urlscan.io logo urlscan.io
SecurityTrails logo

www.naturalfacedr.com Open in urlscan Pro
3.168.102.112  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cosmeticeyesnyc.com/
Effective URL: https://www.naturalfacedr.com/
Submission: On December 18 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 41 IPs in 2 countries across 40 domains to perform 110 HTTP transactions. The main IP is 3.168.102.112, located in United States and belongs to AMAZON-02, US. The main domain is www.naturalfacedr.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on October 18th 2024. Valid for: a year.
This is the only time www.naturalfacedr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 15.197.225.128 16509 (AMAZON-02)
3 3.168.102.112 16509 (AMAZON-02)
23 3.168.122.12 16509 (AMAZON-02)
5 142.251.40.104 15169 (GOOGLE)
3 18.164.96.80 16509 (AMAZON-02)
2 142.250.176.195 15169 (GOOGLE)
5 13.33.252.20 16509 (AMAZON-02)
8 34.168.224.78 396982 (GOOGLE-CL...)
1 34.204.56.94 14618 (AMAZON-AES)
2 104.18.29.155 13335 (CLOUDFLAR...)
2 18.238.49.101 16509 (AMAZON-02)
1 142.250.80.46 15169 (GOOGLE)
9 104.18.28.155 13335 (CLOUDFLAR...)
1 3.168.73.113 16509 (AMAZON-02)
3 34.215.81.112 16509 (AMAZON-02)
1 142.250.80.74 15169 (GOOGLE)
21 29 34.150.170.96 396982 (GOOGLE-CL...)
3 150.171.27.10 8075 (MICROSOFT...)
2 34.86.110.8 396982 (GOOGLE-CL...)
1 3 142.251.41.4 15169 (GOOGLE)
1 2 142.250.65.162 15169 (GOOGLE)
1 172.217.165.130 15169 (GOOGLE)
2 142.250.80.3 15169 (GOOGLE)
1 1 3.168.122.52 16509 (AMAZON-02)
2 4 34.111.113.62 396982 (GOOGLE-CL...)
2 2 35.71.131.137 16509 (AMAZON-02)
2 3 69.194.240.13 26120 (RHYTHMONE)
1 2 52.223.22.214 16509 (AMAZON-02)
1 34.239.33.178 14618 (AMAZON-AES)
1 1 108.139.29.103 16509 (AMAZON-02)
1 1 13.226.94.14 16509 (AMAZON-02)
1 2 18.173.219.5 16509 (AMAZON-02)
1 8.28.7.83 62713 (AS-PUBMATIC)
1 63.251.28.230 26558 (FREEWHEEL)
2 3 107.178.240.89 396982 (GOOGLE-CL...)
4 5 69.147.92.11 14777 (YAHOO)
1 2 34.229.3.43 14618 (AMAZON-AES)
1 52.201.85.232 14618 (AMAZON-AES)
1 2 52.54.3.156 14618 (AMAZON-AES)
1 2 35.173.105.65 14618 (AMAZON-AES)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
1 107.178.254.65 396982 (GOOGLE-CL...)
1 1 142.250.80.66 15169 (GOOGLE)
1 2 68.67.179.87 29990 (ASN-APPNEX)
1 69.173.151.100 26667 (RUBICONPR...)
1 2 34.98.64.218 396982 (GOOGLE-CL...)
2 2 142.251.41.2 15169 (GOOGLE)
2 54.70.182.28 16509 (AMAZON-02)
110 41
1    15.197.225.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: aec037177372cc6cd.awsglobalaccelerator.com
cosmeticeyesnyc.com
3    3.168.102.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-102-112.jfk52.r.cloudfront.net
www.naturalfacedr.com
23    3.168.122.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-122-12.jfk52.r.cloudfront.net
sa1s3optim.patientpop.com
5    142.251.40.104 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f8.1e100.net
www.googletagmanager.com
3    18.164.96.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-80.jfk50.r.cloudfront.net
sa1s3.patientpop.com
2    142.250.176.195 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f3.1e100.net
fonts.gstatic.com
5    13.33.252.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-252-20.jfk50.r.cloudfront.net
cdn.rlets.com
8    34.168.224.78 (The Dalles, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 78.224.168.34.bc.googleusercontent.com
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com
fault.rlets.com
1    34.204.56.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-56-94.compute-1.amazonaws.com
widgets.patientpop.com
2    104.18.29.155 (None, )

