o=
date: Sat, 07 Jan 2023 04:19:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 5504
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v045-0f9127447.edge-irl1.demdex.com 4 ms
pragma: no-cache
last-modified: Sun, 08 Jan 2023 04:19:58 GMT
server: jag
etag: 3592880156511895552-4619634302685077550
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Fri, 06 Jan 2023 04:19:58 GMT

GET
H2 200 hbpix
idpix.media6degrees.com/orbserv/ Frame BFF0 43 B
205 B 257ms
108ms Image
image/gif 2606:4700::6812:16ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=89735547118607592841557660754142006277
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6812:16ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 08 Sep 2017 18:54:28 GMT
server: cloudflare
etag: "59b2e764-2b"
content-type: image/gif
accept-ranges: bytes
cf-ray: 7859e5f12f148ffa-FRA
content-length: 43

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 519 KB
114 KB 93ms
92ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96&l=aaa_gtm_prod

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

87d9b3e7408500a9dd30308d2cffb62089900759ecadf58ebe0468c07f2a8987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 116894
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 07 Jan 2023 04:19:58 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 28ms
27ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023010406&st=env

Requested by

Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464740

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2321ed47653a7cc5ad1fd339761b99bbca2a495d78c2929ca470b1d9984d7deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11160
x-xss-protection: 0

GET
H2 200 eHDaDYTcSbOqrwzAReSHMw Show response
travel.northeast.aaa.com/upsell/v2/trips/ 2 B
463 B 276ms
276ms Fetch
application/json 34.231.184.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/upsell/v2/trips/eHDaDYTcSbOqrwzAReSHMw

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.231.184.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-184-91.compute-1.amazonaws.com

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
cache-control: no-cache, max-age=0, must-revalidate, no-store
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2
content-type: application/json

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 152ms
74ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010406.js?cb=31071460

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 07 Jan 2023 04:19:58 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame BFF0 70 B
265 B 127ms
33ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=travel.northeast.aaa.com&ttd_tpi=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 07 Jan 2023 04:19:58 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://ps.eyeota.net/match?bid=6j5b2cv&uid=89735547118607592841557660754142006277&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

42 B
960 B

35ms
35ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0780584f2.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: HcItyoO6TAA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 104,303
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv}
Date: Sat, 07 Jan 2023 04:19:58 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 20B8 13 KB
5 KB 88ms
28ms Document
text/html 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 197452
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Jan 2023 21:29:06 GMT
expires: Thu, 04 Jan 2024 21:29:06 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 007E 783 B
534 B 53ms
53ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f98f75f9a9168d74ec823ae8d0e99ee5098da27942c9e6a873ecad65b366729c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3lbHVsr3hOMOx-DpSFDk3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-3lbHVsr3hOMOx-DpSFDk3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:19:58 GMT
expires: Sat, 07 Jan 2023 04:19:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 c Show response
ids.cdnwidget.com/ 31 B
206 B 152ms
116ms XHR
application/json 34.107.191.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=009218108&GCS2=NDVkYTA4OGQtNzM2ZC00NWI3LWEzYTAtZjUxNDM3NDE1MDM2LmxvY2Fs&pe=false&wsid=3328&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A3328%2C%22loadID%22%3A%22wanaNmNxRrcQoLU%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A12%2C%22IDStageStart%22%3A12%2C%22netComplete%22%3A164%2C%22obsReqpage%22%3A369%2C%22obsReqdata%22%3A515%2C%22obsReqview%22%3A625%2C%22IDStagePrefire%22%3A626%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A0%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%7D
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464740
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.191.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.191.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: https://travel.northeast.aaa.com
date: Sat, 07 Jan 2023 04:19:58 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=89735547118607592841557660754142006277&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lrREZ9hE2pGxqx47N58bk0fUu7lzrvuO._o-~A

42 B
942 B

37ms
37ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lrREZ9hE2pGxqx47N58bk0fUu7lzrvuO._o-~A

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0e6039550.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: CKEw+OP5Qzg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Sat, 07 Jan 2023 04:19:58 GMT
strict-transport-security: max-age=31536000
via: http/1.1 spdc0101.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lrREZ9hE2pGxqx47N58bk0fUu7lzrvuO._o-~A
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 007E 0
0 47ms
47ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023010406&jk=4003496951875688&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js Show response
pagead2.googlesyndication.com/bg/ Frame 20B8 36 KB
16 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KJeI0sMyo1Q6mjhDM9mKcjS2IqRt95c1wIDqLysfd0M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 20:54:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16068
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 06 Jan 2024 20:54:07 GMT

