www.benefitnews.com Open in urlscan Pro
13.224.96.72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://e.d.arizent.com/click/EbGNoaWVyZWxsb0BmaXJzdGFtLmNvbQ/CeyJtaWQiOiIxNjI4MDkwMTgxNDg2ZWMzYTNjNzljNjM0IiwiY3QiOiJzb...
Effective URL:
https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm...
Submission: On August 04 via api (August 4th 2021, 3:37:51 pm UTC) from US

Summary HTTP 164 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 50 IPs in 5 countries across 32 domains to perform 164 HTTP transactions. The main IP is 13.224.96.72, located in United States and belongs to AMAZON-02, US. The main domain is www.benefitnews.com.
TLS certificate: Issued by Amazon on March 23rd 2021. Valid for: a year.

This is the only time www.benefitnews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	96.47.24.171 96.47.24.171	46263 (EDIALOG) (EDIALOG)
1	13.224.96.72 13.224.96.72	16509 (AMAZON-02) (AMAZON-02)
6	143.204.98.35 143.204.98.35	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.1.26 151.101.1.26	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.96.83 13.224.96.83	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3032::ac43:c0b6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.96.11 13.224.96.11	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f00... 2a03:2880:f007:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
8	2606:4700::68... 2606:4700::6811:b6b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
4 12	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	34.195.31.102 34.195.31.102	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
2	52.211.195.119 52.211.195.119	16509 (AMAZON-02) (AMAZON-02)
1	13.224.89.166 13.224.89.166	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:3::729 2a04:4e42:3::729	54113 (FASTLY) (FASTLY)
1	13.224.193.120 13.224.193.120	16509 (AMAZON-02) (AMAZON-02)
1	184.30.21.51 184.30.21.51	16625 (AKAMAI-AS) (AKAMAI-AS)
2 9	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	13.224.95.38 13.224.95.38	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:170... 2a02:26f0:1700:1a1::268b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a03:2880:f10... 2a03:2880:f107:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 3	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
3	3.224.43.92 3.224.43.92	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:6c0... 2a02:26f0:6c00:19c::26e5	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.208.203.88 54.208.203.88	14618 (AMAZON-AES) (AMAZON-AES)
1	52.72.113.151 52.72.113.151	14618 (AMAZON-AES) (AMAZON-AES)
1	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
1	13.224.89.82 13.224.89.82	16509 (AMAZON-02) (AMAZON-02)
1	116.202.80.167 116.202.80.167	24940 (HETZNER-AS) (HETZNER-AS)
4	108.128.116.76 108.128.116.76	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	37.252.173.27 37.252.173.27	29990 (ASN-APPNEX) (ASN-APPNEX)
13	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
164	50

1 96.47.24.171 (United States) 1 redirects

ASN46263 (EDIALOG, US)
PTR: bm16-et-vip.bo3.e-dialog.com

e.d.arizent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-72.zrh50.r.cloudfront.net

www.benefitnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 143.204.98.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-35.fra50.r.cloudfront.net

arizent.brightspotcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7baf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.26 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-83.zrh50.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:c0b6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.npttech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-11.zrh50.r.cloudfront.net

cdn.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f007:8:face:b00c:0:1 (Vienna, Austria)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6811:b6b1 (United States)

ASN13335 (CLOUDFLARENET, US)

experience.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-v3.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.184.226 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.195.31.102 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-195-31-102.compute-1.amazonaws.com

people.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.195.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-195-119.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.89.166 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-89-166.zrh50.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::729 (United States)

ASN54113 (FASTLY, US)

vjs.zencdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-120.fra2.r.cloudfront.net

s.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.21.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-21-51.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.95.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-38.zrh50.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:1a1::268b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f107:83:face:b00c:0:25de (Vienna, Austria)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.45 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.224.43.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-43-92.compute-1.amazonaws.com

a.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:19c::26e5 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s8t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.208.203.88 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-208-203-88.compute-1.amazonaws.com

api.zetaglobal.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.113.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-113-151.compute-1.amazonaws.com

events.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.89.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-89-82.zrh50.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.202.80.167 (Eichendorf, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.167.80.202.116.clients.your-server.de

comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.128.116.76 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-116-76.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.27 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	googlesyndication.com d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	426 KB
23	doubleclick.net 4 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	194 KB
13	2mdn.net s0.2mdn.net	408 KB
10	google.com 2 redirects www.google.com adservice.google.com	2 KB
8	gstatic.com fonts.gstatic.com	224 KB
8	tinypass.com experience.tinypass.com cdn.tinypass.com buy.tinypass.com id.tinypass.com api-v3.tinypass.com	150 KB
7	google-analytics.com www.google-analytics.com	41 KB
6	brightspotcdn.com arizent.brightspotcdn.com	946 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
5	adsafeprotected.com cdn.adsafeprotected.com pixel.adsafeprotected.com	9 KB
5	googletagservices.com www.googletagservices.com	164 KB
4	adnxs.com 2 redirects ib.adnxs.com secure.adnxs.com	4 KB
4	google.de www.google.de adservice.google.de	1 KB
4	dpmsrv.com s.dpmsrv.com a.dpmsrv.com	41 KB
4	googleapis.com ajax.googleapis.com fonts.googleapis.com	32 KB
3	cxense.com cdn.cxense.com comcluster.cxense.com	34 KB
3	facebook.net connect.facebook.net	94 KB
3	boomtrain.com cdn.boomtrain.com people.api.boomtrain.com events.api.boomtrain.com	26 KB
2	parsely.com cdn.parsely.com p1.parsely.com	26 KB
2	teads.tv a.teads.tv s8t.teads.tv	133 KB
2	cloudfront.net d1z2jf7jlzjs58.cloudfront.net d10lpsik1i8c69.cloudfront.net	4 KB
2	ml314.com ml314.com	13 KB
2	polyfill.io polyfill.io	682 B
1	rlcdn.com idsync.rlcdn.com	66 B
1	zetaglobal.net api.zetaglobal.net	972 B
1	facebook.com www.facebook.com	297 B
1	zencdn.net vjs.zencdn.net	395 KB
1	npttech.com www.npttech.com	3 KB
1	googletagmanager.com www.googletagmanager.com	89 KB
1	unpkg.com unpkg.com	7 KB
1	benefitnews.com www.benefitnews.com	61 KB
1	arizent.com 1 redirects e.d.arizent.com	504 B
164	32

	Domain	Requested by
23	tpc.googlesyndication.com	securepubads.g.doubleclick.net d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com www.benefitnews.com tpc.googlesyndication.com s0.2mdn.net
13	s0.2mdn.net	www.benefitnews.com s0.2mdn.net d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
13	pagead2.googlesyndication.com	securepubads.g.doubleclick.net d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
9	www.google.com	2 redirects www.benefitnews.com d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com tpc.googlesyndication.com
8	fonts.gstatic.com	fonts.googleapis.com
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.benefitnews.com
7	www.google-analytics.com	www.benefitnews.com www.google-analytics.com
6	googleads.g.doubleclick.net	d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com www.benefitnews.com
6	arizent.brightspotcdn.com	www.benefitnews.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	www.benefitnews.com securepubads.g.doubleclick.net d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
4	d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	pixel.adsafeprotected.com	cdn.adsafeprotected.com
3	a.dpmsrv.com	www.benefitnews.com s.dpmsrv.com
3	ib.adnxs.com	2 redirects
3	www.google.de	www.benefitnews.com
3	stats.g.doubleclick.net	www.google-analytics.com
3	experience.tinypass.com	www.benefitnews.com cdn.tinypass.com
3	connect.facebook.net	www.benefitnews.com connect.facebook.net
3	fonts.googleapis.com	www.benefitnews.com tpc.googlesyndication.com
2	googleads4.g.doubleclick.net	www.benefitnews.com
2	buy.tinypass.com	cdn.tinypass.com
2	cdn.cxense.com	cdn.tinypass.com cdn.cxense.com
2	ml314.com	www.benefitnews.com ml314.com
2	polyfill.io	www.benefitnews.com
1	ade.googlesyndication.com
1	secure.adnxs.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	idsync.rlcdn.com	www.benefitnews.com
1	api-v3.tinypass.com	cdn.tinypass.com
1	comcluster.cxense.com	www.benefitnews.com
1	d10lpsik1i8c69.cloudfront.net	www.benefitnews.com
1	p1.parsely.com	www.benefitnews.com
1	events.api.boomtrain.com	cdn.boomtrain.com
1	id.tinypass.com	cdn.tinypass.com
1	api.zetaglobal.net	cdn.boomtrain.com
1	s8t.teads.tv	a.teads.tv
1	www.facebook.com	www.benefitnews.com
1	cdn.parsely.com	d1z2jf7jlzjs58.cloudfront.net
1	a.teads.tv	www.googletagmanager.com
1	s.dpmsrv.com	www.benefitnews.com
1	vjs.zencdn.net	www.benefitnews.com
1	d1z2jf7jlzjs58.cloudfront.net	www.benefitnews.com
1	cdn.tinypass.com	experience.tinypass.com
1	people.api.boomtrain.com	cdn.boomtrain.com
1	cdn.boomtrain.com	www.benefitnews.com
1	www.npttech.com	www.benefitnews.com
1	www.googletagmanager.com	www.benefitnews.com
1	ajax.googleapis.com	www.benefitnews.com
1	cdn.adsafeprotected.com	www.benefitnews.com
1	unpkg.com	www.benefitnews.com
1	www.benefitnews.com
1	e.d.arizent.com	1 redirects
164	55

This site contains links to these domains. Also see Links.

Domain
conference.benefitnews.com
twitter.com
www.facebook.com
www.linkedin.com
www.arizent.com
info.wrightsmedia.com

Subject Issuer	Validity	Valid
*.accountingtechnology.com Amazon	`2021-03-23` - `2022-04-21`	a year	crt.sh
*.sourcemedia.com Amazon	`2021-04-15` - `2022-05-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-02` - `2022-07-01`	a year	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2020	`2021-06-04` - `2022-07-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.adsafeprotected.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
cdn.boomtrain.com Amazon	`2021-03-16` - `2022-04-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.piano.io Sectigo RSA Domain Validation Secure Server CA	`2020-09-17` - `2021-09-17`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.api.boomtrain.com Amazon	`2020-12-16` - `2022-01-14`	a year	crt.sh
*.ml314.com Amazon	`2021-01-17` - `2022-02-14`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
vjs.zencdn.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-02-22` - `2022-03-26`	a year	crt.sh
*.dpmsrv.com Amazon	`2021-05-17` - `2022-06-15`	a year	crt.sh
teads.tv R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.cxense.com DigiCert SHA2 Secure Server CA	`2021-05-21` - `2022-05-26`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
app.zetaglobal.net Amazon	`2021-06-14` - `2022-07-13`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh

This page contains 15 frames:

Primary Page: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Frame ID: A5C7C740ED766AEB75ABEFC82B4EFD10
Requests: 88 HTTP requests in this frame

Frame: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E6BC198638B4EA20D6CB04435428D3DB
Requests: 1 HTTP requests in this frame

Frame: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9D5C3EFB3BAE6F34CB7699983E28630B
Requests: 16 HTTP requests in this frame

Frame: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C4781AC9BB04F21E02D303D3536D0023
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiN4p6mATAB&v=APEucNVbraTH2zqj8uH4yludIo_clgRleq_O3j44SQHU8fgqhwYF6aLZYRIv4Qk7cOQ6UYpcbXZcV4UGcd8WgELaiABthHvnjw
Frame ID: 0B245FD5AD1182EC2DD309916AC0C2A6
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html
Frame ID: 9F690BA27E3506B2F9E535F067976009
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 3637637A4CC92CF605744793E6A98AA3
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 054514B145076E06F9DA1EB5D7E4CF77
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: ACFA023911073F617ABE19FD9BE0F14D
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
Frame ID: 60D4BD9429BBF4A36211FF6B40B98F8E
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BB0AEA89DC4300FFF65CE3E42625A8F7
Requests: 3 HTTP requests in this frame

Frame: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CA5821D7F40062C66D59B0004C71DB06
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html
Frame ID: 6BA0ABA7799971C5ADD0C75235C34F52
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: C71CA34D879A244D941186455ECBC6B1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js
Frame ID: 768E2A72500EBBD023574B3EA4D1F75C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://e.d.arizent.com/click/EbGNoaWVyZWxsb0BmaXJzdGFtLmNvbQ/CeyJtaWQiOiIxNjI4MDkwMTgxNDg2ZWMzYTNjN... HTTP 302
https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_0812... Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Page Statistics

164
Requests

99 %
HTTPS

48 %
IPv6

32
Domains

55
Subdomains

50
IPs

5
Countries

3529 kB
Transfer

11197 kB
Size

25
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://conference.benefitnews.com/workplace-strategies-agenda
Title: Workplace Strategies Agenda

Search URL Search Domain Scan URL

URL: https://twitter.com/EBNbenefitnews
Title: twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/employeebenefitnews
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/employee-benefit-news-&-employee-benefit-adviser
Title: linkedin

Search URL Search Domain Scan URL

URL: http://www.arizent.com/privacypolicy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.arizent.com/news/arizent-subscription-agreement
Title: Subscription Agreement

Search URL Search Domain Scan URL

URL: https://info.wrightsmedia.com/arizent-licensing-and-reprints
Title: Content Licensing/Reprints

Search URL Search Domain Scan URL

URL: http://www.arizent.com/media-kit
Title: Advertising/Marketing Services

Search URL Search Domain Scan URL

URL: https://www.arizent.com/
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://e.d.arizent.com/click/EbGNoaWVyZWxsb0BmaXJzdGFtLmNvbQ/CeyJtaWQiOiIxNjI4MDkwMTgxNDg2ZWMzYTNjNzljNjM0IiwiY3QiOiJzb3VyY2VtZWRpYS1wcm9kLTBhOTdhNjJhYTAwMTVlYTljOTQ5Mjg1MGM0MmY3MDRkLTEiLCJyZCI6ImZpcnN0YW0uY29tIn0/HWkhfYXJpemVudGRfTk5CQU4wODA0MjAyMTQ0Nzk1MDEsYXoyLGh0dHBzOi8vd3d3LmJlbmVmaXRuZXdzLmNvbS9hYm91dC11cw/qP3V0bV9zb3VyY2U9ZGdfZW1haWwmdXRtX2NhbXBhaWduPWRnX2Vibl93b25kcmhlYWx0aF93ZWJzZW1pbmFyXzA4MTIyMDIxXzIwMjEwODA0X3AyJnV0bV9tZWRpdW09d2Vic2VtaW5hciZidF9lZT1iVVdJRlU4SkhuJTJCSG43d29WMWJKWGZGdzZlMWJmbzRPZVQwT0NOM0pFdWZFRzlrJTJCTzEyVDhGWnNLU0NmOVFiaCZidF90cz0xNjI4MDkwMTgxNDg4/s9957d9dd65 HTTP 302
https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D342%26pixelIndex%3D0%26r%3D338708%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.benefitnews.com%252Fabout-us%253Futm_source%253Ddg_email%2526utm_campaign%253Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%2526utm_medium%253Dwebseminar%2526bt_ee%253DbUWIFU8JHn%25252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%25252BO12T8FZsKSCf9Qbh%2526bt_ts%253D1628090181488&_=1628091449083 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D342%2526pixelIndex%253D0%2526r%253D338708%2526tzOffset%253D-120%2526url%253Dhttps%25253A%25252F%25252Fwww.benefitnews.com%25252Fabout-us%25253Futm_source%25253Ddg_email%252526utm_campaign%25253Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%252526utm_medium%25253Dwebseminar%252526bt_ee%25253DbUWIFU8JHn%2525252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2525252BO12T8FZsKSCf9Qbh%252526bt_ts%25253D1628090181488%26_%3D1628091449083 HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?id=6394774289394595266&q=xImp&v=1.x&cl=342&pixelIndex=0&r=338708&tzOffset=-120&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&_=1628091449083

Request Chain 68

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm=&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084&google_tc= HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084&google_gid=CAESEB192RwzE-ev_cv6JzMHVz0&google_cver=1

Request Chain 100

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 113

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1&C=1

Request Chain 114

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YQq0OwVVXMPoFmOvuHoGCgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1

Request Chain 153

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

164 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request about-us Show response
www.benefitnews.com/
Redirect Chain

https://e.d.arizent.com/click/EbGNoaWVyZWxsb0BmaXJzdGFtLmNvbQ/CeyJtaWQiOiIxNjI4MDkwMTgxNDg2ZWMzYTNjNzljNjM0IiwiY3QiOiJzb3VyY2VtZWRpYS1wcm9kLTBhOTdhNjJhYTAwMTVlYTljOTQ5Mjg1MGM0MmY3MDRkLTEiLCJyZCI6Im...
https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9...