ASN13335 (CLOUDFLARENET, US)
wsmcdn.audioeye.com
wsv3cdn.audioeye.com
2    18.238.49.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-101.jfk52.r.cloudfront.net
capture-api.reachlocalservices.com
1    142.250.80.46 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f14.1e100.net
www.google-analytics.com
9    104.18.28.155 (None, )

ASN13335 (CLOUDFLARENET, US)
wsv3cdn.audioeye.com
1    3.168.73.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-73-113.jfk50.r.cloudfront.net
cdn-prd.patientpop.com
3    34.215.81.112 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-81-112.us-west-2.compute.amazonaws.com
analytics.audioeye.com
1    142.250.80.74 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f10.1e100.net
fonts.googleapis.com
29    34.150.170.96 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 96.170.150.34.bc.googleusercontent.com
um.simpli.fi
3    150.171.27.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    34.86.110.8 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.110.86.34.bc.googleusercontent.com
tag.simpli.fi
i.simpli.fi
3    142.251.41.4 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f4.1e100.net
www.google.com
2    142.250.65.162 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net
googleads.g.doubleclick.net
1    172.217.165.130 (United States)

ASN15169 (GOOGLE, US)
PTR: lax30s03-in-f2.1e100.net
td.doubleclick.net
2    142.250.80.3 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f3.1e100.net
www.google.ca
1    3.168.122.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-122-52.jfk52.r.cloudfront.net
s.ad.smaato.net
4    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
2    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
3    69.194.240.13 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
2    52.223.22.214 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
1    34.239.33.178 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-239-33-178.compute-1.amazonaws.com
simplifi.partners.tremorhub.com
1    108.139.29.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-103.jfk50.r.cloudfront.net
aa.agkn.com
1    13.226.94.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-14.jfk52.r.cloudfront.net
d.agkn.com
2    18.173.219.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-219-5.jfk52.r.cloudfront.net
sync.intentiq.com
1    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    63.251.28.230 (Secaucus, United States)

ASN26558 (FREEWHEEL, US)
ads.stickyadstv.com
3    107.178.240.89 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 89.240.178.107.bc.googleusercontent.com
fei.pro-market.net
pbid.pro-market.net
5    69.147.92.11 (Ashburn, United States)