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
342 B 204ms
48ms Script
text/html 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1334&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYB2AZgAZCBWfATgA4qqAWTYALxCnMwHcBTAEY5UwfgH1UAEyilSAJnqYATvxwgANnDQYChcuQAe+eQZX8Y-ZauVRsAQw0bUCAObi4yjVAAWwYAAOOACkpACCwfIAYpFRwMr2AG78GgB0CCDKwD789jjAqfZFqUggALax8agBsfwAEgAi9g0AmgAqSADKggDyAI7KvOxhAEr8nXUAsryxpQg4cGVWsYIgIADWLq6hcfni-GX2qBqhDXMwqMqHOgiRhNpl4uqeSPyn5-uHx3cP4ktSqEWpwORxO8nuwEeSHsZQCR1ct1ITUu4h8IDEGkk8089mQ-EwiVQImA4lKG1Q-CgwWIACFIvINDV5PJQhFmX5AiF5FRwpEqNE+dF4kkUulMtlcvlCsVShVuULlNVBVF6k1Wh1uv1BsMxhNpsq5gslsplatyW4+aRdiSQd9uUjzpdruhbvKIY9nspXpazhgYJ9QYL3X9+ACgfaGrawfzg9DYfDXTzkcpUeiUliFgk8fTIgBhekm5msnNF4gNbBrTaU6l05mJHO82n0pA5JDrEDaENlQRWHA+ariYAATwCbyL4RgjhwY-zzKW3d7-YC4gCiu947Z8nw5HozFStGIzKItH3zCoxCoqQMzAMV-I25PB-w+Ev+nkqSoO9S2-kxFS9HvVJ9FIE8b1IVIwP3QhUggj9yD-AxoOfbdd33Q8UL3A8j0IR8zwvG973IR9iGfV93yoehv1-f98CAkCIPA5hwNoaDYPPJDkM-bc6FPLccNPcgS1neR5x7ZQ+wHBAYTHFkJynGd6SJLsxIbMJJw0ac83pfhkhTDQQFcVxQyxVT1M0sstOZKRXCiS58gAGRAewpFU+I4DeMsCXscSAG0lgQOBxBAUcEAAXVgeSvN8lt+DbDsSVExcB2HUdwrM-FEm8nAfPYAdXHsMQV1UacEGANLIsy3zcuXUopH4cqNIyrK-IOMSJOXVdUFecKMLQ7DcPPS9r1vAwHzQ0igPIcivx-P8ANo4DQPIRjlqgmC90-BDKG-Z8d0w9C9r6viBvw0aiPGl8gPIyiTDmhb6KYhi1rY4gONIwieNoZhjoEqLssS8Sl3EKSlga6c-p8pSAbBprfP0wzjJcGGIZ0qxxHhoypCxZHKuyuEjKeOBBDKUQxCkHG6pgHyYrizsAfawcR3qiLGoJSmWoXQHJOk5GySrQc1nR7yjJZ8HBACbhMH4QIoB8gAiaExFcTIhzlgAaBXW3bbR1bltEll11cQCkOAUF16dvJbOXQswAJgDwCtYWcXFXnEGANHsVw7ESHx7CgIA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_4ac0f17904fbc6a38fcd29fd23bc8b8d.br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Sat, 07 Jan 2023 04:19:58 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 25
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 204 cjs-logger
e.cdnwidget.com/ 0
100 B 162ms
115ms Image
image/png 34.102.193.48
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=Country%2520not%2520allowed&cookieID=&deviceID=&BXWID=3328&warpspeed=2%5EHIykD&loadID=wanaNmNxRrcQoLU&version=1.5.9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.193.48 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 48.193.102.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/png

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame BFF0
Redirect Chain

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7263515981037984239&uid=Q7263515981037984239&ref=%2Feucm%2Fp%2Fadpq
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

7ms
7ms

Image
image/gif

23.44.78.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Protocol: HTTP/1.1
Server: 23.44.78.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-44-78-119.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 07 Jan 2023 04:19:58 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Sat, 07 Jan 2023 04:19:58 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 20B8 0
10 B 28ms
27ms Image
text/plain 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3uV5Fw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 404 usersync
usersync.videoamp.com/ Frame BFF0 0
79 B 309ms
100ms Image
text/plain 44.207.146.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.videoamp.com/usersync?partner_id=6667929&partner_user_id=89735547118607592841557660754142006277&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D70962%26dpuuid%3D%7Bvamp_user_id%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.207.146.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-207-146-71.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 04:19:58 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
content-length: 0

GET
H/1.1

200
OK

ibs:dpid=73426&dpuuid=89735547118607592841557660754142006277
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=89735547118607592841557660754142006277&rn=1673065196539&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D897355471186075...
https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=89735547118607592841557660754142006277&rn=1673065196539&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D89735547118607...
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=89735547118607592841557660754142006277

42 B
942 B

37ms
37ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=73426&dpuuid=89735547118607592841557660754142006277

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-02fbabcd7.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ul5O9gdxRIg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=73426&dpuuid=89735547118607592841557660754142006277
date: Sat, 07 Jan 2023 04:19:58 GMT
via: 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-length: 0
x-amz-cf-id: 0eWizTmZXOXHOrLpFsC4XwhAvdxpo48ul-Qq-T47gyB-rgq6yu1X5A==
x-cache: Miss from cloudfront

GET
H2 404 tpid=89735547118607592841557660754142006277
sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/ Frame BFF0 49 B
265 B 110ms
30ms Image
image/gif 52.49.185.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=89735547118607592841557660754142006277?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.185.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-185-121.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:58 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.11.49
content-length: 49
expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTdqeTdBQUFBQjhpTlFPWQ==

170 B
502 B

147ms
53ms

Image
image/png

142.251.39.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTdqeTdBQUFBQjhpTlFPWQ==

Protocol

Server

142.251.39.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s37-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230080-FRA
pragma: no-cache
date: Sat, 07 Jan 2023 04:19:58 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1673065199.972814,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTdqeTdBQUFBQjhpTlFPWQ==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y7jy7AAAAB8iNQOY&expires=90