224 KB
61 KB

241ms
208ms

Document
text/html

13.224.96.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-72.zrh50.r.cloudfront.net
Software: N/A / Brightspot
Resource Hash: 35e532cc7584ada37a8246b13d30bafa6f3ddcceb5952703b15aea6ad39c6b41

Request headers

Host: www.benefitnews.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=120
Content-Encoding: gzip
Date: Wed, 04 Aug 2021 15:37:27 GMT
Server: N/A
X-Powered-By: Brightspot
X-Robots-Tag: nofollow
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: 3ZuKN92Vm8beRSnEe0st-ozaA69Kyke3iP_7TB-n8T3lyPTc-Jpi-Q==

Redirect headers

Date: Wed, 04 Aug 2021 15:37:28 GMT
Server: Apache
X-Powered-By: PHP/7.3.29
Location: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=60

GET
H/1.1 200
OK All.min.3ff401d8e16c5041b7c5618e8065b06e.gz.css
arizent.brightspotcdn.com/resource/00000174-26a2-d19a-ad7c-2eebcf9a0000/styleguide/ 571 KB
77 KB 93ms
23ms Stylesheet
text/css 143.204.98.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://arizent.brightspotcdn.com/resource/00000174-26a2-d19a-ad7c-2eebcf9a0000/styleguide/All.min.3ff401d8e16c5041b7c5618e8065b06e.gz.css
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-35.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9388c32109db5a0200c30ba2e9f37eaf1d25de70eb14ac963239ae051e8ae84e

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 28 Jul 2021 18:09:36 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 28 Jul 2021 18:07:04 GMT
Server: AmazonS3
Age: 595673
ETag: "616f3db8fbe3e5277ed74e1a68751f87"
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
Cache-Control: public, max-age=31536000
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 77975
X-Amz-Cf-Id: 50GPcuwCvp2BGLpOnAU0BjxsA6jxuMD2wBDfd8BpUKQQFt2x0c-_vQ==

GET
H2 200 runtime.js Show response
unpkg.com/regenerator-runtime@0.13.1/ 23 KB
7 KB 33ms
17ms Script
application/javascript 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/regenerator-runtime@0.13.1/runtime.js

Requested by

Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f792fe255fbfcd352fe4b2f759c95980e57d8d297939e12262d9be1e87f48c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1070099
fly-request-id: 01FB90ERSJB364PHBEC0TVGRTA
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"5b05-y9GmlKf9QAx3EInfgjTVmKGWlRQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6798de002b8a4ddc-FRA

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 72 B
537 B 57ms
19ms Script
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=Document%2CPromise%2CPromise.prototype.finally%2CObject.getOwnPropertyNames%2CObject.getOwnPropertySymbols%2Ces6%2Ces2015%2Ces2016%2Ces2017%2Ces2018%2Ces2019

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 2024756
detected-user-agent: HeadlessChrome/89.0.4389
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Sun, 11 Jul 2021 13:22:32 GMT
date: Wed, 04 Aug 2021 15:37:28 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK All.min.ef2498742c95dcaae5e98dc91f876ae0.gz.js Show response
arizent.brightspotcdn.com/resource/00000174-26a2-d19a-ad7c-2eebcf9a0000/styleguide/ 2 MB
541 KB 76ms
29ms Script
text/javascript 143.204.98.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://arizent.brightspotcdn.com/resource/00000174-26a2-d19a-ad7c-2eebcf9a0000/styleguide/All.min.ef2498742c95dcaae5e98dc91f876ae0.gz.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-35.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e1394b010bb830df7b0a2b102481d9857a6d0d28335c480b47b067883a846419

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 28 Jul 2021 18:09:36 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 28 Jul 2021 18:07:05 GMT
Server: AmazonS3
Age: 595673
ETag: "322c15187aa67ca38d92ccefc846e451"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
Cache-Control: public, max-age=31536000
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 553768
X-Amz-Cf-Id: LD-gAqmwrB88B409u3Cvn7iFTdfB8sL94nFVpjWJXqbYhF6tXq7Fxw==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 70 KB
25 KB 40ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77114a79d52a211183732f50785ae7e5754649b2f8b556ca6e9412ec400eda57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "948 / 285 of 1000 / last-modified: 1628077064"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24823
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:28 GMT

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 45ms
12ms Script
application/javascript 13.224.96.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-83.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Aug 2021 20:24:25 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 17:38:57 GMT
Server: AmazonS3
Age: 69184
ETag: W/"51636de3ce868a2172f9e6996c2934e0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: ve2XHQ9t1KmWiiNYZ-XaL07hB0FoyvJjPtb1kL_3o209fzDgF-Eurw==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
30 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 14:37:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3607
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Aug 2022 14:37:21 GMT

GET
H/1.1 200
OK employeebenefitnews-brand-logo-initials-01.svg
arizent.brightspotcdn.com/90/ea/a7a2639248bc85386fb9b67ce30f/ 1 KB
2 KB 62ms
61ms Image
image/svg+xml 143.204.98.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://arizent.brightspotcdn.com/90/ea/a7a2639248bc85386fb9b67ce30f/employeebenefitnews-brand-logo-initials-01.svg
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-35.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 177c908e366915477cde805fc7d1a5bd5c23b69f5fca5a52b21348fb7f93b7f9

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 07 Feb 2021 15:59:22 GMT
Via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Fri, 28 Aug 2020 00:20:41 GMT
Server: AmazonS3
Age: 15377887
ETag: "e04b5d560d566f5bfc952f249bc20d46"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Cache-Control: public, max-age=31536000
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 1140
X-Amz-Cf-Id: TjDib0vaabFxJzaPf1P2iGTXKkQLK2ukbo91enEoLGjplX2zRF2nSA==

GET
H/1.1 200
OK /
arizent.brightspotcdn.com/dims4/default/89f393a/2147483647/strip/true/crop/1000x165+0+0/resize/727x120!/quality/90/ 12 KB
13 KB 82ms
29ms Image
image/png 143.204.98.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://arizent.brightspotcdn.com/dims4/default/89f393a/2147483647/strip/true/crop/1000x165+0+0/resize/727x120!/quality/90/?url=https%3A%2F%2Fsource-media-brightspot.s3.amazonaws.com%2F01%2F05%2F6f8ad49b408398d634628e2d653f%2Farizent-logo.png
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-35.fra50.r.cloudfront.net
Software: Apache /
Resource Hash: c0bf2ffd17947ef568c786a47a930113f516a10a09b72485363621d110ff207b

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 01 Apr 2021 00:11:40 GMT
Via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
Connection: keep-alive
Server: Apache
Age: 10855547
ETag: e1afff1a21c8b5289e1f92ff04f9f84c
X-Cache: Hit from cloudfront
Content-Type: image/png
Edge-Control: downstream-ttl=31536000
Cache-Control: max-age=31536000, public
X-Amz-Cf-Pop: FRA50-C1
X-Robots-Tag: nofollow
Content-Length: 12422
X-Amz-Cf-Id: jAKwEWq5G8-_PXj8kHLzxxc1T1wX7HbV0QHqGui3vQX-SnvzYPvgmQ==
Expires: Fri, 01 Apr 2022 00:11:41 GMT

GET
H/1.1 200
OK jshint_2.13.0.279c236b75a5da43567e97cec91dd6db.gz.js Show response
arizent.brightspotcdn.com/resource/00000174-26a2-d19a-ad7c-2eebcf9a0000/styleguide/jshint/ 1 MB
307 KB 79ms
24ms Script
text/javascript 143.204.98.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://arizent.brightspotcdn.com/resource/00000174-26a2-d19a-ad7c-2eebcf9a0000/styleguide/jshint/jshint_2.13.0.279c236b75a5da43567e97cec91dd6db.gz.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-35.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d5f7ed178594d09e25e87cba0e328167a6e48d2508b4a4898ee7f05c21c0a69

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 14 Jul 2021 19:20:54 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 14 Jul 2021 19:09:21 GMT
Server: AmazonS3
Age: 1800995
ETag: "b76103b4c850ad47f75d962f6a4ce99a"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
Cache-Control: public, max-age=31536000
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 313784
X-Amz-Cf-Id: n4d8U20Ms74skBSTkwNOOQfnhIt4yW1csKoPa7uirrDNj7O0Za6Z-Q==

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1017 B 36ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900,900i

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9062b283108aee3d80a32cada8435bd6e2b642f3532de4ec9460136e98d6bc3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://www.benefitnews.com
Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 04 Aug 2021 15:03:22 GMT
server: ESF
date: Wed, 04 Aug 2021 15:37:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Aug 2021 15:37:28 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 445 KB
89 KB 18ms
16ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5DXTZXR

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6f372babb82a367134b88abb96c4aa9ce4d50b492d28f5e7b4a7001f195e8908

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91003
x-xss-protection: 0
last-modified: Wed, 04 Aug 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 04 Aug 2021 15:37:28 GMT

GET
H2 200 advertising.js Show response
www.npttech.com/ 7 KB
3 KB 36ms
13ms Script
application/javascript 2606:4700:3032::ac43:c0b6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.npttech.com/advertising.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c0b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4066
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: MY9S0PJDNWKA0N4N
x-amz-id-2: u+L7370psI8SIxAmhNpCXyD7oSJ5Mvj4UhFctRtjgqEQW9IRVxx/Z0CAHkLIPiAPTAks5+rBcUw=
last-modified: Wed, 19 Jun 2019 08:25:01 GMT
server: cloudflare
etag: W/"3d6f80c860866175f58a84bbbc9217c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUqXk%2BZG87jsouHeRuE8tOLd761aWHdJJUyhElIlkuD9BVDQk%2Bg4zUPmI57vzHZhAhIU8jLzDSI5WYLZBTzGCrhvrSAyFHLko9WQPyzDDCGzgcEIdVRHEv%2BS%2BMueTTsgNaTq1pwUrOt%2F%2FyOz9hg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=28800
x-amz-version-id: hXQWgdpwSBM26VgKOeTSlm.4VT89.h9w
cf-ray: 6798de0119b44dc4-FRA

GET
H/1.1 200
OK p13n.min.js Show response
cdn.boomtrain.com/p13n/sourcemedia-prod/ 76 KB
25 KB 53ms
16ms Script
application/javascript 13.224.96.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.boomtrain.com/p13n/sourcemedia-prod/p13n.min.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-11.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ff4c752ea5d84913f292bb4a85dff5c2a7d7e045a1cb76779c3fe0a5279c2124

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: MeVNMpzO.kACZTAy2gnRLLbD_zGHdcTD
Content-Encoding: gzip
ETag: W/"907305613cc355a74395dbbc3272d738"
Age: 1652
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Last-Modified: Mon, 02 Aug 2021 04:49:50 GMT
Server: AmazonS3
Date: Wed, 04 Aug 2021 15:10:18 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 449f2b51e83bf8ba5fa5e65ce60bc277.cloudfront.net (CloudFront)
Cache-Control: public, max-age=3600
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: j_MLjjeDAQ5rYw10G8QDXD3-OVHn7mUiUw3crM3x2oFJlMu5ylOAYQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 1427
date: Wed, 04 Aug 2021 15:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 04 Aug 2021 17:13:41 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 54ms
16ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fe74e385b7abb8d399bd42531abb189a82ab4bfce5569c75a3e060ba9f1a5135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: TWt49Jqh5lxRYdeUulaz8A==
cross-origin-resource-policy: cross-origin
expires: Wed, 04 Aug 2021 15:38:55 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: ns+KAtYH/WWWlHeJBiS4a0zGyFuUYBJzysAHpivoGt0fW0/aXJW7eXpiG3Vd1xk5pdnTglJhMbQBwj367qF4Ag==
x-fb-trip-id: 720026100
x-fb-content-md5: ccef551ce297cdce3ad047c5d76a487a
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Wed, 04 Aug 2021 15:37:28 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "a7e457c76523a387a78886bff43a17b7"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 polyfill.min.js
polyfill.io/v3/ 72 B
145 B 18ms
18ms Other
text/javascript 151.101.1.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 2024756
detected-user-agent: HeadlessChrome/89.0.4389
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Sun, 11 Jul 2021 13:22:32 GMT
date: Wed, 04 Aug 2021 15:37:28 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 load Show response
experience.tinypass.com/xbuilder/experience/ 4 KB
2 KB 43ms
23ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://experience.tinypass.com/xbuilder/experience/load?aid=t7vpsMsOZy

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41e547ea6f30522394d5890edf586627dfd0da6ddb0aff70f6af25a42cba6468

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 942
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-request-id: C9ombxqHGox
wn: prod-exp-10-0-113-100
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=1800
cf-ray: 6798de01aa8c4a6d-FRA
expires: Wed, 04 Aug 2021 16:07:28 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 22 KB
23 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.benefitnews.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 08:34:22 GMT
x-content-type-options: nosniff
age: 111786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 08:34:22 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v17/ 24 KB
24 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.benefitnews.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 15:35:22 GMT
x-content-type-options: nosniff
age: 86526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24440
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:12:06 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 15:35:22 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 23 KB
23 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900,900i

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.benefitnews.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 00:16:41 GMT
x-content-type-options: nosniff
age: 141647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 00:16:41 GMT

GET
H3-29 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 22 KB
22 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900,900i

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.benefitnews.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 04:01:05 GMT
x-content-type-options: nosniff
age: 128183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:30 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 04:01:05 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=322927541&t=pageview&_s=1&dl=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&ul=en-us&de=UTF-8&dt=About%20Employee%20Benefit%20News%20%7C%20Employee%20Benefit%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=713485695&gjid=209581419&cid=1131133515.1628091449&tid=UA-219761-37&_gid=183087751.1628091449&_r=1&_slc=1&z=971354017

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 229 KB
67 KB 36ms
18ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=805e0f3a5bd5732d580440ff13dcb193

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8a0a55e31784229a1018e6d8add5ba600223ede2981d6ee200db005b81bc40fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.benefitnews.com
Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: yggtVNPsurwcn5ZzkppTug==
cross-origin-resource-policy: cross-origin
expires: Thu, 04 Aug 2022 14:04:01 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 68103
x-fb-rlafr: 0
x-fb-debug: ugLuBzak1Xy47WiRXw9CotvDrWeAnsG5zN1aSp6qYE1+eB6+OyZgVprm5WG+3lbQSzuLKo2Qv3MkOjyJSBpuXw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
x-fb-content-md5: 84f731aca33a50498ffc014ad4825156
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 04 Aug 2021 15:37:28 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "21e5c45fa3fc623cb0ee8f1fa037ff7e"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 pubads_impl_2021080201.js Show response
securepubads.g.doubleclick.net/gpt/ 328 KB
115 KB 80ms
37ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

f19ec923daf7d72e5f2f155ba6229ffde0afd953ce121b44c1ad55e332db58f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 02 Aug 2021 08:47:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116893
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:28 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 75 B
733 B 78ms
35ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.benefitnews.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

d706b02ec6e1dc2d86ea546dcd33afab9550a07fb56e1f95372a4eb796f51362

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:28 GMT

GET
H/1.1 200
OK resolve Show response
people.api.boomtrain.com/identify/ 378 B
693 B 454ms
118ms XHR
application/json 34.195.31.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6eyJlZSI6ImJVV0lGVThKSG4rSG43d29WMWJKWGZGdzZlMWJmbzRPZVQwT0NOM0pFdWZFRzlrK08xMlQ4RlpzS1NDZjlRYmgifSwiZXh0ZXJuYWxfaWRzIjp7fX0%3D&site_id=sourcemedia-prod
Requested by: Host: cdn.boomtrain.com
URL: https://cdn.boomtrain.com/p13n/sourcemedia-prod/p13n.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.195.31.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-195-31-102.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 079eb99bb7e0ca33a7ade2686ea7010d9855573a7986ed906780503c555cbbf4