ASN14777 (YAHOO, US)
PTR: e1.ycpi.vip.dca.yahoo.com
cms.analytics.yahoo.com
ups.analytics.yahoo.com
2    34.229.3.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-229-3-43.compute-1.amazonaws.com
loadm.exelator.com
1    52.201.85.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-85-232.compute-1.amazonaws.com
sync.bfmio.com
2    52.54.3.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-3-156.compute-1.amazonaws.com
bcp.crwdcntrl.net
2    35.173.105.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-105-65.compute-1.amazonaws.com
ce.lijit.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
1    107.178.254.65 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
1    142.250.80.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net
www.googleadservices.com
2    68.67.179.87 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
2    142.251.41.2 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f2.1e100.net
cm.g.doubleclick.net
2    54.70.182.28 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-70-182-28.us-west-2.compute.amazonaws.com
capturelogger-prod-usa.localiq.com
Apex Domain
Subdomains		 Transfer
31 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 878
tag.simpli.fi — Cisco Umbrella Rank: 5206
i.simpli.fi — Cisco Umbrella Rank: 4244
17 KB
28 patientpop.com
sa1s3optim.patientpop.com — Cisco Umbrella Rank: 95686
sa1s3.patientpop.com — Cisco Umbrella Rank: 125819
widgets.patientpop.com — Cisco Umbrella Rank: 201290
cdn-prd.patientpop.com — Cisco Umbrella Rank: 139525
735 KB
14 audioeye.com
wsmcdn.audioeye.com — Cisco Umbrella Rank: 5297
wsv3cdn.audioeye.com — Cisco Umbrella Rank: 4073
analytics.audioeye.com — Cisco Umbrella Rank: 4630
284 KB
13 rlets.com
cdn.rlets.com — Cisco Umbrella Rank: 16426
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com
fault.rlets.com — Cisco Umbrella Rank: 289671
90 KB
5 yahoo.com
cms.analytics.yahoo.com — Cisco Umbrella Rank: 2194
ups.analytics.yahoo.com — Cisco Umbrella Rank: 548
1 KB
5 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
td.doubleclick.net — Cisco Umbrella Rank: 182
cm.g.doubleclick.net — Cisco Umbrella Rank: 284
4 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
384 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 470
1 KB
3 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 2363
pbid.pro-market.net — Cisco Umbrella Rank: 9760
1 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 3
88 B
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 359
15 KB
3 naturalfacedr.com
www.naturalfacedr.com
163 KB
2 localiq.com
capturelogger-prod-usa.localiq.com — Cisco Umbrella Rank: 24350
579 B
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 525
503 B
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 281
2 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 476
834 B
2 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 973
894 B
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1026
554 B
2 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 2185
2 KB
2 intentiq.com
sync.intentiq.com — Cisco Umbrella Rank: 1052
2 KB
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 550
d.agkn.com — Cisco Umbrella Rank: 758
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 429
969 B
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 513
730 B
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 377
1 KB
2 google.ca
www.google.ca — Cisco Umbrella Rank: 11557
128 B
2 reachlocalservices.com
capture-api.reachlocalservices.com — Cisco Umbrella Rank: 19383
588 B
2 gstatic.com
fonts.gstatic.com
59 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 419
1 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 96
23 B
1 pippio.com
pippio.com — Cisco Umbrella Rank: 805
571 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 1532
421 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 619
655 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 886
548 B
1 tremorhub.com
simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6784
175 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1246
378 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 574
528 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
895 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
1 cosmeticeyesnyc.com
cosmeticeyesnyc.com
305 B
0 bluekai.com Failed
stags.bluekai.com Failed
110 40
Domain Requested by
29 um.simpli.fi 21 redirects cdn.rlets.com
23 sa1s3optim.patientpop.com www.naturalfacedr.com
10 wsv3cdn.audioeye.com wsmcdn.audioeye.com
wsv3cdn.audioeye.com
7 e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com cdn.rlets.com
5 cdn.rlets.com www.googletagmanager.com
cdn.rlets.com
5 www.googletagmanager.com www.naturalfacedr.com
www.googletagmanager.com
cdn.rlets.com
4 ups.analytics.yahoo.com 3 redirects
4 pixel.tapad.com 2 redirects
3 www.google.com 1 redirects www.googletagmanager.com
3 bat.bing.com www.naturalfacedr.com
bat.bing.com
3 analytics.audioeye.com wsv3cdn.audioeye.com
3 sa1s3.patientpop.com www.naturalfacedr.com
3 www.naturalfacedr.com www.naturalfacedr.com
2 capturelogger-prod-usa.localiq.com cdn.rlets.com
2 cm.g.doubleclick.net 2 redirects
2 us-u.openx.net 1 redirects
2 ib.adnxs.com 1 redirects
2 idsync.rlcdn.com 2 redirects
2 ce.lijit.com 1 redirects
2 bcp.crwdcntrl.net 1 redirects
2 loadm.exelator.com 1 redirects
2 fei.pro-market.net 2 redirects
2 sync.intentiq.com 1 redirects
2 eb2.3lift.com 1 redirects
2 sync.1rx.io 2 redirects
2 match.adsrvr.org 2 redirects
2 www.google.ca
2 googleads.g.doubleclick.net 1 redirects www.googletagmanager.com
2 capture-api.reachlocalservices.com cdn.rlets.com
2 fonts.gstatic.com www.naturalfacedr.com
fonts.googleapis.com
1 pixel.rubiconproject.com
1 www.googleadservices.com 1 redirects
1 pippio.com
1 sync.bfmio.com
1 pbid.pro-market.net
1 cms.analytics.yahoo.com 1 redirects
1 ads.stickyadstv.com
1 image2.pubmatic.com
1 d.agkn.com 1 redirects
1 aa.agkn.com 1 redirects
1 simplifi.partners.tremorhub.com
1 sync.targeting.unrulymedia.com
1 s.ad.smaato.net 1 redirects
1 i.simpli.fi tag.simpli.fi
1 td.doubleclick.net www.googletagmanager.com
1 tag.simpli.fi cdn.rlets.com
1 fault.rlets.com
1 fonts.googleapis.com wsv3cdn.audioeye.com
1 cdn-prd.patientpop.com widgets.patientpop.com
1 www.google-analytics.com www.googletagmanager.com
1 wsmcdn.audioeye.com www.naturalfacedr.com
1 widgets.patientpop.com www.naturalfacedr.com
1 cosmeticeyesnyc.com 1 redirects
0 stags.bluekai.com Failed
110 54