0
239 B

73ms
8ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y7jy7AAAAB8iNQOY&expires=90
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by: cache-fra-eddf8230080-FRA
pragma: no-cache
date: Sat, 07 Jan 2023 04:19:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1673065199.060934,VS0,VE0
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y7jy7AAAAB8iNQOY&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y7jy7AAAAB8iNQOY
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y7jy7AAAAB8iNQOY&C=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y7jy7AAAAB8iNQOY&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=88&external_user_id=Y7jy7AAAAB8iNQOY&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 50ms
50ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023010406&jk=4003496951875688&bg=!ICOlI2fNAAYDMoyoIzI7ACkAdvg8WiUpu49-J7zcctBVfgYUZg40jxqF7Wi-dSZd_Qbn6oajbmDd6gIAAABMUgAAAARoAQeZAq92eMMsuWhxEJlcmPnQShy2Su4qCjT-1pZ6dItZTixm3OaaBL48qMaZiuL8y65MGOu6al6R2p0vx4XA_AAf4N405Lx-6-R3M8-rDBwfyX7R0XXv0221X_sHOxFgJXmezxPngLDOkTjg0CccVJJSGjpu3y6YC9xYPi6FV8H5B_a3w6QlzNv0SWS9D456CYl9kMniWvBY7SW_hY8m9D9TPqgpMa9ZsoAwgKBqDm0Y5KnYYzDCSV8T13U1NFORXH-aXfS4_-sqDj4e5MAXTxNrLOmVmNu37P3JHcDI75_HB_q7ENgin88fFoFL-b8AQd_65iInvA6VUByPr5Se0cNd-u_SpgFe_Sg_pIdvmKe1T387p5HwZ6Nn0sZGEd4vGvhmiu9C41VAvGYAW3KacvkeKjKeo44mJLfii1rgX_WU0bH9-bUNq2CQ6yByEDt9AbY_YfvzDMaGjNL3_s1Buew2jgOeIT6SKTo9_iJ5HKKKCyqSsQ7B6AbdCXLfndz9v7bQ3MZ3XnT0dy3foeh8gOzDWNCIAprcDWuH4CtMgOkC939lmgTHrQhTNi7X_eyDyOiSdB6-jOgr63rSmpVIYlA2ccjryHg4SRN_9uLEpYeL0BSmpUU0oOiCqNpFueK3cH7xBuv7arfFMG-MOrM3MIzYCd9x0cU5l5TYCN9zrZdHJk_X0t3O4xKyvvILKkkPil4ZlRUVo9t3nNJ-hvs8GSCz4eBIX2qOBLV9td0yDIcI_A0QZKAIYjv6EwyVyDmoW7KViPxPIOBRbnKlBfPKF0DG5VSfVVq_ZinWR7AYe8UbdbjBap_HTPKY9gcJb-3rbCg7PuQ_UyKZnWXJTsRtEUkTky3ZrBUOqwboVfrjFEVjXwBrmRKyyGXH7YQjS1bN1ddRFf5n9zEzrpgsUt2uIbi6wMY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=Y7jy7AAAAB8iNQOY
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY7jy7AAAAB8iNQOY

43 B
1 KB

14ms
13ms

Image
image/gif

185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY7jy7AAAAB8iNQOY

Protocol

HTTP/1.1

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:59 GMT
AN-X-Request-Uuid: 8800cc44-012f-4ef5-bf47-8220d4f7b4aa
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.134; 178.162.209.134; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 07 Jan 2023 04:19:59 GMT
AN-X-Request-Uuid: 690701d0-98e7-4948-875c-ca4bb3ca6cb0
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY7jy7AAAAB8iNQOY
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.134; 178.162.209.134; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 31ms
14ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136696297006053&ev=Microdata&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dair_hotel_insurance&rl=&if=false&ts=1673065199274&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Travel%20Booking%22%2C%22meta%3Adescription%22%3A%22Find%20inspiration%2C%20travel%20deals%20and%20reviews%20to%20help%20you%20make%20the%20most%20of%20your%20travel%20destination.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.91&r=stable&ec=1&o=30&fbp=fb.1.1673065197769.292044553&it=1673065197591&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 07 Jan 2023 04:19:59 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y7jy7AAAAB8iNQOY

43 B
273 B

101ms
18ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y7jy7AAAAB8iNQOY
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 04:19:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230080-FRA
pragma: no-cache
date: Sat, 07 Jan 2023 04:19:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1673065199.364380,VS0,VE0
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y7jy7AAAAB8iNQOY
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7jy7AAAAB8iNQOY

1 B
451 B

64ms
13ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7jy7AAAAB8iNQOY
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sat, 07 Jan 2023 04:19:58 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

x-served-by: cache-fra-eddf8230080-FRA
pragma: no-cache
date: Sat, 07 Jan 2023 04:19:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1673065199.464962,VS0,VE0
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7jy7AAAAB8iNQOY
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y7jy7AAAAB8iNQOY&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y7jy7AAAAB8iNQOY&img=1&__user_check__=1&sync_id=8ca28fbd-8e42-11ed-8b5f-182a6e990406

43 B
549 B

16ms
16ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y7jy7AAAAB8iNQOY&img=1&__user_check__=1&sync_id=8ca28fbd-8e42-11ed-8b5f-182a6e990406
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sat, 07 Jan 2023 04:19:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 139
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 07 Jan 2023 04:19:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=6409&uid=Y7jy7AAAAB8iNQOY&img=1&__user_check__=1&sync_id=8ca28fbd-8e42-11ed-8b5f-182a6e990406
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 133
Connection: keep-alive
Content-Length: 0

GET
H3

200

b.php
www.facebook.com/fr/ Frame BFF0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y7jy7AAAAB8iNQOY&t=2592000&o=0

43 B
68 B

45ms
45ms

Image
image/gif

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y7jy7AAAAB8iNQOY&t=2592000&o=0

Protocol

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 20:19:59 PST
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
pragma: public
x-fb-debug: f+GcgPfcErCfHXJ0dP8N0Hyzi4fte5BTVxH7v0G3hNA22VBhjYbVgH+iFwkKYlXVg/QjMuWm3lEu3ndoIKjdgQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: image/gif
cache-control: public, max-age=0
priority: u=3,i
expires: Fri, 06 Jan 2023 20:19:59 PST

Redirect headers

x-served-by: cache-fra-eddf8230080-FRA
pragma: no-cache
date: Sat, 07 Jan 2023 04:19:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1673065200.666595,VS0,VE0
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y7jy7AAAAB8iNQOY&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

ibs:dpid=143525&dpuuid=e_55756629-7b8d-478c-9404-3b2a830e1d7c
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://g2.gumgum.com/adobe/s2s
https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_55756629-7b8d-478c-9404-3b2a830e1d7c

42 B
942 B

36ms
36ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_55756629-7b8d-478c-9404-3b2a830e1d7c

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0ba4161da.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: AB0xZJxpTGU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_55756629-7b8d-478c-9404-3b2a830e1d7c
date: Sat, 07 Jan 2023 04:19:59 GMT
server: nginx
timing-allow-origin: *
content-length: 0
content-language: de-DE

GET
H/1.1

200
OK

ibs:dpid=275754&dpuuid=AAHpdk7HceYAAB9CEUarQQ
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1
https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHpdk7HceYAAB9CEUarQQ?gdpr=0

42 B
948 B

37ms
37ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHpdk7HceYAAB9CEUarQQ?gdpr=0