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 15:37:29 GMT
Server: nginx
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Content-Length: 378

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
466 B 42ms
14ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-219761-37&cid=1131133515.1628091449&jid=713485695&gjid=209581419&_gid=183087751.1628091449&_u=IEBAAEAAAAAAAC~&z=261644883

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 04 Aug 2021 15:37:28 GMT
content-type: text/plain
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 411 KB
136 KB 14ms
12ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tinypass.com/api/tinypass.min.js

Requested by

Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=t7vpsMsOZy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e0eea4b0b726448ca0ddb42aa528b40d85174cdc9ac8ea3343dfb6d49ecc64f

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
wn: prod-dash-10-200-67-209
last-modified: Tue, 03 Aug 2021 13:22:06 GMT
server: cloudflare
etag: W/"420676-1627996926000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.001
cache-control: public, max-age=300
cf-ray: 6798de033e0e4a6d-FRA
expires: Wed, 04 Aug 2021 15:42:28 GMT

GET
H/1.1 200
OK tag.aspx Show response
ml314.com/ 28 KB
13 KB 162ms
43ms Script
application/javascript 52.211.195.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?47
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.195.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-195-119.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1b05ce33469db78a252caf0e176e3cb56cd4d1d17aa3c3cda89f8088bb3eefda

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 15:37:28 GMT
Content-Encoding: gzip
Last-Modified: Tue, 03 Aug 2021 23:32:45 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=28516
Connection: keep-alive
Content-Length: 12574
Expires: Wed, 04 Aug 2021 23:32:45 GMT

GET
H3-29 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 37ms
17ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25944
x-xss-protection: 0
pragma: public
x-fb-debug: RZcmF3nv+K74Tuip4Y73wGWxYuFDNlRyTYAkeeVrZhbZ4SdSulagrJADLnyyGxb45dQGAQpqFnI3ko5skqBCXA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 04 Aug 2021 15:37:28 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/ 930 B
1 KB 46ms
12ms Script
application/javascript 13.224.89.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.166 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-89-166.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 11:42:03 GMT
Via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
Age: 14125
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 930
Pragma: public
Last-Modified: Wed, 06 May 2020 20:19:48 GMT
Server: nginx
ETag: "5eb31be4-3a2"
Content-Type: application/javascript
Cache-Control: max-age=86400, public
X-Amz-Cf-Pop: ZRH50-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: T1dp4wUOHpB5Vy9McWsw07pdjj0C81FxVGBXbY6IKmwjel9si2XPLQ==
Expires: Thu, 05 Aug 2021 11:42:03 GMT

GET
H2 200 video.js Show response
vjs.zencdn.net/7.6.5/ 2 MB
395 KB 24ms
6ms Script
application/javascript 2a04:4e42:3::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vjs.zencdn.net/7.6.5/video.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 59a717e69bec72ad009181785a1a65b674d1c01e77e04bdc718deb02a9b97671

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: gzip
last-modified: Fri, 04 Oct 2019 14:08:10 GMT
etag: "6ad9f2485086f3f4265513b2a6599cf1"
x-served-by: cache-fra19128-FRA
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 404443
x-cache-hits: 1

GET
H/1.1 200
OK dpm_c415505dca69be631ca5d391b3ccd2b44b52d017.min.js Show response
s.dpmsrv.com/ 112 KB
38 KB 103ms
26ms Script
application/x-javascript 13.224.193.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.dpmsrv.com/dpm_c415505dca69be631ca5d391b3ccd2b44b52d017.min.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-120.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d5e1876373576f4110b6ad82c25041aa2e9762cc4a417939eeb20e654818a818

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 00:50:16 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 May 2020 20:46:58 GMT
Server: AmazonS3
Age: 53236
ETag: "b10698ccacbd3420aaa5389feaa6b0f5"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Pop: FRA2-C1
Accept-Ranges: bytes
Content-Length: 38693
X-Amz-Cf-Id: P6C2TotB_asrXDnSonYpBEagEENYwtO459GesrAiYQU55cxZykHdRw==

GET
H3-29 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
882 B 7ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:19:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1060
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Wed, 04 Aug 2021 16:19:48 GMT

GET
H3-29 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 14:58:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2340
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:58:28 GMT

GET
H2 200 tag Show response
a.teads.tv/page/71465/ 2 KB
1019 B 105ms
53ms Script
application/javascript 184.30.21.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/page/71465/tag
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5DXTZXR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.21.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-21-51.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5aa0b98edb7d3d435dc935f7bc947cdaf0ce8392ab62b73efe51ac964a399e85

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:28 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, must-revalidate, max-age=3600
access-control-allow-credentials: true
content-length: 819
expires: Wed, 04 Aug 2021 16:37:28 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 39ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-219761-37&cid=1131133515.1628091449&jid=713485695&_u=IEBAAEAAAAAAAC~&z=1764974293

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 37ms
16ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-219761-37&cid=1131133515.1628091449&jid=713485695&_u=IEBAAEAAAAAAAC~&z=1764974293

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 29ms
15ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-219761-37&cid=1131133515.1628091449&jid=982335771&gjid=1220374097&_gid=183087751.1628091449&_u=aGDAgEArAAAAAG~&z=888159117

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 04 Aug 2021 15:37:29 GMT
content-type: text/plain
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 23ms
14ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-219761-100&cid=1131133515.1628091449&jid=599721808&gjid=7819047&_gid=183087751.1628091449&_u=aGDAiEArBAAAAG~&z=885468206

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 04 Aug 2021 15:37:29 GMT
content-type: text/plain
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=322927541&t=pageview&_s=1&dl=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&dp=%2Fabout-us&ul=en-us&de=UTF-8&dt=About%20Employee%20Benefit%20News%20%7C%20Employee%20Benefit%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEArAAAAAC~&jid=982335771&gjid=1220374097&cid=1131133515.1628091449&tid=UA-219761-37&_gid=183087751.1628091449&gtm=2wg8205DXTZXR&cd2=Amazon%20CloudFront&cd5=Free&cd8=11&cd9=20160127&cd15=BasicPage&cd17=&z=1102835892

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 05:50:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 35247
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=322927541&t=pageview&_s=1&dl=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&dp=%2Fabout-us&ul=en-us&de=UTF-8&dt=About%20Employee%20Benefit%20News%20%7C%20Employee%20Benefit%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEArBAAAAG~&jid=599721808&gjid=7819047&cid=1131133515.1628091449&tid=UA-219761-100&_gid=183087751.1628091449&gtm=2wg8205DXTZXR&cd2=Amazon%20CloudFront&cd5=Free&cd8=11&cd9=20160127&cd15=BasicPage&cd17=&z=2116038693

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 05:50:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 35247
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p.js Show response
cdn.parsely.com/keys/benefitnews.com/ 72 KB
25 KB 45ms
16ms Script
application/javascript 13.224.95.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/benefitnews.com/p.js
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-38.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 753556b8789235607882430bfcb16c87104ba1540a0800b43af20a5baecc3835

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Wed, 04 Aug 2021 05:24:00 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 19:53:02 GMT
server: nginx
age: 36809
etag: W/"6046809e-11f2a"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 871dedfc10f4428aa2412b6f788b791a.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: rUcJpUTvjRbnytKTyimPy_YXgP45AeKJLn1MaMOhhmBjziRn57AQ3g==
expires: Thu, 05 Aug 2021 05:24:00 GMT

GET
H/1.1 200
OK cx.cce.js Show response
cdn.cxense.com/ 22 KB
6 KB 30ms
8ms Script
application/x-javascript 2a02:26f0:1700:1a1::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.cce.js
Requested by: Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1a1::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 15:37:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Jul 2021 14:49:19 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5864
Expires: Wed, 04 Aug 2021 16:37:29 GMT

GET
H2 200 get.js Show response
buy.tinypass.com/api/v3/anon/captcha/ 153 B
302 B 28ms
19ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=t7vpsMsOZy

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

611871995ee4fdfdd3c5c915b608b6bc2146c60b72d4f7797e39562e196e0adb

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 226
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-request-id: C78nbxqiMZf
pragma
wn: prod-dash-10-0-92-132
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.011
cache-control: public, max-age=1200
cf-ray: 6798de04b9884a6d-FRA
expires: Wed, 04 Aug 2021 15:57:29 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 59ms
19ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?ev=1822473388078354&dl=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&rl=&if=false&ts=1628091449075&sw=1600&sh=1200&v=2.9.44&r=stable&o=28&it=-1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:29 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 04 Aug 2021 15:37:29 GMT

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D342%26pixelIndex%3D0%26r%3D338708%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.benefitnews.c...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D342%2526pixelIndex%253D0%2526r%253D338708%2526tzOffset%25...
https://a.dpmsrv.com/dpmpxl/index.php?id=6394774289394595266&q=xImp&v=1.x&cl=342&pixelIndex=0&r=338708&tzOffset=-120&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_c...

254 B
1000 B

867ms
111ms

Script
text/javascript

3.224.43.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?id=6394774289394595266&q=xImp&v=1.x&cl=342&pixelIndex=0&r=338708&tzOffset=-120&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&_=1628091449083
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.43.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-43-92.compute-1.amazonaws.com
Software: /
Resource Hash: bb4da10a852797684b8761342a50f019363af96304eab91feb164618a7d6d723

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 223
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 04 Aug 2021 15:37:29 GMT
X-Proxy-Origin: 185.236.201.134; 185.236.201.134; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 7de5db0d-05b5-4879-a4c3-7079ba90e455
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://a.dpmsrv.com/dpmpxl/index.php?id=6394774289394595266&q=xImp&v=1.x&cl=342&pixelIndex=0&r=338708&tzOffset=-120&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&_=1628091449083
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 teads-format.min.js Show response
s8t.teads.tv/media/format/v3/ 602 KB
132 KB 32ms
6ms Script
text/javascript 2a02:26f0:6c00:19c::26e5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s8t.teads.tv/media/format/v3/teads-format.min.js
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/page/71465/tag
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:19c::26e5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fa752000fcf7d4230796b53d39aa36f5b683df2e64c9f9412a27266a3f263761

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:29 GMT
content-encoding: br
vary: Accept-Encoding
x-amz-request-id: CDMZ93ZFNBNH4KGE
content-length: 134164
x-amz-id-2: wA3QOgBPJbUYVdRjTjsif88jitD9Qf6o1/TY9c23gyW24mtH0gJLqeajuSZImUW66lwYGvGtJ+E=
last-modified: Tue, 03 Aug 2021 16:15:15 GMT
etag: "322b83c08d7f233180c8732adbfdb905"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, must-revalidate, max-age=1800, no-transform
access-control-allow-credentials: false
x-bucket: 8
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 04 Aug 2021 16:07:29 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 33ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-219761-100&cid=1131133515.1628091449&jid=599721808&_u=aGDAiEArBAAAAG~&z=178225020

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 32ms
16ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-219761-100&cid=1131133515.1628091449&jid=599721808&_u=aGDAiEArBAAAAG~&z=178225020

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 33ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-219761-37&cid=1131133515.1628091449&jid=982335771&_u=aGDAgEArAAAAAG~&z=816226457

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 29ms
16ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-219761-37&cid=1131133515.1628091449&jid=982335771&_u=aGDAgEArAAAAAG~&z=816226457

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK segments Show response
api.zetaglobal.net/people/rid50Rq6qsqdM%2FUUnlTnR9lO%2BTHgZ3C7c26dkzMEnw6sAu9MhpwCdGnG54iranrJINpYgEFmKYNgb8JMm8HTkw%3D%3D/ 37 B
972 B 934ms
207ms XHR
application/json 54.208.203.88
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.zetaglobal.net/people/rid50Rq6qsqdM%2FUUnlTnR9lO%2BTHgZ3C7c26dkzMEnw6sAu9MhpwCdGnG54iranrJINpYgEFmKYNgb8JMm8HTkw%3D%3D/segments?site_id=sourcemedia-prod

Requested by

Host: cdn.boomtrain.com
URL: https://cdn.boomtrain.com/p13n/sourcemedia-prod/p13n.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.208.203.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-208-203-88.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

b2aa3cb26277bf432b0f7f34fae39df6487bf5700639b95f0108dae6b834ccd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 15:37:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Request-Id: 963309ae-295e-471d-b3cc-83d7a6975cae
X-Runtime: 0.098964
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"0a5931467eb86cf1145acd5a4a9621c9"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000;
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Access-Control-Request-Methods: GET
Access-Control-Allow-Headers: origin, x-requested-with, content-type, accept, authorization, x-prototype-version

GET
H2 200 verify Show response
id.tinypass.com/id/api/v1/identity/token/ 203 B
972 B 425ms
423ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://id.tinypass.com/id/api/v1/identity/token/verify?callback=jQuery112408566920606465351_1628091449018&client_id=t7vpsMsOZy&site=https%3A%2F%2Fwww.benefitnews.com&_=1628091449019

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edca9bfe4c7283e0d7ef807a32606b9b3c25926721717b0569b470360069ded9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:29 GMT
content-encoding: br
cf-cache-status: DYNAMIC
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL", CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-request-id: Chenbxq6490
pragma: no-cache
wn: prod-id-10-0-126-34
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-cache="set-cookie"
access-control-allow-credentials: true
server-time: 0.001
cf-ray: 6798de052a6a4a6d-FRA
access-control-allow-headers: origin, content-type, accept, authorization
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
BLOB 200
OK 8cf63c97-a147-4e79-9f8b-baaacf1fefa6
https://www.benefitnews.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.benefitnews.com/8cf63c97-a147-4e79-9f8b-baaacf1fefa6
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ 62 B
572 B 40ms
40ms Script
application/javascript 52.211.195.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=50113&ct=js&pi=&fp=undefined&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&pv=1628091449150_api42z1z2&bl=en-us&cb=4096961&return=&ht=&d=&dc=&si=1628091449150_api42z1z2&cid=&s=1600x1200&rp=
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?47
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.195.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-195-119.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Aug 2021 15:37:28 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 147
Expires: 0

POST
H2 200 track Show response
events.api.boomtrain.com/event/ 2 B
248 B 837ms
115ms XHR
text/plain 52.72.113.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://events.api.boomtrain.com/event/track
Requested by: Host: cdn.boomtrain.com
URL: https://cdn.boomtrain.com/p13n/sourcemedia-prod/p13n.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.113.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-113-151.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 04 Aug 2021 15:37:29 GMT
server: nginx
allow: GET, HEAD, OPTIONS, POST
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
content-length: 2

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ 115 KB
27 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:1700:1a1::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.cce.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:1a1::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 489031b4b49cd663c247a5f37663db2cf4e30eb88d605c03d18a022cf9c06f8c

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 15:37:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Jul 2021 08:31:30 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27719
Expires: Wed, 04 Aug 2021 16:37:29 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
260 B 919ms
111ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1628091449172&plid=91287228&idsite=benefitnews.com&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22plan%22%3A%22undefined%22%7D&sid=1&surl=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&sref=&sts=1628091449167&slts=0&title=About+Employee+Benefit+News+%7C+Employee+Benefit+News&date=Wed+Aug+04+2021+17%3A37%3A29+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&pvid=97922979&u=pid%3D3db56f1056d76b0fa9f0133458cbeaf4
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 04 Aug 2021 15:37:30 GMT
Cache-Control: no-cache
Last-Modified: Wednesday, 04-Aug-2021 15:37:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK /
arizent.brightspotcdn.com/dims4/default/9fd285a/2147483647/strip/true/crop/2296x3054+0+16/resize/212x282!/quality/90/ 6 KB
7 KB 30ms
29ms Image
image/jpeg 143.204.98.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://arizent.brightspotcdn.com/dims4/default/9fd285a/2147483647/strip/true/crop/2296x3054+0+16/resize/212x282!/quality/90/?url=https%3A%2F%2Fsource-media-brightspot.s3.amazonaws.com%2F07%2F3a%2Fb5a96ea34aa0a66bc1296c30a619%2Febn-0721.jpg
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-35.fra50.r.cloudfront.net
Software: Apache /
Resource Hash: 2a0bab495f3b2989ff18aca96da8089cd9d6ec30e364f58f4946b6a9b7c57270