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
youtu.be
www.tebra.com
Subject Issuer Validity Valid
*.naturalfacedr.com
Amazon RSA 2048 M02		 2024-10-18 -
2025-11-16		 a year crt.sh
patientpop.com
Amazon RSA 2048 M03		 2024-09-11 -
2025-10-08		 a year crt.sh
*.google-analytics.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.gstatic.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.rlets.com
Amazon RSA 2048 M02		 2024-09-29 -
2025-10-27		 a year crt.sh
captureapi.localiq.com
R11		 2024-12-11 -
2025-03-11		 3 months crt.sh
wsmcdn.audioeye.com
WE1		 2024-12-06 -
2025-03-06		 3 months crt.sh
*.reachlocalservices.com
Amazon RSA 2048 M02		 2024-10-03 -
2025-11-01		 a year crt.sh
wsv3cdn.audioeye.com
WE1		 2024-11-10 -
2025-02-08		 3 months crt.sh
report-prod.audioeye.com
Amazon RSA 2048 M03		 2024-08-18 -
2025-09-17		 a year crt.sh
upload.video.google.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.simpli.fi
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-11-13 -
2025-12-14		 a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 08		 2024-12-15 -
2025-06-13		 6 months crt.sh
*.google.com
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.doubleclick.net
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.google.ca
WR2		 2024-11-04 -
2025-01-27		 3 months crt.sh
*.localiq.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-07-30 -
2025-01-23		 6 months crt.sh

This page contains 13 frames:

Primary Page: https://www.naturalfacedr.com/
Frame ID: 6D6528133362A061CB6A75E07BD473E2
Requests: 92 HTTP requests in this frame

Frame: https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Frame ID: 5F9A10DAC1FD46C9DF727F9BDF224EB3
Requests: 1 HTTP requests in this frame

Frame: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/cookieStorage.html
Frame ID: A57311061D6F4E2CA0302A1C0374CF6F
Requests: 1 HTTP requests in this frame

Frame: https://cdn.rlets.com/capture_static/mms/capture.js
Frame ID: D2649B91DD98A8EC3527AC3CBB235E71
Requests: 2 HTTP requests in this frame

Frame: https://cdn.rlets.com/capture_static/mms/capture.js
Frame ID: 97BD71C6423FB38BB4F6C284B756C370
Requests: 2 HTTP requests in this frame

Frame: https://cdn.rlets.com/capture_static/mms/capture.js
Frame ID: E556B944C8B2AFDD0D3C85A69F14F92E
Requests: 2 HTTP requests in this frame

Frame: https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Frame ID: EBDEE6D0E87FA1E00E7B500F7C1A7C6B
Requests: 1 HTTP requests in this frame

Frame: https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Frame ID: CAF7F2FB49961FC35FFF457B5D39FD44
Requests: 1 HTTP requests in this frame

Frame: https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Frame ID: 478808FFD8B626648C44730E6D9CF2BF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/826568782?random=1734522381297&cv=11&fst=1734522381297&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.naturalfacedr.com%2F&hn=www.googleadservices.com&frm=0&tiba=Robert%20M.%20Schwarcz%2C%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York%2C%20NY%20%26%20Rye%2C%20NY&npa=0&pscdl=noapi&auid=57660696.1734522381&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 6864D8D47312115B585AF8F4203CA551
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.naturalfacedr.com
Frame ID: 679CBCFD2A454AEF56A13A694C7B8129
Requests: 1 HTTP requests in this frame

Frame: https://cdn.rlets.com/capture_static/mms/capture.js
Frame ID: A3A2568AEA2F1B92DB27668DA203D65A
Requests: 1 HTTP requests in this frame

Frame: https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Frame ID: 16CDE9C3E74F0C7B3FA81FAA2E918FA9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Robert M. Schwarcz, MD : Cosmetic Surgery: Upper East Side New York, NY & Rye, NY

Page URL History Show full URLs

  1. https://cosmeticeyesnyc.com/ HTTP 301
    http://www.naturalfacedr.com/ HTTP 307
    https://www.naturalfacedr.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