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcscanary-prod-irl1-1-v052-0f73f706c.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 6n9ZHAGgRpA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHpdk7HceYAAB9CEUarQQ?gdpr=0
Date: Sat, 07 Jan 2023 04:20:00 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ibs:dpid=390122&dpuuid=-qRSJQz4RQloMSRk7zjuqrKi0YY
dpm.demdex.net/ Frame BFF0
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=adobe
https://dpm.demdex.net/ibs:dpid=390122&dpuuid=-qRSJQz4RQloMSRk7zjuqrKi0YY

42 B
942 B

37ms
37ms

Image
image/gif

52.215.109.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=390122&dpuuid=-qRSJQz4RQloMSRk7zjuqrKi0YY

Protocol

HTTP/1.1

Server

52.215.109.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-109-101.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-048420acf.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: dLobFpKUTCA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=390122&dpuuid=-qRSJQz4RQloMSRk7zjuqrKi0YY
Date: Sat, 07 Jan 2023 04:20:00 GMT
Connection: keep-alive
Content-Length: 100
Content-Type: text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

336 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

79 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.northeast.aaa.com/	1970-01-20 17:29:42	Name: visid_incap_1817652 Value: J43g5rXKQ1yb7ESeaD2wIeryuGMAAAAAQUIPAAAAAABv1h6NwNQHFRdW2GwFrdxA
.northeast.aaa.com/	1969-12-31 23:59:59	Name: incap_ses_474_1817652 Value: 7LiEcstJxEOSGuS+Pv2TBuryuGMAAAAACqEhKN9W4iZBT5p71tBi3g==
travel.northeast.aaa.com/	1970-01-20 18:20:25	Name: tst_user_session_id Value: d0aaa546-0cc6-4ce5-aa32-ceb13e11c778
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: tst_analytics_session_id Value: 430782151.1673065196186
.aaa.com/	1969-12-31 23:59:59	Name: at_check Value: true
.aaa.com/	1970-01-20 17:29:40	Name: visid_incap_2629635 Value: cM8ho+NTQ9KP3W5L32mmVezyuGMAAAAAQUIPAAAAAADubwBdXGKZxsa8DpMob/Jh
.aaa.com/	1969-12-31 23:59:59	Name: incap_ses_1288_2629635 Value: /lr7LbWxon9ZQGmGyeXfEezyuGMAAAAADeRMyA4/UhAhxT1I2VSknQ==
.demdex.net/	1970-01-20 13:03:37	Name: demdex Value: 89735547118607592841557660754142006277
.aaa.com/	1970-01-20 08:45:51	Name: _gid Value: GA1.2.2027781963.1673065197
.travel.northeast.aaa.com/	1970-01-20 18:20:25	Name: _ga Value: GA1.4.1930048407.1673065197
.travel.northeast.aaa.com/	1970-01-20 08:45:51	Name: _gid Value: GA1.4.2027781963.1673065197
.travel.northeast.aaa.com/	1970-01-20 08:44:25	Name: _gat_UA-55392727-1 Value: 1
.aaa.com/	1969-12-31 23:59:59	Name: AMCVS_F5237FF958248ED40A495E58%40AdobeOrg Value: 1
.aaa.com/	1970-01-20 10:54:01	Name: _gcl_au Value: 1.1.995047753.1673065197
.aaa.com/	1970-01-20 08:44:25	Name: _gat_UA-96133587-4 Value: 1
.everesttech.net/	1970-01-20 17:30:01	Name: everest_g_v2 Value: g_surferid~Y7jy7AAAAB8iNQOY
.aaa.com/	1970-01-20 18:20:25	Name: s_ecid Value: MCMID%7C89512942554474021621525865916907266115
.aaa.com/	1970-01-20 18:20:25	Name: _ga_65YG7JM4M0 Value: GS1.1.1673065196.1.0.1673065196.0.0.0
.mcdmetrics2.aaa.com/	1970-01-20 08:44:27	Name: aaanortheast!mboxSession Value: 15b7ead0ef114efeb019e23496d401c1
.mcdmetrics2.aaa.com/	1970-01-20 18:20:25	Name: aaanortheast!mboxPC Value: 15b7ead0ef114efeb019e23496d401c1.37_0
.dpm.demdex.net/	1970-01-20 13:03:37	Name: dpm Value: 89735547118607592841557660754142006277
.aaa.com/	1970-01-20 18:20:25	Name: adcloud Value: {%22_les_v%22:%22y%2Caaa.com%2C1673066996%22}
.aaa.com/	1970-01-20 18:20:25	Name: mbox Value: session#15b7ead0ef114efeb019e23496d401c1#1673067057\|PC#15b7ead0ef114efeb019e23496d401c1.37_0#1736309997
.aaa.com/	1970-01-20 18:20:25	Name: AMCV_F5237FF958248ED40A495E58%40AdobeOrg Value: 179643557%7CMCIDTS%7C19365%7CMCMID%7C89512942554474021621525865916907266115%7CMCAAMLH-1673669996%7C6%7CMCAAMB-1673669996%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1673072396s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19372%7CvVersion%7C5.5.0
.aaa.com/	1970-01-20 08:44:26	Name: gpv_e5 Value: Travel%20Booking
.aaa.com/	1970-01-20 08:44:26	Name: gpv_e10 Value: travel.northeast.aaa.com%2Ftrip%2FeHDaDYTcSbOqrwzAReSHMw%2Fconsumer%2Fbooking
.doubleclick.net/	1970-01-20 18:06:01	Name: IDE Value: AHWqTUnOLNM2VCIjJhVAdtqXshuGAPw_f4QyUsEwNm7N20w-hpZI1F6j98GzuxMe-P4
.aaa.com/	1970-01-20 18:06:01	Name: __gads Value: ID=0a1027b5b67bb9a4:T=1673065197:S=ALNI_MYHGcgHI61kUQMoVyGdcuKOG-8ZJQ
.aaa.com/	1970-01-20 18:06:01	Name: __gpi Value: UID=00000b9e5a59a452:T=1673065197:RT=1673065197:S=ALNI_MYGkkxo9zxT0rojl7tWvvVWuGHGTA
.mathtag.com/	1970-01-20 18:10:20	Name: uuid Value: 88a763b8-f2ed-4200-96ac-6e178c6a7a08
.aaa.com/	1970-01-20 18:20:25	Name: _ga Value: GA1.2.1930048407.1673065197
travel.northeast.aaa.com/	1970-01-20 08:45:51	Name: ln_or Value: eyIyMDIxMTU0IjoiZCJ9
.bing.com/	1970-01-20 18:06:01	Name: MUID Value: 1A4E95DD47D36FD000DD874F46D36E56
.linkedin.com/	1970-01-20 09:27:37	Name: UserMatchHistory Value: AQLDWCK6mh1YtAAAAYWKdPCK_goVAPnMqU7e76ycF-GJ-MmYZCLGlBWPu1Cjw8homV5h0rQBMJ1DHg