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 19 Jul 2021 19:08:47 GMT
Via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
Connection: keep-alive
Server: Apache
Age: 1369722
ETag: bfec2b8602a1cc702d83b62d0094e703
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Edge-Control: downstream-ttl=31536000
Cache-Control: max-age=31536000, public
X-Amz-Cf-Pop: FRA50-C1
X-Robots-Tag: nofollow
Content-Length: 6635
X-Amz-Cf-Id: YhuZ4eT-0vBsHbJTWBOrC9tlKlo9G3lHRObbcner-ibtmgUgSOoHfA==
Expires: Tue, 19 Jul 2022 19:08:47 GMT

POST
H3-29 200 execute Show response
experience.tinypass.com/xbuilder/experience/ 13 KB
5 KB 444ms
154ms XHR
application/json 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://experience.tinypass.com/xbuilder/experience/execute?aid=t7vpsMsOZy

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75a89eb34f4e0cd7dbb4f537e6c39a3798493e528ce1f5730ad43fb02d4e2962

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-request-id: ChenbxqRNuC
pragma: no-cache
wn: prod-exp-10-0-82-64
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6798de09be70bf0f-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 44ms
12ms Script
application/javascript 13.224.89.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-89-82.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f06150cd74f4090b6b1194c7fb227fda21f859229aa851169b8116e330ee160b

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 14:58:19 GMT
content-encoding: gzip
last-modified: Wed, 16 Jun 2021 16:29:57 GMT
server: AmazonS3
age: 2352
etag: W/"6f6cd12e9b9fb6a70e03f3fc2cae03a9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7147e532e5cf73689fcb39fa760bcf3.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 9dy-VQ8sbh0_hbG3l8_uoYZl6aw0Vu1cdVPGWzTY6aaE8rYckHERWQ==

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ 43 B
466 B 70ms
23ms Image
image/gif 116.202.80.167
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=1&typ=pgv&rnd=krxnm21id4m4gm9f&sid=1139714799416749181&loc=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&new=0&arf=0&ltm=1628091449183&ref=&tzo=-120&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=krxnm2thuy52zswa&ckp=krxnm21umzb07mk8&glb=&wsz=1600x1200&cp_userState=anon&cp_ver=2.44&cp_testGroup=20
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.80.167 Eichendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.167.80.202.116.clients.your-server.de
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
server: Jetty(9.4.28.v20200408)
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 43
content-type: image/gif

POST
H2 200 unload
api-v3.tinypass.com/api/v3/page/ 0
0 127ms
125ms Ping
application/json 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-v3.tinypass.com/api/v3/page/unload?aid=t7vpsMsOZy&tbc=%7Bjzx%7DpAtS0isbm8eDtFkpIt73xWfdyHnhcn47T7mQ6_WDcGrShAAyGGcqz1HPMNXunGejQ-BbeHU6P-q1w79SBXCddw&time_spent=%7B%22active%22%3A1%2C%22total%22%3A1%7D&scroll=%7B%22max_page_height%22%3A1542%2C%22max_depth%22%3A1200%7D&viewport_exit=0&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&pageview_id=krxnm21id4m4gm9f&visit_id=v-krxnm21jackiho8j
Requested by: Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.benefitnews.com
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS

POST
H3-29 200 execute Show response
experience.tinypass.com/xbuilder/experience/ 13 KB
5 KB 166ms
165ms XHR
application/json 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://experience.tinypass.com/xbuilder/experience/execute?aid=t7vpsMsOZy

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1065837f177f1a4ea3f91669781a41e60aee4ae339ee2e239661093e22e677a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-request-id: CienbxqpTu2
pragma: no-cache
wn: prod-exp-10-0-89-244
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6798de0b1ee2bf0f-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 335 B
572 B 123ms
44ms XHR
application/json 108.128.116.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=11046&slot=%7Bid:googleAd4909ddd8-fbd7-49c2-a697-cc0c36fb878e,ss:%5B970.91,970.90,970.250,728.90,320.50,300.250%5D,p:/16059533/EBNBenefitNews,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=e5d20abc-8423-cabb-4a1b-312cc0dfb990&url=https%253A%252F%252Fwww.benefitnews.com%252Fabout-us%253Futm_source%253Ddg_email%2526utm_campaign%253Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%2526utm_medium%253Dwebseminar%2526bt_ee%253DbUWIFU8JHn%25252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%25252BO12T8FZsKSCf9Qbh%2526bt_ts%253D1628090181488
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.116.76 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-116-76.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8a143f2a9209b8f47c042605c32f3c514314c004878a39dfddc5372b105958f1

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
x-server-name: app19.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.benefitnews.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084
https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm=&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084&google_tc=
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084&google_gid=CAESEB192RwzE-ev_cv6JzMHVz0&google_cver=1

0
597 B

111ms
111ms

Script
text/javascript

3.224.43.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084&google_gid=CAESEB192RwzE-ev_cv6JzMHVz0&google_cver=1
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.43.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-43-92.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 0
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=6394774289394595266&pixelIndex=0&_=1628091449084&google_gid=CAESEB192RwzE-ev_cv6JzMHVz0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 368
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 423396.gif
idsync.rlcdn.com/ 0
66 B 112ms
85ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/423396.gif?partner_uid=6394774289394595266
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 335 B
571 B 44ms
44ms XHR
application/json 108.128.116.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=11046&slot=%7Bid:googleAd1d2a19dc-bfa6-4113-aee6-f4efda07330d,ss:%5B300.250,300.600,300.1050%5D,p:/16059533/EBNBenefitNews,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=e5d20abc-8423-cabb-4a1b-312cc0dfb990&url=https%253A%252F%252Fwww.benefitnews.com%252Fabout-us%253Futm_source%253Ddg_email%2526utm_campaign%253Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%2526utm_medium%253Dwebseminar%2526bt_ee%253DbUWIFU8JHn%25252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%25252BO12T8FZsKSCf9Qbh%2526bt_ts%253D1628090181488
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.116.76 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-116-76.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 969562d03d1ce1f43d89c6e1d6fd3f7c3509fa9ad335e30e2a4da8e4c016eca2

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
x-server-name: app06.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.benefitnews.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 335 B
570 B 46ms
45ms XHR
application/json 108.128.116.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=11046&slot=%7Bid:googleAdb8f3c662-74df-47fa-ad96-3672c828adbb,ss:%5B300.250,300.600%5D,p:/16059533/EBNBenefitNews,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=e5d20abc-8423-cabb-4a1b-312cc0dfb990&url=https%253A%252F%252Fwww.benefitnews.com%252Fabout-us%253Futm_source%253Ddg_email%2526utm_campaign%253Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%2526utm_medium%253Dwebseminar%2526bt_ee%253DbUWIFU8JHn%25252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%25252BO12T8FZsKSCf9Qbh%2526bt_ts%253D1628090181488
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.116.76 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-116-76.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5021672d00240a1cb74a17efcc5d073770cfd83334d1e1c800357a33b0963329

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
x-server-name: app11.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.benefitnews.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 39ms
17ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.benefitnews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 04 Aug 2021 15:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 36ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.benefitnews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 04 Aug 2021 15:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
7 KB 485ms
484ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3708970656677626&correlator=3997140926659815&output=ldjh&impl=fif&eid=31060979%2C31062103%2C44741899%2C20211866&vrg=2021080201&ptt=17&sc=1&sfv=1-0-38&ecs=20210804&iu_parts=16059533%2CEBNBenefitNews&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250%7C970x90%7C970x91&prev_scp=pos%3Dcollapsed_header1%26id%3De103de30-f539-11eb-9f32-068792706006%26vw%3D40%2C50%2C60%2C70%26grm%3D40%2C50%2C60%2C70%26pub%3D40&eri=1&cust_params=storyID%3D00000152-8482-db03-a57f-ee8b08690000%26PID%3Dnull%26ZetaSegments%3D67270%252C44109%252C66564%252C63992%252C60018%252C61619%26fr%3Dtrue%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1628091450&dt=1628091450242&dlt=1628091448320&idt=674&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=164&adks=1391125799&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x60&msz=728x40&ga_vid=1131133515.1628091449&ga_sid=1628091450&ga_hid=322927541&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

189cdaee4953ec60982f1ac2447354ee306f0f26a7f6df0c41fa813e46e39763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E6BC 6 KB
3 KB 59ms
13ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.benefitnews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.benefitnews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 04 Aug 2021 15:37:30 GMT
expires: Thu, 04 Aug 2022 15:37:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 64 KB
22 KB 964ms
962ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3708970656677626&correlator=3997140926659815&output=ldjh&impl=fif&eid=31060979%2C31062103%2C44741899%2C20211866&vrg=2021080201&ptt=17&sc=1&sfv=1-0-38&ecs=20210804&iu_parts=16059533%2CEBNBenefitNews&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600%7C300x1050&prev_scp=pos%3Dbigbox1%26id%3De107ae53-f539-11eb-aaf3-0a6d0b536c42%26vw%3D40%2C50%2C60%2C70%26grm%3D40%2C50%2C60%2C70%26pub%3D40&eri=1&cust_params=storyID%3D00000152-8482-db03-a57f-ee8b08690000%26PID%3Dnull%26ZetaSegments%3D67270%252C44109%252C66564%252C63992%252C60018%252C61619%26fr%3Dtrue%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1628091450&dt=1628091450256&dlt=1628091448320&idt=674&frm=20&biw=1600&bih=1200&oid=3&adxs=1049&adys=260&adks=2764090261&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&vis=1&dmc=8&scr_x=0&scr_y=0&psz=483x840&msz=442x40&ga_vid=1131133515.1628091449&ga_sid=1628091450&ga_hid=322927541&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

0154274fd44b84c267e6efa2499295a50a938f9a690c7bf474559afe388c7cbf

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIuy06TZl_ICFbKGgwcd7a8ITQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/11008493657576701952/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIuy06TZl_ICFbKGgwcd7a8ITQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/11008493657576701952/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22011
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Wed, 04 Aug 2021 15:37:31 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 64 KB
22 KB 1434ms
1434ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3708970656677626&correlator=3997140926659815&output=ldjh&impl=fif&eid=31060979%2C31062103%2C44741899%2C20211866&vrg=2021080201&ptt=17&sc=1&sfv=1-0-38&ecs=20210804&iu_parts=16059533%2CEBNBenefitNews&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&prev_scp=pos%3Dbigbox2%26id%3De107fd13-f539-11eb-8829-024bf4a6d028%26vw%3D40%2C50%2C60%2C70%26grm%3D40%2C50%2C60%2C70%26pub%3D40&eri=1&cust_params=storyID%3D00000152-8482-db03-a57f-ee8b08690000%26PID%3Dnull%26ZetaSegments%3D67270%252C44109%252C66564%252C63992%252C60018%252C61619%26fr%3Dtrue%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1628091450&dt=1628091450267&dlt=1628091448320&idt=674&frm=20&biw=1600&bih=1200&oid=3&adxs=1049&adys=300&adks=994653655&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&vis=1&dmc=8&scr_x=0&scr_y=0&psz=483x840&msz=442x0&ga_vid=1131133515.1628091449&ga_sid=1628091450&ga_hid=322927541&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

505b32b34bfecbc150ab4366f5f1f1007f0629216f6ec7108df142d6a056b4dd

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMbw8KTZl_ICFc-rdwodH90MjA&gqi=&layout=/sadbundle/%24csp%253Der3%24/7835707720094187520/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMbw8KTZl_ICFc-rdwodH90MjA&gqi=&layout=/sadbundle/%24csp%253Der3%24/7835707720094187520/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21997
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Wed, 04 Aug 2021 15:37:31 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.benefitnews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK index.php Show response
a.dpmsrv.com/dpmpxl/ 5 B
1 KB 112ms
111ms Script
text/javascript 3.224.43.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?q=xSeg&v=1.x&ep%5Bids%5D=7568712%2C6451507%2C6746300&cl=342&pixelIndex=0&r=606197&tzOffset=-120&url=https%3A%2F%2Fwww.benefitnews.com%2Fabout-us%3Futm_source%3Ddg_email%26utm_campaign%3Ddg_ebn_wondrhealth_webseminar_08122021_20210804_p2%26utm_medium%3Dwebseminar%26bt_ee%3DbUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh%26bt_ts%3D1628090181488&id=6394774289394595266&_=1628091449085
Requested by: Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_c415505dca69be631ca5d391b3ccd2b44b52d017.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.43.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-43-92.compute-1.amazonaws.com
Software: /
Resource Hash: fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 31
Expires: 0

GET
H/1.1 200
OK seg
ib.adnxs.com/ 43 B
1 KB 23ms
23ms Image
image/gif 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/seg?member=827&add=7568712,6451507,6746300

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Aug 2021 15:37:30 GMT
X-Proxy-Origin: 185.236.201.134; 185.236.201.134; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 784b9493-67f2-47cf-9071-4cb4340bb55b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK px
secure.adnxs.com/ 43 B
953 B 71ms
22ms Image
image/gif 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=803560&t=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Aug 2021 15:37:30 GMT
X-Proxy-Origin: 185.236.201.134; 185.236.201.134; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: cee9674e-536e-47ec-b301-89bad2929be6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 container.html Show response
d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D5C 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.benefitnews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.benefitnews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 04 Aug 2021 15:37:30 GMT
expires: Thu, 04 Aug 2022 15:37:30 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e3da77a5939fbc06cb620cc93ee888978121a1dcd5cdb746deeb936a4cd92f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:30 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627903448373927"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27995
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:30 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 533ms
26ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021080201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8479b330e006785c81c2711af5a4b15f1df81ec1bee539d32ded4d569b30dc39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8546
x-xss-protection: 0

GET
H3-29 200 container.html Show response
d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C478 6 KB
3 KB 19ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.benefitnews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.benefitnews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 04 Aug 2021 15:37:30 GMT
expires: Thu, 04 Aug 2022 15:37:30 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 39ms
17ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0B24 478 B
486 B 40ms
18ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiN4p6mATAB&v=APEucNVbraTH2zqj8uH4yludIo_clgRleq_O3j44SQHU8fgqhwYF6aLZYRIv4Qk7cOQ6UYpcbXZcV4UGcd8WgELaiABthHvnjw