110
Requests

79 %
HTTPS

0 %
IPv6

40
Domains

54
Subdomains

41
IPs

2
Countries

1752 kB
Transfer

4617 kB
Size

78
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cosmeticeyesnyc.com/ HTTP 301
    http://www.naturalfacedr.com/ HTTP 307
    https://www.naturalfacedr.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80
  • https://um.simpli.fi/smaato HTTP 302
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3372&partner_device_id=e010544c85 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%252C%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%252C%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=639eedf8-6484-4c4a-9468-4df7a5c894f0&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%2C%2C
Request Chain 81
  • https://um.simpli.fi/nexxen HTTP 302
  • https://sync.1rx.io/usersync/simplifi/E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://sync.1rx.io/usersync/simplifi/E2176E280970405FADA57BD5208BE231?zcc=1&cb=1734522362182 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-00dca97c-382b-4406-b72c-3fab36206f43-005
Request Chain 82
  • https://um.simpli.fi/triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=7969&xuid=E2176E280970405FADA57BD5208BE231&dongle=yf3 HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=E2176E280970405FADA57BD5208BE231&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Request Chain 83
  • https://um.simpli.fi/telaria_p HTTP 302
  • https://simplifi.partners.tremorhub.com/sync?UISF=E2176E280970405FADA57BD5208BE231
Request Chain 84
  • https://um.simpli.fi/tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=E2176E280970405FADA57BD5208BE231
Request Chain 85
  • https://um.simpli.fi/ad_advisor HTTP 302
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://d.agkn.com/pixel/10751/?che=1734522397782&ip=154.47.17.42&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D214180605100011776145 HTTP 302
  • https://um.simpli.fi/aa_px?sk=214180605100011776145 HTTP 302
  • https://um.simpli.fi/empty.gif
Request Chain 86
  • https://um.simpli.fi/intentiq HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=E2176E280970405FADA57BD5208BE231&ckls=true&ci=41g4tBQ76j&nc=false&trid=1857837527
Request Chain 87
  • https://um.simpli.fi/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E2176E280970405FADA57BD5208BE231
Request Chain 88
  • https://um.simpli.fi/freewheel HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=E2176E280970405FADA57BD5208BE231
Request Chain 89
  • https://um.simpli.fi/dtnx HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=E2176E280970405FADA57BD5208BE231;mimetype=img; HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=E2176E280970405FADA57BD5208BE231;mimetype=img;sr HTTP 302
  • https://cms.analytics.yahoo.com/cms?partner_id=DATCS HTTP 302
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS HTTP 302
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS&verify=true HTTP 302
  • https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-OCL8fF9E2pRF4tVHr_A_NmQG5EijM4wsdsQ-~A
Request Chain 90
  • https://um.simpli.fi/exelatem HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=E2176E280970405FADA57BD5208BE231&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=E2176E280970405FADA57BD5208BE231&j=0&xl8blockcheck=1
Request Chain 91
  • https://um.simpli.fi/yahoo HTTP 302
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=E2176E280970405FADA57BD5208BE231&verify=true
Request Chain 92
  • https://um.simpli.fi/beachfront HTTP 302
  • https://sync.bfmio.com/sync?pid=141&uid=E2176E280970405FADA57BD5208BE231
Request Chain 93
  • https://um.simpli.fi/bluekai HTTP 302
  • https://stags.bluekai.com/site/29931?id=E2176E280970405FADA57BD5208BE231
Request Chain 94
  • https://um.simpli.fi/crwdcntrl HTTP 302
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=E2176E280970405FADA57BD5208BE231
Request Chain 95
  • https://um.simpli.fi/lj_match HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=E2176E280970405FADA57BD5208BE231&dnr=1
Request Chain 96
  • https://um.simpli.fi/liveramp_match HTTP 302
  • https://idsync.rlcdn.com/419566.gif?partner_uid=E2176E280970405FADA57BD5208BE231 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogRTIxNzZFMjgwOTcwNDA1RkFEQTU3QkQ1MjA4QkUyMzEQABoNCJ3sirsGEgUI6AcQAEIASgA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=864dfb8cbc26d3ee29794300e5d346498e25a1d76229d4e34c2f34c7954c80cf791426b5417dce21&_=2
Request Chain 97
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1734522381848&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAg&pscrd=IhMI6b68s5-xigMVSExHAR2s9DIIMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL3d3dy5uYXR1cmFsZmFjZWRyLmNvbS8 HTTP 302
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAg&pscrd=IhMI6b68s5-xigMVSExHAR2s9DIIMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL3d3dy5uYXR1cmFsZmFjZWRyLmNvbS8&is_vtc=1&cid=CAQSKQCa7L7d_suTOB5SLud_5Jp_iugpKjj8QxJ7gd-bKECx3DwsvKQsAJih&random=1203890119 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAg&pscrd=IhMI6b68s5-xigMVSExHAR2s9DIIMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL3d3dy5uYXR1cmFsZmFjZWRyLmNvbS8&is_vtc=1&cid=CAQSKQCa7L7d_suTOB5SLud_5Jp_iugpKjj8QxJ7gd-bKECx3DwsvKQsAJih&random=1203890119&ipr=y
Request Chain 99
  • https://um.simpli.fi/an HTTP 302
  • https://ib.adnxs.com/setuid?entity=66&code=E2176E280970405FADA57BD5208BE231 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DE2176E280970405FADA57BD5208BE231
Request Chain 100
  • https://um.simpli.fi/rb_match HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=E2176E280970405FADA57BD5208BE231&expires=365
Request Chain 101
  • https://um.simpli.fi/ox_match HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=E2176E280970405FADA57BD5208BE231&cc=1
Request Chain 102
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEClYWZ-jVdrTAIoj9KqX97E&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E2176E280970405FADA57BD5208BE231 HTTP 302
  • https://um.simpli.fi/g_match?id=