.linkedin.com/	1970-01-20 09:27:37	Name: AnalyticsSyncHistory Value: AQKFuuUw4kSjYQAAAYWKdPCK3bMIioqTR62PB3X59JCXMP7zsGyn9KOqyLz7W_al7t4kjJRX0FqIsgFfuMCvVw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:30:01	Name: bcookie Value: "v=2&4989369d-f1ba-48b4-8fe3-1871f5798fc7"
.linkedin.com/	1970-01-20 08:45:51	Name: lidc Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2524:u=1:x=1:i=1673065197:t=1673151597:v=2:sig=AQFpEWxtmbDLBMK6cuS3Pmb1n8ze58-y"
.aaa.com/	1970-01-20 10:54:01	Name: _fbp Value: fb.1.1673065197769.292044553
.aaa.com/	1970-01-20 08:45:51	Name: _uetsid Value: 8b812e108e4211edbc1ddf9233430ac6
.aaa.com/	1970-01-20 18:06:01	Name: _uetvid Value: 8b813f708e4211ed873b0f3535d692f7
.aaa.com/	1970-01-20 18:13:13	Name: kndctr_F5237FF958248ED40A495E58_AdobeOrg_identity Value: CiY4OTUxMjk0MjU1NDQ3NDAyMTYyMTUyNTg2NTkxNjkwNzI2NjExNVIPCKvh09PYMBgBKgRJUkwx8AGr4dPT2DA=
.aaa.com/	1970-01-20 08:44:26	Name: kndctr_F5237FF958248ED40A495E58_AdobeOrg_cluster Value: irl1
.aaa.com/	1970-01-20 17:30:01	Name: __insp_wid Value: 801161170
.aaa.com/	1970-01-20 17:30:01	Name: __insp_slim Value: 1673065197805
.aaa.com/	1970-01-20 17:30:01	Name: __insp_nv Value: true
.aaa.com/	1970-01-20 17:30:01	Name: __insp_targlpu Value: aHR0cHM6Ly90cmF2ZWwubm9ydGhlYXN0LmFhYS5jb20vdHJpcC9lSERhRFlUY1NiT3Fyd3pBUmVTSE13L2NvbnN1bWVyL2Jvb2tpbmc%2FdHN0X2VtYWlsPWNvbmZpcm1hdGlvbiZ1dG1fc291cmNlPWNvbmZfZW1haWwmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249YWlyX2hvdGVsX2luc3VyYW5jZQ%3D%3D
.aaa.com/	1970-01-20 17:30:01	Name: __insp_targlpt Value: VHJhdmVsIEJvb2tpbmc%3D
.w55c.net/	1970-01-20 18:14:39	Name: wfivefivec Value: mtgJizTQ1Pe0Gx5
.w55c.net/	1970-01-20 09:27:37	Name: matchdmx Value: 5
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 17:30:01	Name: bscookie Value: "v=1&20230107041957605151fe-6017-497a-88e7-c49fda8e59deAQE64WLxSjc8Uw6E5CSYnw4v8N-2ufi6"
.linkedin.com/	1970-01-20 13:03:37	Name: li_gc Value: MTswOzE2NzMwNjUxOTc7MjswMjGF/gEwSCwDXVncYs6fs4RdphMpekj6FQj0y/VWsqFMxQ==
.turn.com/	1970-01-20 13:03:37	Name: uid Value: 3143472098635846590
.aaa.com/	1970-01-20 17:30:01	Name: __insp_pad Value: 1
.aaa.com/	1970-01-20 17:30:01	Name: __insp_sid Value: 1449977619
.aaa.com/	1970-01-20 17:30:01	Name: __insp_uid Value: 150406883
.aaa.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.travel.northeast.aaa.com/	1970-01-20 17:30:01	Name: aam_uuid Value: 89735547118607592841557660754142006277
.eyeota.net/	1970-01-20 08:44:25	Name: SERVERID Value: 20662~DM
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: PLAY_SESSION Value: 272194b34a4341cc26aa93acc0d7c731d0ee9ba0-mdc-id=%5Bbe8c511c-cb2a-44ff-8028-8534ca98b225%5D&session_expires=1673093998388
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: rememberMe Value: true
.yahoo.com/	1970-01-20 17:30:22	Name: A3 Value: d=AQABBO7yuGMCEI2WV9u3RCWdBUozf9F0XHg&S=AQAAApPiUxGfTzOnELE_C7dargY
.owneriq.net/	1970-01-20 18:20:25	Name: si Value: Q7263515981037984239
.owneriq.net/	1970-01-20 08:58:49	Name: p2 Value: adpq
.casalemedia.com/	1970-01-20 17:30:01	Name: CMID Value: Y7jy7zxKzWOpVyHUZrh3RwAA
.casalemedia.com/	1970-01-20 10:54:01	Name: CMPS Value: 3256
.casalemedia.com/	1970-01-20 10:54:01	Name: CMPRO Value: 3256
.adnxs.com/	1970-01-20 10:54:01	Name: uuid2 Value: 2667332719396465983
.adnxs.com/	1970-01-20 10:54:01	Name: anj Value: dTM7k!M4.FErk#WF']wIg2E?ltcYf#!]tbPl1MwL(!R7qUY'Cq@n-BS(6-l)vCCch%K>qgKZ8Ll9RFMZ9bmtwgM/]vGiO`nrsUQM3jy1642tv0!!!@F<L<do
.pubmatic.com/	1970-01-20 10:54:01	Name: KRTBCOOKIE_218 Value: 4056-Y7jy7AAAAB8iNQOY&KRTB&22978-Y7jy7AAAAB8iNQOY&KRTB&23194-Y7jy7AAAAB8iNQOY&KRTB&23209-Y7jy7AAAAB8iNQOY
.pubmatic.com/	1970-01-20 09:27:37	Name: PugT Value: 1673065198
.spotxchange.com/	1970-01-20 09:24:44	Name: audience Value: 8ca28f50-8e42-11ed-8b5f-182a6e990406
.gumgum.com/	1970-01-20 17:30:01	Name: vst Value: e_55756629-7b8d-478c-9404-3b2a830e1d7c
.demdex.net/	1970-01-20 13:03:37	Name: dextp Value: 269-1-1673065197562\|359-1-1673065197703\|60-1-1673065197813\|470-1-1673065197913\|477-1-1673065198016\|992-1-1673065198116\|903-1-1673065198218\|30064-1-1673065198319\|30646-1-1673065198440\|53196-1-1673065198556\|70962-1-1673065198657\|73426-1-1673065198758\|121998-1-1673065198859\|144230-1-1673065198960\|144231-1-1673065199061\|144232-1-1673065199163\|144233-1-1673065199264\|144234-1-1673065199364\|144235-1-1673065199465\|144236-1-1673065199566\|144237-1-1673065199667\|143525-1-1673065199767\|275754-1-1673065199868\|390122-1-1673065199969
.bidr.io/	1970-01-20 18:12:55	Name: bito Value: AAHpdk7HceYAAB9CEUarQQ
.bidr.io/	1970-01-20 18:12:55	Name: bitoIsSecure Value: ok
sync.srv.stackadapt.com/	1970-01-20 17:30:01	Name: sa-user-id Value: s%3A0-faa45225-0cf8-4509-6831-2464ef38eeaa.J%2BDVvxZgoeHzOnqeDw4uclAKrId6nkJePlAxGMJ0gOk
.srv.stackadapt.com/	1970-01-20 17:30:01	Name: sa-user-id-v2 Value: s%3A-qRSJQz4RQloMSRk7zjuqrKi0YY.TDVGMWPiH%2FrJBYAKxbtmqpar1s%2ByXnPkKHhQbwv%2FTh4