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMW7lQEQ4oWWARiN4p6mATAB&v=APEucNVbraTH2zqj8uH4yludIo_clgRleq_O3j44SQHU8fgqhwYF6aLZYRIv4Qk7cOQ6UYpcbXZcV4UGcd8WgELaiABthHvnjw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnhftywBkIfwTn_73oX-w9PtrGAmy2d2zzCbDGeulf_fWiw2VVSUlVJTEOKHKU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 04 Aug 2021 15:37:31 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9D5C 60 KB
25 KB 63ms
43ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjJMDqMkSWDxefbDoyj6PKPbMh5MVXxqFy1rTm5ttl-uhNsMi8u-p8d1KJoIN9mirk8W5z_0htVRtvjMAWoDX4eFvRmndcYhjeDTZ85o41jVRW3V6WH9jBJrochiksyfFxrRlkh1WbeQGq6X36-jTKbgLCPw&dbm_d=AKAmf-CZRXTGEkYdogitzBdSYsFH9B05NS-QNvfeqHy6n8P80WwLpEzvzEiOJHPS2CJr9kDFPuyV0AaCkbjtKVielhpIX1XCzXlD04d8ybmFa4KoNwKwB9GAhGHbh7iAnnEX8YsVMX-e2DiMmb0XCTfzyV8lnFwFRfNVMqOOxaNcnoK_DyIrjvl8Z03nczhrfTyjKp-lj72TG5BhWi2-khd18maSSIwqaM09c-tfOhB1eTxUKzdFvWFixtk9-4r9_mOvglCmixpZPYVP07-ToQUJR9YZqxj3Ox8uByniVoxG599JmIs1a4H_O8Da8cBLJlvylunRrgTt-SfewBP_A-PKKRxA-F2l7a0WI70ms1jeieqjcAJP9Mp4OjxB6ZOUsHkStTfC0ubTWQtG1KVtMriDVSvMiQtjMhRYzbTqQ_GUA4syHANElfBYSKSFJVhyXY8RCq9KPdGmjc9N-9_YwcKnu5iQRvbrYyKIzxiTxwCJ50B4OdLXrBzYtRnT9CLbqbPkyPbfYk189pml1lJHZxAiyzwe-s2plp1NWOqzR9-rNUIOJqOII0QtKBUT55BYv5CAg26vv8esEKDH2aTepV9lz7hCr2iEyJ1AVkIjHRaYebIhKhlAWlikStAlLDiaUfLpk5nskd0YJ8eX6hr49Y4cGsZIehGCYfAPqAjEyCwnSYTq14wvpwOg6ptLP4fyd2lfZbRJVAW30YhICla4a499LxCcflZvsXU0ZK-yVFgoioddHE3K_XKcTEpgwE_ajycFVvdaW81LVyZdYArC8L83syLgo7Z8JxM-_QRT-sWFVgdEcbpcUcZ73qEjBD1uwEnTT0vXeAiUxXOOUMdGS8itm0Qp66Ho1jNol6ooFRfI12o47vaq71_1QNglALl8WYypiwdxdggZptryspjRZ6GUzH2brCp8_C2W6uk09zqff5ZG22WJxxJO5HYcSISYtYVZr4V3dT220QtYIKY_16Se6rzuzRM1xJIDmkq59G3RXSRNjK0u0sPXS7qKPPWU1HW9DmPjwx5cBLPv7CMauZr16tWdrcSMkokFZvq2PQpKjLzrhIU8jWBC3qLxbzRUo2BnCejSjYLqEp2IDwCqTBxo_zftIqa6T0q-vH5qYENqn86-trN_wR7OA-Kx8dtLu5Fj0XIKPBXB82KebZyLyeGQn_bHJgUtxY6CkvcoEvEtig_XbOL6tYqt03Kt4QyJhRd1TYIKs01Vbw_0ks9oWBtuZZzXY8fjjfT1KCerLLfCUXC88gH8G_D3SVsTZMkHGruCHbt42O2tR2tD5UDuYc_QAURF0Ur-R117-uUtaDbHNJwlJlE72hyUNVZNL0sZHda6QEj5lbMWOax4QBiQXSCuQUneoubXEPE18pRuB3KOroJQroruckc3DMzsDAmqbiaxDYSdk3Y1qLFPPF3mg1Mpf0FtxIqEFl8C1IG8ziuxt_II-qKdrBZYQMXLsyPWupUlSXWfBNO77MM-89SbNproV2O1T72f3lpi5FYvlECIEwGqoQoEqL7AiHnkA4EVv5Rgc5CBsiDOJPhgJIK-56vrPZGXXdkx7uCHkwgTU5b6hyFy4mTCYIYk4CByip-KOvS8fSYYZsoJZuc6LnhY2vXJnTXYP5QMMn1TSNXzyIiA9pqMNGVpYL8WRDdy2aq9Cll91J0-2MS5oopR5uMYPTsMjHaLM9VILmA2CaZdjo1-re4_fgvcTais_0Fxrq4DpaKVNYYIBsniNblqu-2vAmhr5aJ-LUTlMfoj6HHKZq5yynp5T0z6aRw-rwdDBb3qWwoWX3MgRwcYufbXhyUHSG_5zUMpfyyRMDEi4wCMf1Il_l_SXVQ7pYgsM4PkfQ_ZgP4nhW7YrcFMm9h7qnvi5GW9HZ-Fg2lmNwNyPFy3e8gDyZYvX1IplVWC08yMNgtIihtG30H0C01Cnbs2BhKp4ijrZqd38LmFkDgvLIZaZ_b3X-7pSRFGcXdq9icT50uVIHTmWrMyYkFBjH1leL1i9JxjLnA49p7LuVO5jWlwNPx5fWZg5qBfxqCLWW2WbRtPuvreeTRMWUikHoxg4ORGGfSxUgTBMtibIstgZbCqvjjGqHxU_XknCXCZHmBFHx9pC8u6V_MzJASPlCWHcWakMpOFkkmmZJqjlaEoPDNUrVsmkaj7F3_dRcvjV2j8XuGeFtsJXvbOD7IuAOa9myIB1tcKnWPvInCB1_EbRV-bVV0BsiQ0MHcYpJJCN9NtDVbrVuuDJoVWdIuciG2Tt01i--IaZ__2d_O_tC0d6V44O0em173CCCv5tVEZFDYB-r7_cQT8BgrbyU8Jpf1E9nGkk4AiyqwuUPmX2nBfWtSe1tD-qAc9yIoZ41dm2_jP4qYIyu8LYdqdDk4fZ68a1wmFkfqlEI615yU5vI7zw0_hETJOZkzNz7ap89B9kfVnyjIfmLPvRw6Ha4KfZO4sR4aguOZzNhgbV6MNEao4bWg1nysrF9HC2Gx8UW48kK90kb5ufUIe2J19cqv2g90lc6r3euuwdJBu3tYH3wjDaoCsd4X1PcGaJYEeVRq3BwI0Pz_Ot27XFFh4fyotRHHOHD6UkiLBSYUgWwT2uHG2xNAiObkqeXQQ2T-1aUpqjNsoO_JIq79ETcSWuxrBrAUaO5ZOa8jK6NszhXtUiapHFlIFLtYPPtW6hd1rKC-zagHwX40k8HGzzb48L0kejEpO3EwwIJM571LWUyW2QMNohxuEvZArlhTk6izvjD762cX3UOL3eswxLU8RwsWZFb8GP_1arbX1fqBcYsmZnUsyt5bbzQ6N_GH0jGHslcnvPhHxuYRX32V92vh7M7PAVrhrC3zqIT1tBqu3AgXou2VUJqHIHvoOZR-P3F7bFnEZSmymYk6n9Fn99I2h-K9On0VTAjATxr7sV5sPIlM-NUGGC295OoiKozligHg5dOvWMZ0LgnXcwnEpPuQr7NJ3S9EANVUH7aE4gqJDJ1hLWpPtBRaTWVWf8GfrdgSC4lZx9qZeB1LrYCWcCjS26nnRFEMf_OiUKEHFT4wsGBuJt5alQiXahgTz0HS-wWABo-THKjDpV8Kn4Aa4EtfTwR0t6yLX46yV7N5BBWmj8RS2sVmQE3I5-cXWnY5FvFVKA5LCX1uF2IKWYJpuPv7n1d0fHC1asrPCO_3Wmv_1IYk98k5VrJsxOvVYXIBKsWLUvcTAblj8QnEeQMXMIpyj8Kq2e8hJOXxcT2-97mHNh6Zmo8xz5RP62mEPU8uOoAIv0_jb4Sn3AnmDxbatXtdvO9rvCnV5eSp7qA6SCsqraR2gEvl9MtPm_1Z5frWVdNSOt0uJyesbSw-9xuwn9ofqfqLvRl_JK9rTEtzJJ5WfGb3ZHLLxusJKFgmrD70_XdwxQcc&cid=CAASEuRoXdF5KrS8H6aggVhaSyX_Wg&rfl=1%2Chttps%253A%252F%252Fwww.benefitnews.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

538e83909a470729735f13983f340829d98c1cb773bed21d9945b47ac943efcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25210
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D5C 42 B
63 B 54ms
39ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BRQASo9E4Fv-7vuR955PIKdOVl_CBgSk-MscI6v3QN9FoX9o9hETXbPcW2eMr-a2UHRSeWK8w6DHe8QM3BIiNyYQZIx-GWHk7KfMoaKgk0dGo5S_Q

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame 9D5C 2 KB
1 KB 26ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/window_focus_fy2019.js

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:37:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D5C 124 KB
37 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c430c267231b0171372bc7daa045e7293403f2744255796e9121c320760f191a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627903459924584"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38134
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame 9D5C 14 KB
7 KB 22ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:34:13 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 9D5C 0
0 15ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTbzUUc7jJQCulhxIZ473jDpoSstgsMXu_YtG32JZWW5yRJeNLPmXLdbC280XZz6RWg660nxm3yoEFtWHn4PTUR2557Ow
Requested by: Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/ Frame 9F69 63 KB
19 KB 19ms
11ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b376a1f7f98b19f1a40998fd0a90ded4293621cfdd96e1eaa5170f0acb1fa2d5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/11008493657576701952/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Thu, 29 Jul 2021 14:16:20 GMT
expires: Fri, 29 Jul 2022 14:16:20 GMT
last-modified: Thu, 22 Jul 2021 13:56:26 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 17894
age: 523271
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C478 0
0 55ms
55ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CknCSOrQKYYutK7KNjuwP7d-i6AS0n-H8Y_30kvaHDsSEhZ4LEAEgq5uNHGD1lc6B4ASgAZeulqQDyAEJqQJJGYGQXvKzPuACAKgDAcgDAqoEyAJP0ES3ObZsHHcDq46H5307M0iF9pYJfspECtcNTaVvE8bMaKA559aU8qlXpviydti3k95huLFoVNadPhcSNjd79dNlIC6KWNyPHWrzSyHiymMI6pSexSEzzhqAYM60rWKiHyj4BiGNX7BijBBA0G5Vr74RDmtdJhDSRrwQEt2y7nx9ELm6HjXgDIOzxwYEG0oAkEcdlbjmwX9bOwadZNOYSVVDmheKJGc_V5ldeqRTQycwQZgByAkAOOwybr9fGNjgqeGUh8Urs-IFpexRyyDhKoqmwxuKpCyYFyK_o_r8VsoB_gtSu4mti0mHAyvTreVf9btUY4aB6hr_1jACbfyAk_lpxGUnYffNLK25L3tEB9bdH-f7U4MlL5E0Rpx3iUvi5bNslfVerN5NQBLj9RnvqEV7Rzxj1sNMPjIsale3l7e8uNVxwDtSwAS0ot-k1QPgBAGSBQQIBBgBkgUECAUYBKAGXYAH0dHpW6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBRCyua8F0ggHCIBhEAEYHYAKA8gLAdgTDdAVAZgWAYAXAbIXGgoYCAASFHB1Yi02MDQ2Mzc4NzU1MTA0OTM1&sigh=2C6N4pckqGs
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3637 143 B
447 B 14ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnhftywBkIfwTn_73oX-w9PtrGAmy2d2zzCbDGeulf_fWiw2VVSUlVJTEOKHKU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 04 Aug 2021 14:42:57 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3274
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame C478 2 KB
1 KB 16ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/window_focus_fy2019.js

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:37:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C478 124 KB
37 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c430c267231b0171372bc7daa045e7293403f2744255796e9121c320760f191a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627903459924584"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38134
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame C478 14 KB
6 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:34:13 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame C478 0
0 17ms
16ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSWBHxRQW1_mjxJuVX9eZbOgvKH1uNiHzZdjjlO3O6pFkAGBAvtrn39T7DEE47XL97zJGXX2UIHadN8eXISuSsDUZIaFA
Requested by: Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3637
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

53ms
38ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnhftywBkIfwTn_73oX-w9PtrGAmy2d2zzCbDGeulf_fWiw2VVSUlVJTEOKHKU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 04 Aug 2021 15:37:31 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 04-Aug-2021 16:37:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 04 Aug 2021 15:37:31 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 04 Aug 2021 15:37:31 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9F69 5 KB
680 B 32ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:500,300|Roboto:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3173c84304c5c64e41321c14295845028574b642590ef2a77d04d4d7fefaa468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 04 Aug 2021 15:37:31 GMT
server: ESF
date: Wed, 04 Aug 2021 15:37:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 9F69 16 KB
6 KB 25ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51879
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 05 Aug 2021 01:12:52 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 9F69 26 KB
10 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75978
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 04 Aug 2021 18:31:13 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 0545 12 KB
5 KB 17ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.benefitnews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.benefitnews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Wed, 04 Aug 2021 15:33:09 GMT
expires: Thu, 04 Aug 2022 15:33:09 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 262
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame ACFA 783 B
530 B 15ms
15ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4695c9662b6bef2e76c2fc0dc730e16763308a715e7a5ed38efc63e742c33a34

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KhIyIp6fr4AgFeiofoVs/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.benefitnews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.benefitnews.com/

Response headers

expires: Wed, 04 Aug 2021 15:37:31 GMT
date: Wed, 04 Aug 2021 15:37:31 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-KhIyIp6fr4AgFeiofoVs/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 9D5C 169 KB
59 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 14:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4045
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Aug 2021 14:30:06 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210729/r20110914/elements/html/ Frame 9D5C 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210729/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjJMDqMkSWDxefbDoyj6PKPbMh5MVXxqFy1rTm5ttl-uhNsMi8u-p8d1KJoIN9mirk8W5z_0htVRtvjMAWoDX4eFvRmndcYhjeDTZ85o41jVRW3V6WH9jBJrochiksyfFxrRlkh1WbeQGq6X36-jTKbgLCPw&dbm_d=AKAmf-CZRXTGEkYdogitzBdSYsFH9B05NS-QNvfeqHy6n8P80WwLpEzvzEiOJHPS2CJr9kDFPuyV0AaCkbjtKVielhpIX1XCzXlD04d8ybmFa4KoNwKwB9GAhGHbh7iAnnEX8YsVMX-e2DiMmb0XCTfzyV8lnFwFRfNVMqOOxaNcnoK_DyIrjvl8Z03nczhrfTyjKp-lj72TG5BhWi2-khd18maSSIwqaM09c-tfOhB1eTxUKzdFvWFixtk9-4r9_mOvglCmixpZPYVP07-ToQUJR9YZqxj3Ox8uByniVoxG599JmIs1a4H_O8Da8cBLJlvylunRrgTt-SfewBP_A-PKKRxA-F2l7a0WI70ms1jeieqjcAJP9Mp4OjxB6ZOUsHkStTfC0ubTWQtG1KVtMriDVSvMiQtjMhRYzbTqQ_GUA4syHANElfBYSKSFJVhyXY8RCq9KPdGmjc9N-9_YwcKnu5iQRvbrYyKIzxiTxwCJ50B4OdLXrBzYtRnT9CLbqbPkyPbfYk189pml1lJHZxAiyzwe-s2plp1NWOqzR9-rNUIOJqOII0QtKBUT55BYv5CAg26vv8esEKDH2aTepV9lz7hCr2iEyJ1AVkIjHRaYebIhKhlAWlikStAlLDiaUfLpk5nskd0YJ8eX6hr49Y4cGsZIehGCYfAPqAjEyCwnSYTq14wvpwOg6ptLP4fyd2lfZbRJVAW30YhICla4a499LxCcflZvsXU0ZK-yVFgoioddHE3K_XKcTEpgwE_ajycFVvdaW81LVyZdYArC8L83syLgo7Z8JxM-_QRT-sWFVgdEcbpcUcZ73qEjBD1uwEnTT0vXeAiUxXOOUMdGS8itm0Qp66Ho1jNol6ooFRfI12o47vaq71_1QNglALl8WYypiwdxdggZptryspjRZ6GUzH2brCp8_C2W6uk09zqff5ZG22WJxxJO5HYcSISYtYVZr4V3dT220QtYIKY_16Se6rzuzRM1xJIDmkq59G3RXSRNjK0u0sPXS7qKPPWU1HW9DmPjwx5cBLPv7CMauZr16tWdrcSMkokFZvq2PQpKjLzrhIU8jWBC3qLxbzRUo2BnCejSjYLqEp2IDwCqTBxo_zftIqa6T0q-vH5qYENqn86-trN_wR7OA-Kx8dtLu5Fj0XIKPBXB82KebZyLyeGQn_bHJgUtxY6CkvcoEvEtig_XbOL6tYqt03Kt4QyJhRd1TYIKs01Vbw_0ks9oWBtuZZzXY8fjjfT1KCerLLfCUXC88gH8G_D3SVsTZMkHGruCHbt42O2tR2tD5UDuYc_QAURF0Ur-R117-uUtaDbHNJwlJlE72hyUNVZNL0sZHda6QEj5lbMWOax4QBiQXSCuQUneoubXEPE18pRuB3KOroJQroruckc3DMzsDAmqbiaxDYSdk3Y1qLFPPF3mg1Mpf0FtxIqEFl8C1IG8ziuxt_II-qKdrBZYQMXLsyPWupUlSXWfBNO77MM-89SbNproV2O1T72f3lpi5FYvlECIEwGqoQoEqL7AiHnkA4EVv5Rgc5CBsiDOJPhgJIK-56vrPZGXXdkx7uCHkwgTU5b6hyFy4mTCYIYk4CByip-KOvS8fSYYZsoJZuc6LnhY2vXJnTXYP5QMMn1TSNXzyIiA9pqMNGVpYL8WRDdy2aq9Cll91J0-2MS5oopR5uMYPTsMjHaLM9VILmA2CaZdjo1-re4_fgvcTais_0Fxrq4DpaKVNYYIBsniNblqu-2vAmhr5aJ-LUTlMfoj6HHKZq5yynp5T0z6aRw-rwdDBb3qWwoWX3MgRwcYufbXhyUHSG_5zUMpfyyRMDEi4wCMf1Il_l_SXVQ7pYgsM4PkfQ_ZgP4nhW7YrcFMm9h7qnvi5GW9HZ-Fg2lmNwNyPFy3e8gDyZYvX1IplVWC08yMNgtIihtG30H0C01Cnbs2BhKp4ijrZqd38LmFkDgvLIZaZ_b3X-7pSRFGcXdq9icT50uVIHTmWrMyYkFBjH1leL1i9JxjLnA49p7LuVO5jWlwNPx5fWZg5qBfxqCLWW2WbRtPuvreeTRMWUikHoxg4ORGGfSxUgTBMtibIstgZbCqvjjGqHxU_XknCXCZHmBFHx9pC8u6V_MzJASPlCWHcWakMpOFkkmmZJqjlaEoPDNUrVsmkaj7F3_dRcvjV2j8XuGeFtsJXvbOD7IuAOa9myIB1tcKnWPvInCB1_EbRV-bVV0BsiQ0MHcYpJJCN9NtDVbrVuuDJoVWdIuciG2Tt01i--IaZ__2d_O_tC0d6V44O0em173CCCv5tVEZFDYB-r7_cQT8BgrbyU8Jpf1E9nGkk4AiyqwuUPmX2nBfWtSe1tD-qAc9yIoZ41dm2_jP4qYIyu8LYdqdDk4fZ68a1wmFkfqlEI615yU5vI7zw0_hETJOZkzNz7ap89B9kfVnyjIfmLPvRw6Ha4KfZO4sR4aguOZzNhgbV6MNEao4bWg1nysrF9HC2Gx8UW48kK90kb5ufUIe2J19cqv2g90lc6r3euuwdJBu3tYH3wjDaoCsd4X1PcGaJYEeVRq3BwI0Pz_Ot27XFFh4fyotRHHOHD6UkiLBSYUgWwT2uHG2xNAiObkqeXQQ2T-1aUpqjNsoO_JIq79ETcSWuxrBrAUaO5ZOa8jK6NszhXtUiapHFlIFLtYPPtW6hd1rKC-zagHwX40k8HGzzb48L0kejEpO3EwwIJM571LWUyW2QMNohxuEvZArlhTk6izvjD762cX3UOL3eswxLU8RwsWZFb8GP_1arbX1fqBcYsmZnUsyt5bbzQ6N_GH0jGHslcnvPhHxuYRX32V92vh7M7PAVrhrC3zqIT1tBqu3AgXou2VUJqHIHvoOZR-P3F7bFnEZSmymYk6n9Fn99I2h-K9On0VTAjATxr7sV5sPIlM-NUGGC295OoiKozligHg5dOvWMZ0LgnXcwnEpPuQr7NJ3S9EANVUH7aE4gqJDJ1hLWpPtBRaTWVWf8GfrdgSC4lZx9qZeB1LrYCWcCjS26nnRFEMf_OiUKEHFT4wsGBuJt5alQiXahgTz0HS-wWABo-THKjDpV8Kn4Aa4EtfTwR0t6yLX46yV7N5BBWmj8RS2sVmQE3I5-cXWnY5FvFVKA5LCX1uF2IKWYJpuPv7n1d0fHC1asrPCO_3Wmv_1IYk98k5VrJsxOvVYXIBKsWLUvcTAblj8QnEeQMXMIpyj8Kq2e8hJOXxcT2-97mHNh6Zmo8xz5RP62mEPU8uOoAIv0_jb4Sn3AnmDxbatXtdvO9rvCnV5eSp7qA6SCsqraR2gEvl9MtPm_1Z5frWVdNSOt0uJyesbSw-9xuwn9ofqfqLvRl_JK9rTEtzJJ5WfGb3ZHLLxusJKFgmrD70_XdwxQcc&cid=CAASEuRoXdF5KrS8H6aggVhaSyX_Wg&rfl=1%2Chttps%253A%252F%252Fwww.benefitnews.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:36:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:36:15 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210729/r20110914/ Frame 9D5C 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210729/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1e2ce44b575d26f6d5dcf0c354810831f84415656813f7e0a9d4112904635c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:29:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 460
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9340
x-xss-protection: 0
server: cafe
etag: 2602534973733678128
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:29:51 GMT

GET
H3-29 200 4iCv6KVjbNBYlgoCjC3jsGyN.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 9F69 29 KB
29 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:500,300|Roboto:700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97d812da07c2319e0e64c4137b33a5d3ccfb4c06fa5ab4444f522959e27a9ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 20:01:35 GMT
x-content-type-options: nosniff
age: 156956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29864
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:02:34 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 20:01:35 GMT

GET
H3-29 200 4iCv6KVjbNBYlgoC1CzjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 9F69 37 KB
37 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:500,300|Roboto:700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f22c14d833819460602bd41792732725e48a6a6ee48f768a298cde40e16584f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 02:12:43 GMT
x-content-type-options: nosniff
age: 134688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38108
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:02:31 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 02:12:43 GMT

GET
DATA 200
OK truncated
/ Frame C478 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0a589336c06d0194881d60c7c3968013e2be3223b0911fb9306a29d9cb1781d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame 0B24 170 B
188 B 32ms
32ms Image
image/png 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiN4p6mATAB&v=APEucNVbraTH2zqj8uH4yludIo_clgRleq_O3j44SQHU8fgqhwYF6aLZYRIv4Qk7cOQ6UYpcbXZcV4UGcd8WgELaiABthHvnjw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0B24
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1&C=1

43 B
1014 B

58ms
57ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiN4p6mATAB&v=APEucNVbraTH2zqj8uH4yludIo_clgRleq_O3j44SQHU8fgqhwYF6aLZYRIv4Qk7cOQ6UYpcbXZcV4UGcd8WgELaiABthHvnjw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Aug 2021 15:37:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 04 Aug 2021 15:37:31 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 04 Aug 2021 15:37:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0B24
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YQq0OwVVXMPoFmOvuHoGCgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1

43 B
894 B

48ms
48ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiN4p6mATAB&v=APEucNVbraTH2zqj8uH4yludIo_clgRleq_O3j44SQHU8fgqhwYF6aLZYRIv4Qk7cOQ6UYpcbXZcV4UGcd8WgELaiABthHvnjw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 04 Aug 2021 15:37:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 04 Aug 2021 15:37:31 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJOxOc8BOW_Df60mGiAgLPo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9D5C 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 06:32:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 205529
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 06:32:02 GMT

GET
DATA 200
OK truncated
/ Frame 9D5C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad1fe6f610acf0399159632b59b0ef8b1b4baaa31f302e783f3c0f01ee1b2c02

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/ Frame 60D4 32 KB
8 KB 37ms
22ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d39b1bfae282927c20c2101c3b7cc50f66f7b6741b3bc55a80fc6fe9c4e73379

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7762
date: Wed, 04 Aug 2021 15:37:31 GMT
expires: Thu, 05 Aug 2021 15:37:31 GMT
cache-control: public, max-age=86400
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9D5C 0
592 B 108ms
61ms Ping
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssHU12yqk6_6xig3Jqj_Vt_GiwudRWZ3hIpacWpp4v_NCk_goTqdGxalxSnNWqpnc5EO0TDgFxemNqJYJ_7ESTuAIBQ6O3BwnHa5Q78uTQEDqukQJntRG41KH0bIT4mOXsyJgM3pMz83PXyya7ECFNsja-UCWJwkWrfDX-48XfstPIfMJ_4N300Y_oxlVL9bGvBYnfZM6ZuWYYCwJApE-ZQLdooOXPde4pf-EGr9i7d9CsAiHQB6LdfwEuYgoWlXr1RahDadKQDQq9-bsUNCF7ssi0lGTwK4VmtlzHoYpQgMEiLuPCOMGpbeRx3vKFin-XGoL_usaSWSEvGiJTJTGPpmwn30KPTBUQC2AXUnav9HKSU5Mvy9lrg0YuhaqDZ3Vd2TAN38EqsXmTwt34owT33w_SK4bJoNcvfv3SrM1NE_HtXQuKcLKVY1-KFbNOYoADW0GjTfPDrj0EBGnqvlupjLxoO27VaBVnu1veysHc-cF4z262rXv9I2Iwwk6UcKcoaTdx9x1OXSDxSeH8nwmuC42NYTx5gJgK-g7eDNUPi4ibSR8i48jeJX7BGZx_z3SInNdItN-Jbb0UBO2Gjt50QnE4CzegWgkpjkuYovMCvIWAuqU41v_ZP1xecfxqIWdzxZ0pEf--4Q75_FZGUslu7sLhrPgdC8zWEFKSI0u9PkxoyWOTU0-8Nc3FjlrJSUuzqFTswhd2ZhF6osOfVkhNhO6zlw2IYmeI90qxRlEn-kHswtoUfWZZEmSKskNyFyGiQg8c45Lik1slwcYBZnlNGUHoDwU12NrMGUK1aeiDsrr_H6tnEr6uLe1TdzyL-znzfTBcK18EJJDvU9UWrWWTDybrk3xzbK6rLITqkqTsYM2KZVOe_LF6vchf_j9GNqNZrIqTkTNLtWd3R9MSV0Zl2_ROwqy_TdXeAqmwW5-79zbtUULXbcxC9xVFWoeJGR3PXuagkw61iPmMKPK9fKtuGa_BWCJf45eklDu97b5F8Fjq2xhj44EVlZFOaGeftNfwSiQUVlTvuFW7SvgFI-xIBJ30M9pW79Ln7nDKaOI_-eN_0WuMb50iBvuIyH7mxk4uXEwBE06EJzDIUQE4pHuxDKlaNX5gXDvh-7kbOcFx99VMhB1mmHSkZvoSygKXlXZfi5hnzndhyUPgq273f2ftEmL6gZ6zlUHqpyyowdAJM30ggaohhezul87O1is981xI3L_mDZMpX8l_S4fY24PzRrgiWndKD5DGDNKDscYVDPxzwDyMljB3Et7L2r-IoN7rUMw&sai=AMfl-YSixdzAz4TTrz4W6f3qUhLTd9Qr93vv2kLX0qCqqcRba3baHjHsZDrrDY-h_e5Jtmg3ddwyHbA2-R6G76YsE0kpzkfcaekxD9w5XM4Dl4h70PU0-_PO0ulDuHD18R6n94a2Y-ApAbNUr6k58aPS9LHA0EG7cg&sig=Cg0ArKJSzMAOklhgRdn3EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=117&cbvp=1&cstd=110&cisv=r20210729.04168&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 04 Aug 2021 15:37:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 visuals_products_pc_small_2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/ Frame 9F69 101 KB
101 KB 9ms
8ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/visuals_products_pc_small_2.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e890cdebe7fbab009e3754d36a4f45cda3bc100edbfab41d301ae76dac309bee

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 515441
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103691
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:56:26 GMT
server: sffe
date: Thu, 29 Jul 2021 16:26:50 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 16:26:50 GMT

GET
H3-29 200 cta_orange_b.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/ Frame 9F69 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/cta_orange_b.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dfc85f79986a2fd367b45be94275c7bccd6565da652b5ac099a83f4ce49bb1d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 515441
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2921
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:56:26 GMT
server: sffe
date: Thu, 29 Jul 2021 16:26:50 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 16:26:50 GMT

GET
H3-29 200 logo_black_orange.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/ Frame 9F69 4 KB
4 KB 8ms
8ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11008493657576701952/logo_black_orange.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbfd730328ebb5e05cd9e897cc5514c6622213589bb896207baae7ddf6c937ed

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 515441
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4405
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:56:26 GMT
server: sffe
date: Thu, 29 Jul 2021 16:26:50 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 16:26:50 GMT

GET
H3-29 200 cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js Show response
pagead2.googlesyndication.com/bg/ Frame 0545 35 KB
13 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

713570daadea89f585efe85f286718e52dee37031ba9e58d51a4526227fbb85a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:06:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13202
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Aug 2022 15:06:35 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BB0A 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Mon, 02 Aug 2021 06:32:03 GMT
expires: Tue, 02 Aug 2022 06:32:03 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 205528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 60D4 236 KB
63 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 60D4 110 KB
38 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 14:30:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3993
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Aug 2021 14:30:58 GMT

GET
H3-29 200 cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js Show response
pagead2.googlesyndication.com/bg/ Frame BB0A 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

713570daadea89f585efe85f286718e52dee37031ba9e58d51a4526227fbb85a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:06:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13202
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Aug 2022 15:06:35 GMT

GET
H3-29 200 Bubble.png
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 7 KB
7 KB 7ms
6ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/Bubble.png?1617967746301

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0574d992bfbedd6c63023302854fee723feca3e82b1862ae305191da9146dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10668
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7044
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:43 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9D5C 0
23 B 82ms
56ms Ping
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 04 Aug 2021 15:37:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 CTA.png
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/CTA.png?1617967746301

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e33280798f96ec91932133e7efabde2376d4d8d4f6acab3db209108a51c2b414

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10668
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2285
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:43 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 60D4 6 KB
4 KB 30ms
16ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e3100b372fe8678be27627129e3459111099eecf5ee1dcf5448a849d465db08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4378
x-xss-protection: 0

GET
H3-29 200 container.html Show response
d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CA58 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js?31062103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.benefitnews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.benefitnews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 04 Aug 2021 15:37:30 GMT
expires: Thu, 04 Aug 2022 15:37:30 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 degradado.png
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 23 KB
23 KB 8ms
7ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/degradado.png?1617967746301

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f2ee75591995df2191444d7d388c2838bc5483ac23ce23cfb8faece6032335a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10668
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23927
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:43 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 60D4 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/ Frame 6BA0 64 KB
18 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2aab89c2f61327cf1ed65b72ca9cbe1f6b9907d280b5bed699517d1cd0b1ecb6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/7835707720094187520/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Thu, 29 Jul 2021 14:06:56 GMT
expires: Fri, 29 Jul 2022 14:06:56 GMT
last-modified: Thu, 22 Jul 2021 13:56:35 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 18038
age: 523835
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CA58 0
0 55ms
55ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1Zt0O7QKYYbnC8_X3gOfurPgCLSf4fxjnfaS9ocOxISFngsQASCrm40cYPWVzoHgBKABl66WpAPIAQmpAssNU0MM5bM-4AIAqAMByAMCqgTIAk_QwScTB20nEKwkeRz0kPrpIq8I88eubdFaQ6A0TcJkfiW6hOahXFnGvEPw1Cfit4enan1vSrre1ZDNti1apsJ3ZwXcNDRnnAjD_v_PU5eTy8uBmUssXAS6-kVc1bL0iz8EVvoVCIrqieYhvrDtww3owFBhYXM-XMbBZtlOO0DQsNYAS1wcZ3MBqWnSfOIg6boBu1YLDUoYowkjoZcunDy_CQs1lAlcNu7-GAoLyjfReG_b-_-ot_xEzCSztyvudQMmH3rNvfR8iSG8nvylWMDMUtOxoLmhzaTHdSIEHQZ28wzAmZm6jUPuUthB3gQMbBZddPh1AEsq9C8xMhfP7m1TsiE72911RZOgN0W8PkZXXY1cf7kIXk59QcClte5Eaq3_5LljbBK9Sk15blA1xoIzldlhkRvGP9v-0cvTHdnPXo3kIQHWfCXABLSi36TVA-AEAZIFBAgEGAGSBQQIBRgEoAZdgAfR0elbqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcFEMOCvwXSCAcIgGEQARgdgAoDyAsB2BMN0BUBmBYBgBcBshcaChgIABIUcHViLTYwNDYzNzg3NTUxMDQ5MzU&sigh=4PYlKli2pNY
Requested by: Host: www.benefitnews.com
URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C71C 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnhftywBkIfwTn_73oX-w9PtrGAmy2d2zzCbDGeulf_fWiw2VVSUlVJTEOKHKU; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 04 Aug 2021 14:42:57 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3274
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame CA58 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/window_focus_fy2019.js