31 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nm.northeast.aaa.com/assets/remote/js/remote_header.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://travel.northeast.aaa.com/trip/assets/stylesheets/v1/trip.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nm.northeast.aaa.com/assets/remote/js/remote_footer.js Message: Failed to load resource: the server responded with a status of 403 ()
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.everestjs.net/static/le/last-event-tag-latest.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-2.2.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://www.fullstory.com/s/fs.js Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance(Line 723) Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance(Line 723) Message: OTS parsing error: hmtx: Failed to parse table
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.woff Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance(Line 3664) Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance(Line 3664) Message: OTS parsing error: hmtx: Failed to parse table
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.ttf Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/chunk/0-chunk.js(Line 84) Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/chunk/0-chunk.js(Line 84) Message: OTS parsing error: hmtx: Failed to parse table
other	warning	URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js(Line 94) Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js(Line 94) Message: OTS parsing error: hmtx: Failed to parse table
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.ttf?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://travel.northeast.aaa.com/v1/prepack/licensee Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=89735547118607592841557660754142006277 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://cdn.pbbl.co/r/2512.js Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance Message: OTS parsing error: hmtx: Failed to parse table
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=89735547118607592841557660754142006277 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://usersync.videoamp.com/usersync?partner_id=6667929&partner_user_id=89735547118607592841557660754142006277&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D70962%26dpuuid%3D%7Bvamp_user_id%7D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=89735547118607592841557660754142006277?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/trip/eHDaDYTcSbOqrwzAReSHMw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=air_hotel_insurance Message: OTS parsing error: hmtx: Failed to parse table