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:37:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CA58 124 KB
37 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c430c267231b0171372bc7daa045e7293403f2744255796e9121c320760f191a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:37:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627903459924584"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38134
x-xss-protection: 0
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/ Frame CA58 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210729/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 15:34:13 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame CA58 0
0 15ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRpn-NSLls963-l1viaUz-inJkHkNXtPYTYqliLr-UgjPZ397uCCdmC6O2fyOOtJeZKr96bszl7TbGGo3QCjBBj4kGmvQ
Requested by: Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 HEADER970x250.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 6 KB
6 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/HEADER970x250.jpg?1617967746301

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d41e1e6b0177aa53112589ea3b91513c4dc18d1f402e466dd5a10bce73a7c25c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10668
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5768
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:43 GMT

GET
H3-29 200 prodcut1.png
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 22 KB
22 KB 7ms
7ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/prodcut1.png?1617967746301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abc3984336a492ea506a6f90cb25e9bd8bb28991eea371e852f451d7eed9d618

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10668
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22340
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:43 GMT

GET
H3-29 200 cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js Show response
pagead2.googlesyndication.com/bg/ Frame 768E 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

713570daadea89f585efe85f286718e52dee37031ba9e58d51a4526227fbb85a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 15:06:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13202
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Aug 2022 15:06:35 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 6BA0 5 KB
680 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:500,300|Roboto:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3173c84304c5c64e41321c14295845028574b642590ef2a77d04d4d7fefaa468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 04 Aug 2021 15:21:25 GMT
server: ESF
date: Wed, 04 Aug 2021 15:37:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Aug 2021 15:37:31 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 6BA0 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51879
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 05 Aug 2021 01:12:52 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 6BA0 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75978
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 04 Aug 2021 18:31:13 GMT

GET
H3-29 200 product2.png
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 20 KB
20 KB 7ms
7ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/product2.png?1617967746301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1326cb0d7ae176ea9bdbfd9bd5959d5c591acdcb49d37a1b32ffbed8dff993d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10668
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20107
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:43 GMT

GET
DATA 200
OK truncated
/ Frame CA58 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f983fc79453f08f4ea23d24046668c79be532545972046bf400eefcbd98d7cc0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 product3.png
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 19 KB
19 KB 8ms
8ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/product3.png?1617967746301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30ad72bc0fc0ee7ff0aa0ff972636f812fd230fafb9a18a799f9fd8dc6577d13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10667
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19668
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:44 GMT

GET
H3-29 200 4iCv6KVjbNBYlgoCjC3jsGyN.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 6BA0 29 KB
29 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:500,300|Roboto:700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97d812da07c2319e0e64c4137b33a5d3ccfb4c06fa5ab4444f522959e27a9ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 20:01:35 GMT
x-content-type-options: nosniff
age: 156956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29864
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:02:34 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 20:01:35 GMT

GET
H3-29 200 4iCv6KVjbNBYlgoC1CzjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 6BA0 37 KB
37 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:500,300|Roboto:700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f22c14d833819460602bd41792732725e48a6a6ee48f768a298cde40e16584f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 02:12:43 GMT
x-content-type-options: nosniff
age: 134688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38108
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:02:31 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 02:12:43 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021080201&jk=3708970656677626&bg=!NTalNnLNAAals0SOpbM7ACkAdvg8WtQhsZiOXHQuHlfs0cRcHayNSt_5wKDMahc6XvDhWBWyvGn9gQIAAADcUgAAADdoAQcKABIyqFMj09GoJsqdQ7f3t3x_yzeZAnUynwcjxynzI46a7O_CgjWgXmbRwyFlc20AnA5ctpmiEATcYS9E4fm3WB10iCrevScbQ9M_kQPG1y42EDvsk3V-7miTPVe-8EjxKRn2Ye1IPVCFGe6N8rOvhHvZaqA3sxYUXuAU0aEcm14BAOGj_NXnatbW3De7rLUwS_ftfPEf8syeFd-f_FKHu0uB9hFO4ZtGDfOInDY8HJMB0Rp9eUxd1nFsLdIdt4quDalA1QrbT_EEt47FrZf_yxQ2htrmKKaeVFkpRQt2qxku7s8NWEV4q_KYSDF5K9FOx_l47Twk8cQcHXOus3xHqOt6xb81-GubCYkZNBQoixS9zix5pt5ba6nVcToBfHWMj1_djWt2wfyK6ST9KCJlm6bKRmki3RN1ksZrbsrYOhMz4-UVbzBM_h2dyjoWCMzdwt3eSIVhDeFeJWtLB4YDsz9bcza3qlDD0KRmXzShXgZW2FRK68xkfKkGOadMmXgPCvVfuIsLoK0E-Yim9dNNFnXiY1jQhSTYoPz7oNGFHcIiqWZ9ma6_bW_CqIC2bwalsyudimtxEF70F7tuXPhNyBV7VwwGtSQKN2VFRMmSPkmwMFJbsxnFea5QUxXpznTpfdRBPbQ70RpWrZwoSDC_cFOaFRKnHMoAD68DsR2zY8xeGE-voSL2Yjf8foKWxnCzJf-o1DxvA8SG8FgQJg-4FKhAWxWp7ELBthgbw5C-K_v1_9RCM0GHUP7iZtfLSVM_9l2sSBd6rNvPvt3SfTRo4-hKCLci3FQ4zuNHS9_b-6PXtmD2BJiC_wgeXnT2qMYHJoEEWIn5S9-pUldRa7x40qLLwZxR2sVgkDUfjQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C71C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
39ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnhftywBkIfwTn_73oX-w9PtrGAmy2d2zzCbDGeulf_fWiw2VVSUlVJTEOKHKU; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 04 Aug 2021 15:37:31 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 04-Aug-2021 16:37:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 04 Aug 2021 15:37:31 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 04 Aug 2021 15:37:31 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Slide1v1.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 72 KB
72 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/Slide1v1.jpg?1617967746301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cc61b79bf8229169214ca87bf95819a55da7fc42f588733ec105ebc45c27da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10667
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73530
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:44 GMT

GET
H3-29 200 Slide2v1.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/ Frame 60D4 70 KB
70 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/images/Slide2v1.jpg?1617967746301

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

917b07cd5baf4890ae1450c4aa94672651474223aca220ae73e07d6df62f0d74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Aug 2021 12:39:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:03:06 GMT
server: sffe
age: 10667
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72052
x-xss-protection: 0
expires: Thu, 05 Aug 2021 12:39:44 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB0A 0
20 B 46ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEStpO7QKYY_tE8iQgAfwg6voAwAAAAA4AeAEAg&bg=!LyylLGjNAAals0SOpbM7ACkAdvg8Wma4RQVGwLxipaV89zk3q_uajSgZ73M__a5DJIvvZguNK13MEwIAAAEHUgAAACRoAQcKACRM16aEPWghqzHHo9mX9xE1IreRVVi7oRPSn2tto6W8-hxk_h-ZAsaCGGzjBHQkwtFqDEVfHHJKQ99Kb5Vnkt5qmGx-HSJvlxAqCWw73yWGykDgbu_vI-js9VJIzKTrMaQO6I-69bX4RoHH6TsoC-NxnXlJ4xu2i3zILQZbnP0fTzdgN5o7QeqqjmYLkp3__Cvi0ei1Id1ihVCZpvKlA0M144aMyEzdASl2DRW_Gqft06oPsLLaUYwdnTaCVyD7uFPo9P_wNhNDJlVMhHk3Y_UkZZSksxXFUqkrE2uqqFBV5O__j3C-QlQ9oxnThjyOmZDCwquCoQt56SoQQ6VMK5-5Hnz4uGV3S82Kf4wSVC83R8W6OJ0U0s-Wu3egGzYWJCuZVcewObTGsVMA3uYDtoYPpku7nU0d92f3pXFV42Xfjo1z35PHsz0FmLzMb6hxFNxx9q8KjQm_TraK01UlBKRUrz2vuDwv-hC_AuvquBJa5RUwAvy3G0ZbmSpE_yHra_hPEORiCiYniNoEERoAmVviCI6Mw6IrscAr5VFyXIx1Zlznov1LopZ0eAV2hYhYjTITXc4gpE4iaNVVVOow4ChgyW_5T5UoOADmDKzZkEuLEw3zcIEQj6REb49dj0CfsOomAVJULu7Fl6dXV0XkdXq8lkHHEOxyAule6HFCrtLRO704NmxMQkN-ZkMf6S7ZBk7eFXjCEOVX5JfhAJKkMZFeZk7GUJol8bkjREIlwiIsZ8Q80DAzHrFYiAVM8X3jFyq4hOsodC5FbESzRTs2Xx00SS6rjZFIQObx7HU2UbzMcpOi3kJn98hS4tsKvMBYKnzuuUDxC_203WDGS5ABMWNrczP33WtK0iffWGT4rwTxiMWdriGgf2KwgEa8RPGtPvSrJqQpuhdbZO0xMmOM1o2bklfHn29hU7oWPQ9a96TwPghHshLuUM7UDTP7ZxL3C3NihX7X_P1y2-4hBnMkoz0MopvSUWIf3mqHSbeklw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 visuals_products_pc_small_2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/ Frame 6BA0 101 KB
101 KB 14ms
8ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/visuals_products_pc_small_2.png

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e890cdebe7fbab009e3754d36a4f45cda3bc100edbfab41d301ae76dac309bee

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 512540
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103691
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:56:35 GMT
server: sffe
date: Thu, 29 Jul 2021 17:15:11 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 17:15:11 GMT

GET
H3-29 200 cta_orange_b.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/ Frame 6BA0 3 KB
3 KB 10ms
7ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/cta_orange_b.png

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dfc85f79986a2fd367b45be94275c7bccd6565da652b5ac099a83f4ce49bb1d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 512540
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2921
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:56:35 GMT
server: sffe
date: Thu, 29 Jul 2021 17:15:11 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 17:15:11 GMT

GET
H3-29 200 logo_black_orange.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/ Frame 6BA0 4 KB
4 KB 10ms
9ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7835707720094187520/logo_black_orange.png

Requested by

Host: d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
URL: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbfd730328ebb5e05cd9e897cc5514c6622213589bb896207baae7ddf6c937ed

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 512540
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4405
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:56:35 GMT
server: sffe
date: Thu, 29 Jul 2021 17:15:11 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Jul 2022 17:15:11 GMT

GET
H3-29 200 gaAccount Show response
buy.tinypass.com/api/v3/anon/assets/ 108 B
581 B 149ms
149ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/assets/gaAccount?aid=t7vpsMsOZy&tbc=%7Bjzx%7DpAtS0isbm8eDtFkpIt73xWfdyHnhcn47T7mQ6_WDcGrShAAyGGcqz1HPMNXunGejQ-BbeHU6P-q1w79SBXCddw&user_provider=piano_id&user_token=&callApiJsonp=true&callback=jQuery112408566920606465351_1628091449018&_=1628091449020

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b5129617c483084aef3827072fac75dbf6a20e10336087cfc96ad6f43f936c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 6798de175b30bf0f-FRA
date: Wed, 04 Aug 2021 15:37:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
wn: prod-dash-10-0-129-150
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
p3p: CP="NON DSP COR OUR IND"
server-time: 0.010
cache-control: public, max-age=86400, s-maxage=86400
x-forwarded-https: on
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-request-id: CkenbxqbSQh