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6a46913f59a8b6c1016e57ad7f97650a.safeframe.googlesyndication.com
aaanortheast.demdex.net
adobedc.demdex.net
ads.scorecardresearch.com
adservice.google.com
adservice.google.de
api.bounceexchange.com
assets.adobedtm.com
assets.bounceexchange.com
assets.green.kube.tstllc.net
assets.tstllc.net
bat.bing.com
cdn.inspectlet.com
cdn.linkedin.oribi.io
cdn.pbbl.co
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
code.jquery.com
connect.facebook.net
content.airhex.com
d.turn.com
d1taxzywhomyrl.cloudfront.net
d2wy8f7a9ursnm.cloudfront.net
data.cdnbasket.net
dpm.demdex.net
dsum-sec.casalemedia.com
e.cdnwidget.com
edge.adobedc.net
fonts.googleapis.com
g2.gumgum.com
googleads.g.doubleclick.net
hn.inspectlet.com
ib.adnxs.com
idpix.media6degrees.com
ids.cdnwidget.com
idsync.rlcdn.com
image2.pubmatic.com
lasteventf-tm.everesttech.net
match.adsrvr.org
match.prod.bidr.io
mcdmetrics.aaa.com
mcdmetrics2.aaa.com
nm.northeast.aaa.com
page.cdnbasket.net
pagead2.googlesyndication.com
pixel.rubiconproject.com
pm.w55c.net
ps.eyeota.net
px.ads.linkedin.com
px.owneriq.net
px4.ads.linkedin.com
rec.smartlook.com
region1.google-analytics.com
s3.amazonaws.com
securepubads.g.doubleclick.net
sessions.bugsnag.com
snap.licdn.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
tag.wknd.ai
tpc.googlesyndication.com
travel.northeast.aaa.com
us-u.openx.net
usersync.videoamp.com
view.cdnbasket.net
web-assets.tstllc.net
www.aaa.com
www.everestjs.net
www.facebook.com
www.fullstory.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
13.107.42.14
13.32.23.106
13.32.27.111
142.250.186.130
142.251.39.2
15.236.117.205
15.236.125.10
151.101.2.49
18.196.133.7
18.213.53.43
185.29.134.248
185.64.189.110
185.80.39.216
185.89.211.84
185.94.180.126
2001:4860:4802:34::36
2001:4de0:ac18::1:a:3b
2001:678:cb4:bbbb::13
212.82.100.182
23.44.78.119
2600:1901:0:7a0b::
2600:9000:206f:d800:2:53b2:240:93a1
2606:4700:10::6816:39f5
2606:4700:10::ac43:aac
2606:4700:3033::ac43:a1c5
2606:4700::6812:16ea
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:80b::2008
2a00:1450:4001:827::2002
2a00:1450:4001:830::2003
2a00:1450:400c:c0a::9a
2a00:1450:400d:802::2001
2a00:1450:400d:804::2001
2a00:1450:400d:806::2002
2a00:1450:400d:807::2002
2a00:1450:400d:80a::2004
2a00:1450:400d:80a::200a
2a00:1450:400d:80c::200e
2a00:1450:400d:80d::2002
2a02:26f0:11a::217:9a4a
2a02:26f0:3500:587::1e80
2a02:6ea0:c700::18
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d014:275:cb01:190c:7f02:2b97:3b21
3.125.70.222
3.210.55.22
3.33.220.150
34.102.193.48
34.107.191.194
34.111.8.32
34.120.253.250
34.149.79.247
34.231.184.91
34.249.37.235
34.95.102.126
34.95.68.5
34.98.64.218
34.98.72.95
35.244.174.68
44.207.146.71
45.60.154.98
45.60.64.121
52.1.243.72
52.205.53.251
52.215.109.101
52.216.141.86
52.49.185.121
54.171.1.252
54.171.40.8
63.34.41.96
65.9.66.80
69.173.144.139
96.16.147.243
99.86.1.22
99.86.4.32
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
059d3c257d61801506bdc30c1cfcc61fbdf4c5c94a4163bc0c62ee153253b609
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
08bbcc64722e668378612103e52728e7d9ba0bedea0baddcd235269546b17878
0a84b0311ce00c9e04b079da5759ea3fa7465210f2cda024f4c004c144498881
0b207154d7f78d02e4b14ee54013fc73beeab61f1cf07e9c3537becbc903de96
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
12ec394edb732a62a905859f5cbb8147a541ca53d7eba679a56b317791d6f7ea
13e3f896db6fea2e223e274e381af0e81c016292b4e3ee0be3dd5cfdd07af88f
15f1fde7deb1f2cfecb62abe9d99d230384ecbb429e962bd449f4259e64fbec6
1967f4fd1ec6067c500e07006709b6fd8c46142e7a8121c3deab4de4763a4719
1c501e8ed32f9af9a335c78780533a0c37111437fab490bec5a6ef6b6a07cae0
1c7fe750bd3616100f1d7384cf830625c9efc81391e3abd51b47bfe2a344afb4
1ca5593f9ae0412922ebd1a20a6749df3ddc23e111277028fe4a4df1afc57342
1d32627006e0e63d706ca39ec8735807bc8f73946f38f4985740679edea22edd
1f90ca8a1ad6076855d571ddee36406012190b1d885dbcadebc56ebd26040afa
21690e70184ca8889c95f929ff84525a5cdff3a0b35ddc004c3651274c966ad2
2321ed47653a7cc5ad1fd339761b99bbca2a495d78c2929ca470b1d9984d7deb
289788d2c332a3543a9a384333d98a7234b622a46df79735c080ea2f2b1f7743
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3522489f6d3e38b0030b3d62f092f9bff92261ede3b00f005bcdd292b7b19e36
363f88bf60b73f3f96f129b384fe1d91c488a027486938d92c4ffaac33bc1bcb
38a1d7e47ea9424509090f675da14d2dccde2e9ac1128f9e02489d7b033e7660
3d9e638eb07148d91a70743f01762acdf17667c176af6c948c5f90f8c30c0bc6
3fe29b8c78990a7b9438b55099db5603e79ad1438a8c3efab09cedf8eb415b66
3ff7b0b317b417d887b4d1b311ac5a390b85345337838d182296dad380682a87
4096cae93ea91c539a4ab87ccee842628a3371d8045a5c4f9478e848c7cf6ad8
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4aa571aec498242441a1205531e1300d5a8caa8b881bace7d354f433c98b66f1
4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e58b78b5844a988d67532b4683a6e8b3235b3d56d319727e65f460805bbdec4
4ee813dfcacc72d96eba6ccb5680476dfafa7b9bf7773d76aa04f7917de64d6b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
575c98ec8fe9ba7a1d743089ff82c15d72a4f5b2942e6bd41ee9e67952fecb79
5beffa87b027babb68fa4aef73ef1337b1af48d9325775f115e170e0a4fdf601
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
6044a9c3fefd4b4f586919a4ebb610b9e0ee6d1fdc2fdfb381dda3038f346efa
60962d02c694caf46398538f59c753a10f42f5771e5391da1f82fc514a0f534e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6404c155bcf2a680911e2c231d1d2b4bf440f29aef0297aabceb0721749f0307
6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
6cb37d0e222c77e8101b3f0eee2b31b669c084e5a0ba149e1c40de8a0520766e
6f5d61b825bfcd03aa93ae334607c30f7cb26c280a03b8d9965749131b4422b6
70452768692e6a31a4ac81defa05cf56af2b6a27db93df10d79a6c81ddae41a7
71a980fae18c2c5ab33f47cbac734ab86aaa815e0325ce68be34ccd55b04cfb9
753f27e681bc708667773517a56b125d384a16b096601b2985734cad1fa94298
782a61c1c32cfde1ac665da49d7b7d4cca8fe9d9bce917de2562e813f24b32da
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
7957993b06a497bbb001394c3df9de53da879da69770127671125817dcef1c60
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7e70021ced23fd3fc217f5cbb9731e2d0097f7d4868cc9f8ccd93b0af36e0205
7fde221486c3e05f825980fec689e0671182230722188921d256b58a7383d9cb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87d9b3e7408500a9dd30308d2cffb62089900759ecadf58ebe0468c07f2a8987
897600b074c2a2e02b176f2d3e5caf964883dc5ea1c340c7576723e3932b9128
8aa5efde86c226b1c6daaa9e29be64ba62beb170ec6329bde6927f77c9292b02
8b3e8e10db2f90bdb8710b478c200588b2396146e4b07b22a795ad79e062360f
8c0ae4ff09554a68c5a1638da94bb4178a9494a1b20f9c52a0734fe3035c86df
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f5f43c8df2ecc31862880c3645d2d0a6d067467e9de9a302d683d92e78af63a
8f742cd62bb8097301a1e57b5ba25f78a7aa4b27b650c45a376e65a9ae615945
901a3d923f29e1e5722d7978b88a487fe3e2b38f2870fb968a29f8df66e79122
93041107bace79e949ab6c47e2f0f8725d46132c880d736e63fed6d9bfe40812
9366be9dc7f0c13655e2a45ce1df32f55b937efc0878b30954969c88151f1482
93a8a44cca820f9a7aa320974a3b8026218839c9829e86d4cff4eaa3b645a45c
96e1d25644df32c6c303061e5ecef5d74c6d209b0bef55761e841199768dd23e
96ec675a4fab3039503907507b779ba05af8716418a84dac63e308bfb9701d02
9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2
9fae58a28180d2c4b4bd25c7eafda06c0a07b8f139b9f5639069d0a60a576d0e
a3c3648c779d597d42c7353ccc52035811eca4409c38932c4094e66b6766d280
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
aaed9dc3a855f5067df7cde88c06ca9ed9de210dfadfaf3f4b49b58ca40df292
abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c
af55f706a4f9e61d1b0fe6ccc049186499aeeb32fd219e38faeeda3a13597f21
b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2e3d1cf751ef09fc5b7cb82cd5858a65d76d1d579c9415013a29d044df7eb3f
b39041ba9f55c2e34dba18751f549b447fbd52077ac7264a9c1f47fe4adaa416
b3f085bdbf23c973cba5bf8877b0ec61659a40b65e853515674c9f3be383def6
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bb2e1a97e3bc84334fa38904266d7ef01dc9407e17b3fcf54ea4a8ecbf494abf
bde477308984e4a82a5086dfad840c8c844338d3ac4168c9e137fc64798bf358
bde61abbd5f39b4f00e79e0ecf8252c3350a384abcf067faf5ac9dba933dbb3f
c0685e377015e5d908334e22c6d8e9d0fb5b4b472bbede6adf63bf5b52a0e0be
c0b266f6c8a4eed9a681a4cd71d30355a26ec25b3c940efb2ff23fd86b62ac21
c3a4ba7b1acc28b5ffba8d4cdefb889b29216230f0148121bd7487a8cc7cb37a
c46fc63d7462af41ea54d3530db8c21659ed55df7c19f473169d8f9245b8cf2f
cba8862bc0eeff77ab390c0669021b95055e809f226aa0e7dc438d79e3ad399f
d21ddf92f92f283b4c53feeddd67cf9c0c1930258b93eba54cb2db543889bf36
d66bd4d664a16b713aa3cc8b8474d67aa98dac37cf9276617c7a70f64efeb116
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d775a04829ae942a850c4a6896963f696e50951a46385a47847e6fd7845aa792
d7de9b79990bb103408b06aacc98307309774f564e70ba905949e80b5ba47f14
de1271b75470960be5b33d00f9264602eab356f0b86045292a33713d79d21a89
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de4e33fc8c1f6a00eb8244883c5f8fdeaddac902544a3032eb0de0e484d93c3f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41a2db02c3529a17cc3afc212f27005838db46a1da0eb5958ae9b0f5b2baa2f
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ea80fa6a7bffdbfd77dd6a6179911161c01716568cf46f55d4a46df54b180888
eca42fb09936e7f4fe65c89e32803545bf2759fb40c97fc27f9df3c6599d82bf
eca5ed48fb8270069356710e121d04800175681b387d45ebf60b7f5d5ce9ef90
ed2b9de8f36895ff8e5324067c9a27a15ba63337c2a3232bd757863585507ef9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d24d12b7e0438cb677c09fcd0f0cef99c6efbe4b2323fbdb8a3a00ed07dd5c
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f529cf4430e32ae0b07d7d606ca1043e8cd9ebb9476456589578a299bad459bd
f567024a48641d8c16b298d3d32c5634e979c19e83a9259e3ac74172ae2302f3
f98f75f9a9168d74ec823ae8d0e99ee5098da27942c9e6a873ecad65b366729c
f99311b71428f3f8d81ecb74c3c1c0e995a5913dd89af1ab97b49ae7f6315d93
fa580e527cb54a9bac12a995f3167d0f759d6d976c8626a3eecd7fc563e6ec97
fc35fce2c9bafcf5ce3b9186e064dd3dfd60e88ee72a03d7632ffab72d603527
fd9044a309ef7d51ad98d6a471d5ba00af04478843631e0cf5e2bfc36b509c2c
fe13408d11ff849139c4b0dc24d1d81714c47bdb2fe2a59f5b79d8c9c4052d6a
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

travel.northeast.aaa.com Open in urlscan Pro 34.231.184.91 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

187 Requests

86 %HTTPS

38 %IPv6

56 Domains

82 Subdomains

66 IPs

9 Countries

6995 kBTransfer

17269 kBSize

79 Cookies

7 Outgoing links

Redirected requests

187 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

travel.northeast.aaa.com Open in urlscan Pro
34.231.184.91 Public Scan

Screenshot
Live screenshot

Full Image

187
Requests

86 %
HTTPS

38 %
IPv6

56
Domains

82
Subdomains

66
IPs

9
Countries

6995 kB
Transfer

17269 kB
Size

79
Cookies

187 HTTP transactions
5 data transactions