GET
H2 200 jsdiagnostic
pixel.adsafeprotected.com/ 43 B
216 B 117ms
40ms Image
image/gif 108.128.116.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/jsdiagnostic?code:pet_profile&anid:11046&sessionId:e5d20abc-8423-cabb-4a1b-312cc0dfb990&err:responsetime%3A54%26probability%3A10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.116.76 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-116-76.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:32 GMT
x-server-name: app01.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.benefitnews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 1431
date: Wed, 04 Aug 2021 15:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 04 Aug 2021 17:13:41 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C478 42 B
64 B 33ms
33ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsse53QJT5j2VXGmdOwIUXFotst8BJZuwrjhoqHDxUvVwPPxs3wBlSx1RDDy3gupYTksszoAjO34aV4wu6BTqmoKzYkP6xHDWY5YRL6dUUweq4pjQyRNB-gevkQ&sai=AMfl-YS5mkLABy4l5JSgqqEO0H6hQgaeCqJOgheBtTfLej9L38-vZiS7SL0qmV0d4WGsctZaMMph1-gPKbS9H31hMbTymcHdB1JoKLeDnxg8vj-fbfibEW-CjFjWAM4&sig=Cg0ArKJSzIujhuxn_ahxEAE&cid=CAASFeRoMBgyFKSd0yG0XHWwCRgk90LdPg&id=lidar2&mcvt=1002&p=510,1049,760,1349&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210802&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2764090261&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628091451233&dlt=51&rpt=43&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9D5C 42 B
64 B 33ms
33ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss8H5PrIsE4p-l1J4STbhNACW_6-KGX6MCitsxe-CIMR71pb1kvavdwu4EzsjIrVUATbCG3m9iToOebHgqN6BwXGtJvrbcWnQATtJacRtJgH_K2rqZuTU8EwKA&sai=AMfl-YSEnYMzvduZ-9DWMoqFtijuUPlqg-Z04ZSj5JckYsWtHvA-XsiipvfY1Ce0R-i-sFZV0hu12O9fKXJmez-ZMDXo5iAmgUrK2gFKdBMhkDtTKWQUqHtoZ12SZqFQ&sig=Cg0ArKJSzLrp4cPZRjZvEAE&cid=CAASEuRoXdF5KrS8H6aggVhaSyX_Wg&id=lidar2&mcvt=1005&p=164,315,414,1285&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20210802&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1391125799&rs=4&met=ce&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628091450750&dlt=532&rpt=530&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CA58 42 B
64 B 33ms
33ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstKmitg1ls_K3DzzN9IdbRevSvWMe301HWok4RMCa44kkmoV585RhjFi8YQUAfjZHGakL7Z50AM4ie7p4VkxoSwXBcNQg3FfsNstNruU6bbXBS05LZolSkEDk8&sai=AMfl-YTLhXO3bX2r4YnWq-ASfoSIVYmjxuH6NTchyAFYjJlthw_QVpcM_fnJzKWqQJcvE8umisu41umEoYYQB-77fa3QKko3m1dI8W7XSs1cIJSBqSzPhatByq_Cocs&sig=Cg0ArKJSzJ_5l6fFczchEAE&cid=CAASFeRoCyaBMrkUMssvJoiZAfEe4-t3mA&id=lidar2&mcvt=1000&p=800,1049,1050,1349&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210802&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=994653655&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628091451730&dlt=9&rpt=1&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIz_b4pNmX8gIVSAjgCh3wwQo9EAAYACCR9alHQhMIztG5pNmX8gIVD7x3Ch3c4QGh;met=1;&timestamp=1628091461734;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9D5C 42 B
515 B 99ms
55ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIz_b4pNmX8gIVSAjgCh3wwQo9EAAYACCR9alHQhMIztG5pNmX8gIVD7x3Ch3c4QGh;met=1;&timestamp=1628091461734;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Aug 2021 15:37:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.benefitnews.com/	1970-01-20 13:46:03	Name: xbc Value: %7Bjzx%7DQZH88tadRw_YT3yrPdpC772NBn3F1hfFnAIh8CLsE_14J9vNke8xyEFka7gxPDogLo8P8F87GrU48cOIkQkHNUccd5QQd_K0HJvpeD1WzNr19zEs4zU92wwwO6yvziDWkdhXOiS2T_OioAx7V5niGBu3ffFDmTM6OCn9lPWWIKAZx2in7halTR1YQMTddMMqGqbFGsiOpQR18B1xasqNiBzUOWPY5ksT3J1Xtlp58rVqLWfETG2k0iqUguxQPYHEW72jBEos_MFY1J3uUCDOR-WBC-u4XcjP1xwZHvtZyeRYzS7fRp0lqMDomFRRL7nrvrX1hql4ZuMOM78omgPbuQkEDzNkcI2iV0Qu5YA0ytC7FtVJ9KbG5wX86HEs3Yts
www.benefitnews.com/	1969-12-31 23:59:59	Name: dpm_time_site Value: 1.03
www.benefitnews.com/	1970-01-19 20:14:51	Name: __adblocker Value: false
.benefitnews.com/	1970-01-20 13:46:03	Name: __tbc Value: %7Bjzx%7DpAtS0isbm8eDtFkpIt73xWfdyHnhcn47T7mQ6_WDcGrShAAyGGcqz1HPMNXunGejQ-BbeHU6P-q1w79SBXCddw
www.benefitnews.com/	1969-12-31 23:59:59	Name: hasLiveRampMatch Value: true
.benefitnews.com/	1969-12-31 23:59:59	Name: cX_S Value: krxnm2thuy52zswa
www.benefitnews.com/	1970-01-19 22:24:31	Name: __pnahc Value: 0
.benefitnews.com/	1970-01-19 20:16:17	Name: __pvi Value: %7B%22id%22%3A%22v-krxnm21jackiho8j%22%2C%22domain%22%3A%22.benefitnews.com%22%2C%22time%22%3A1628091450091%7D
.benefitnews.com/	1970-01-20 05:44:15	Name: _parsely_visitor Value: {%22id%22:%22pid=3db56f1056d76b0fa9f0133458cbeaf4%22%2C%22session_count%22:1%2C%22last_session_ts%22:1628091449167}
.benefitnews.com/	1970-01-19 20:14:55	Name: _bts Value: 51f4f5f3-bfe1-45ef-9ac5-b11b85ff9226
www.benefitnews.com/	1970-01-19 22:24:31	Name: sm_utm_source Value: dg_email
.benefitnews.com/	1970-01-20 05:00:27	Name: btIdentify Value: 957baee0-f663-45a6-a4fa-5ec99fafa543
.benefitnews.com/	1970-01-19 20:14:51	Name: _dc_gtm_UA-219761-37 Value: 1
.benefitnews.com/	1970-01-19 22:24:27	Name: _gcl_au Value: 1.1.225532148.1628091449
.benefitnews.com/	1970-01-20 05:00:27	Name: _bti Value: %7B%22app_id%22%3A%22sourcemedia-prod%22%2C%22attributes%22%3A%5B%7B%22name%22%3A%22created_at%22%2C%22value%22%3A%222021-08-04T15%3A37%3A29%2B00%3A00%22%7D%2C%7B%22name%22%3A%22last_updated%22%2C%22value%22%3A%222021-08-04T15%3A37%3A29%2B00%3A00%22%7D%5D%2C%22bsin%22%3A%22rid50Rq6qsqdM%2FUUnlTnR9lO%2BTHgZ3C7c26dkzMEnw6sAu9MhpwCdGnG54iranrJINpYgEFmKYNgb8JMm8HTkw%3D%3D%22%2C%22created_at%22%3A%222021-08-04T15%3A37%3A29%2B00%3A00%22%2C%22email%22%3A%22lchierello%40firstam.com%22%2C%22last_updated%22%3A%222021-08-04T15%3A37%3A29%2B00%3A00%22%7D
.benefitnews.com/	1970-01-19 20:14:51	Name: _dc_gtm_UA-219761-100 Value: 1
www.benefitnews.com/	1970-01-19 22:24:31	Name: sm_utm_campaign Value: dg_ebn_wondrhealth_webseminar_08122021_20210804_p2
.benefitnews.com/	1970-01-19 20:14:51	Name: _gat Value: 1
www.benefitnews.com/	1969-12-31 23:59:59	Name: dpm_url_count Value: 1
www.benefitnews.com/	1970-01-19 22:24:31	Name: sm_utm_medium Value: webseminar
.benefitnews.com/	1970-01-19 20:14:53	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%252BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%252BO12T8FZsKSCf9Qbh&bt_ts=1628090181488%22%2C%22sref%22:%22%22%2C%22sts%22:1628091449167%2C%22slts%22:0}
.benefitnews.com/	1970-01-19 20:16:17	Name: _gid Value: GA1.2.183087751.1628091449
.benefitnews.com/	1970-01-19 20:58:03	Name: __pat Value: -14400000
www.benefitnews.com/	1970-01-23 11:50:51	Name: _ccmsi Value: 1628091449150_api42z1z2\|1628091449150
.benefitnews.com/	1970-01-20 13:46:03	Name: _ga Value: GA1.2.1131133515.1628091449

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488(Line 1177) Message: Daily Email signup/modal_optin is included in HTML
console-api	log	URL: https://www.benefitnews.com/about-us?utm_source=dg_email&utm_campaign=dg_ebn_wondrhealth_webseminar_08122021_20210804_p2&utm_medium=webseminar&bt_ee=bUWIFU8JHn%2BHn7woV1bJXfFw6e1bfo4OeT0OCN3JEufEG9k%2BO12T8FZsKSCf9Qbh&bt_ts=1628090181488(Line 1181) Message: Inside IIFE
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61771536/20210421040306637/970x250/index.html?e=69&leftOffset=0&topOffset=0&c=rch2TyHXUC&t=1&renderingType=2(Line 312) Message: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.dpmsrv.com
a.teads.tv
ade.googlesyndication.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
api-v3.tinypass.com
api.zetaglobal.net
arizent.brightspotcdn.com
buy.tinypass.com
cdn.adsafeprotected.com
cdn.boomtrain.com
cdn.cxense.com
cdn.parsely.com
cdn.tinypass.com
cm.g.doubleclick.net
comcluster.cxense.com
connect.facebook.net
d10lpsik1i8c69.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
d338043b49d148c8dd2a36f5c5c5433c.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
e.d.arizent.com
events.api.boomtrain.com
experience.tinypass.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id.tinypass.com
idsync.rlcdn.com
ml314.com
p1.parsely.com
pagead2.googlesyndication.com
people.api.boomtrain.com
pixel.adsafeprotected.com
polyfill.io
s.dpmsrv.com
s0.2mdn.net
s8t.teads.tv
secure.adnxs.com
securepubads.g.doubleclick.net
stats.g.doubleclick.net
tpc.googlesyndication.com
unpkg.com
vjs.zencdn.net
www.benefitnews.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.npttech.com
108.128.116.76
116.202.80.167
13.224.193.120
13.224.89.166
13.224.89.82
13.224.95.38
13.224.96.11
13.224.96.72
13.224.96.83
142.250.184.194
142.250.184.226
143.204.98.35
151.101.1.26
184.30.21.51
2.18.234.21
216.58.212.162
2606:4700:3032::ac43:c0b6
2606:4700::6810:7baf
2606:4700::6811:b6b1
2a00:1450:4001:800::2001
2a00:1450:4001:800::2002
2a00:1450:4001:800::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:813::200a
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
2a00:1450:4001:828::2008
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2006
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::200a
2a00:1450:400c:c06::9a
2a02:26f0:1700:1a1::268b
2a02:26f0:6c00:19c::26e5
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f107:83:face:b00c:0:25de
2a04:4e42:3::729
3.224.43.92
34.195.31.102
35.244.174.68
37.252.172.45
37.252.173.27
52.205.167.202
52.211.195.119
52.72.113.151
54.208.203.88
96.47.24.171
0154274fd44b84c267e6efa2499295a50a938f9a690c7bf474559afe388c7cbf
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
079eb99bb7e0ca33a7ade2686ea7010d9855573a7986ed906780503c555cbbf4
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1065837f177f1a4ea3f91669781a41e60aee4ae339ee2e239661093e22e677a3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1326cb0d7ae176ea9bdbfd9bd5959d5c591acdcb49d37a1b32ffbed8dff993d8
177c908e366915477cde805fc7d1a5bd5c23b69f5fca5a52b21348fb7f93b7f9
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
189cdaee4953ec60982f1ac2447354ee306f0f26a7f6df0c41fa813e46e39763
1b05ce33469db78a252caf0e176e3cb56cd4d1d17aa3c3cda89f8088bb3eefda
2a0bab495f3b2989ff18aca96da8089cd9d6ec30e364f58f4946b6a9b7c57270
2aab89c2f61327cf1ed65b72ca9cbe1f6b9907d280b5bed699517d1cd0b1ecb6
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2d5f7ed178594d09e25e87cba0e328167a6e48d2508b4a4898ee7f05c21c0a69
30ad72bc0fc0ee7ff0aa0ff972636f812fd230fafb9a18a799f9fd8dc6577d13
3173c84304c5c64e41321c14295845028574b642590ef2a77d04d4d7fefaa468
35e532cc7584ada37a8246b13d30bafa6f3ddcceb5952703b15aea6ad39c6b41
3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7
41e547ea6f30522394d5890edf586627dfd0da6ddb0aff70f6af25a42cba6468
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
4695c9662b6bef2e76c2fc0dc730e16763308a715e7a5ed38efc63e742c33a34
489031b4b49cd663c247a5f37663db2cf4e30eb88d605c03d18a022cf9c06f8c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e3da77a5939fbc06cb620cc93ee888978121a1dcd5cdb746deeb936a4cd92f0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5021672d00240a1cb74a17efcc5d073770cfd83334d1e1c800357a33b0963329
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
505b32b34bfecbc150ab4366f5f1f1007f0629216f6ec7108df142d6a056b4dd
538e83909a470729735f13983f340829d98c1cb773bed21d9945b47ac943efcf
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59a717e69bec72ad009181785a1a65b674d1c01e77e04bdc718deb02a9b97671
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5aa0b98edb7d3d435dc935f7bc947cdaf0ce8392ab62b73efe51ac964a399e85
5e0eea4b0b726448ca0ddb42aa528b40d85174cdc9ac8ea3343dfb6d49ecc64f
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f792fe255fbfcd352fe4b2f759c95980e57d8d297939e12262d9be1e87f48c4
611871995ee4fdfdd3c5c915b608b6bc2146c60b72d4f7797e39562e196e0adb
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
6f372babb82a367134b88abb96c4aa9ce4d50b492d28f5e7b4a7001f195e8908
713570daadea89f585efe85f286718e52dee37031ba9e58d51a4526227fbb85a
753556b8789235607882430bfcb16c87104ba1540a0800b43af20a5baecc3835
7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b
75a89eb34f4e0cd7dbb4f537e6c39a3798493e528ce1f5730ad43fb02d4e2962
77114a79d52a211183732f50785ae7e5754649b2f8b556ca6e9412ec400eda57
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
7dfc85f79986a2fd367b45be94275c7bccd6565da652b5ac099a83f4ce49bb1d
7e3100b372fe8678be27627129e3459111099eecf5ee1dcf5448a849d465db08
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8479b330e006785c81c2711af5a4b15f1df81ec1bee539d32ded4d569b30dc39
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a0a55e31784229a1018e6d8add5ba600223ede2981d6ee200db005b81bc40fb
8a143f2a9209b8f47c042605c32f3c514314c004878a39dfddc5372b105958f1
8cc61b79bf8229169214ca87bf95819a55da7fc42f588733ec105ebc45c27da1
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8f22c14d833819460602bd41792732725e48a6a6ee48f768a298cde40e16584f
8f2ee75591995df2191444d7d388c2838bc5483ac23ce23cfb8faece6032335a
9062b283108aee3d80a32cada8435bd6e2b642f3532de4ec9460136e98d6bc3e
917b07cd5baf4890ae1450c4aa94672651474223aca220ae73e07d6df62f0d74
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9388c32109db5a0200c30ba2e9f37eaf1d25de70eb14ac963239ae051e8ae84e
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
969562d03d1ce1f43d89c6e1d6fd3f7c3509fa9ad335e30e2a4da8e4c016eca2
97d812da07c2319e0e64c4137b33a5d3ccfb4c06fa5ab4444f522959e27a9ed0
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
abc3984336a492ea506a6f90cb25e9bd8bb28991eea371e852f451d7eed9d618
ad1fe6f610acf0399159632b59b0ef8b1b4baaa31f302e783f3c0f01ee1b2c02
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0574d992bfbedd6c63023302854fee723feca3e82b1862ae305191da9146dcc
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2aa3cb26277bf432b0f7f34fae39df6487bf5700639b95f0108dae6b834ccd2
b376a1f7f98b19f1a40998fd0a90ded4293621cfdd96e1eaa5170f0acb1fa2d5
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb4da10a852797684b8761342a50f019363af96304eab91feb164618a7d6d723
bbfd730328ebb5e05cd9e897cc5514c6622213589bb896207baae7ddf6c937ed
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
c0bf2ffd17947ef568c786a47a930113f516a10a09b72485363621d110ff207b
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c430c267231b0171372bc7daa045e7293403f2744255796e9121c320760f191a
ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d39b1bfae282927c20c2101c3b7cc50f66f7b6741b3bc55a80fc6fe9c4e73379
d41e1e6b0177aa53112589ea3b91513c4dc18d1f402e466dd5a10bce73a7c25c
d5e1876373576f4110b6ad82c25041aa2e9762cc4a417939eeb20e654818a818
d706b02ec6e1dc2d86ea546dcd33afab9550a07fb56e1f95372a4eb796f51362
e0a589336c06d0194881d60c7c3968013e2be3223b0911fb9306a29d9cb1781d
e1394b010bb830df7b0a2b102481d9857a6d0d28335c480b47b067883a846419
e33280798f96ec91932133e7efabde2376d4d8d4f6acab3db209108a51c2b414
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e890cdebe7fbab009e3754d36a4f45cda3bc100edbfab41d301ae76dac309bee
edca9bfe4c7283e0d7ef807a32606b9b3c25926721717b0569b470360069ded9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1e2ce44b575d26f6d5dcf0c354810831f84415656813f7e0a9d4112904635c
f06150cd74f4090b6b1194c7fb227fda21f859229aa851169b8116e330ee160b
f19ec923daf7d72e5f2f155ba6229ffde0afd953ce121b44c1ad55e332db58f0
f983fc79453f08f4ea23d24046668c79be532545972046bf400eefcbd98d7cc0
f9b5129617c483084aef3827072fac75dbf6a20e10336087cfc96ad6f43f936c
fa752000fcf7d4230796b53d39aa36f5b683df2e64c9f9412a27266a3f263761
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b
fe74e385b7abb8d399bd42531abb189a82ab4bfce5569c75a3e060ba9f1a5135
ff4c752ea5d84913f292bb4a85dff5c2a7d7e045a1cb76779c3fe0a5279c2124

www.benefitnews.com Open in urlscan Pro 13.224.96.72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

164 Requests

99 %HTTPS

48 %IPv6

32 Domains

55 Subdomains

50 IPs

5 Countries

3529 kBTransfer

11197 kBSize

25 Cookies

9 Outgoing links

Page URL History

Redirected requests

164 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.benefitnews.com Open in urlscan Pro
13.224.96.72 Public Scan

Screenshot
Live screenshot

Full Image

164
Requests

99 %
HTTPS

48 %
IPv6

32
Domains

55
Subdomains

50
IPs

5
Countries

3529 kB
Transfer

11197 kB
Size

25
Cookies

164 HTTP transactions
4 data transactions