110 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.naturalfacedr.com/
Redirect Chain
  • https://cosmeticeyesnyc.com/
  • http://www.naturalfacedr.com/
  • https://www.naturalfacedr.com/
146 KB
28 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.102.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-102-112.jfk52.r.cloudfront.net
Software
nginx/1.18.0 / PHP/7.1.33
Resource Hash
c9d4a8affec2755faeb4adc9c40ee3173e53b84cfc2b456eb8bcf781c711a502

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,X-Store,X-Referer,X-Csrf-Token,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-allow-methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
access-control-allow-origin
https://www.naturalfacedr.com
access-control-expose-headers
X-Csrf-Token
cache-control
max-age=3600, public
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 18 Dec 2024 11:46:17 GMT
server
nginx/1.18.0
vary
Accept-Encoding
via
1.1 4d9a3325cf123acd8863ea1677b5760e.cloudfront.net (CloudFront)
x-amz-cf-id
6HnVKgOx5cxmaOv3YRAMYVxRPbVG2vPJMehmbTYLfn8Czcu1d2RUtg==
x-amz-cf-pop
JFK52-P6
x-cache
Miss from cloudfront
x-powered-by
PHP/7.1.33
x-ua-compatible
IE=edge,chrome=1

Redirect headers

Location
https://www.naturalfacedr.com/
Non-Authoritative-Reason
HttpsUpgrades
practice.atomic.application.scss
www.naturalfacedr.com/assets/ 		237 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.naturalfacedr.com/assets/practice.atomic.application.scss
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.102.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-102-112.jfk52.r.cloudfront.net
Software
nginx/1.18.0 / PHP/7.1.33
Resource Hash
853999ba5b54311dc17a2a754e0f0203b326d1d44532acd744045ff9f75c05ad

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
X-Csrf-Token
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
x-cache
Miss from cloudfront
x-ua-compatible
IE=edge,chrome=1
x-amz-cf-id
IB_QUCDrjUCZhCG9J9aVUXSkmLwwtTkt_P06_NdLpjCMpOzdtW6dBA==
date
Wed, 18 Dec 2024 11:46:17 GMT
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
last-modified
1733792956
access-control-allow-headers
DNT,User-Agent,X-Requested-With,X-Store,X-Referer,X-Csrf-Token,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
cache-control
no-cache
via
1.1 4d9a3325cf123acd8863ea1677b5760e.cloudfront.net (CloudFront)
access-control-allow-origin
https://www.naturalfacedr.com
x-amz-cf-pop
JFK52-P6
x-powered-by
PHP/7.1.33
server
nginx/1.18.0
2554089.png
sa1s3optim.patientpop.com/assets/images/provider/photos/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/images/provider/photos/2554089.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
4c9d6303ec5cc3cda7b4c4aa265a1371ca05197de74fa3ae1a23c5315d024e99

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"44e7047482c647011d1d05549b6f92fd99fc81ed"
age
17624190
x-amzn-requestid
b361c44e-8917-4e1d-9c67-7b4c508e5757
expires
Wed, 28 May 2025 12:09:47 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
5qTFmGCIE-StYdE_joZ-3M4zrrCnEU5VI0ECvMIespnXTLjncUoT3A==
date
Tue, 28 May 2024 12:09:47 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
Yext1F5vIAMEGtg=
x-amzn-remapped-date
Tue, 28 May 2024 12:09:47 GMT
x-amzn-trace-id
Root=1-6655c98b-7163c397433382135179a974;Parent=1e790fa32d4520b4;Sampled=0;lineage=ceee4eea:0
via
1.1 6aa8d2883437a2897f326bfc58beed3c.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
15617
x-amz-cf-pop
IAD89-P2, JFK52-P7
244304.png
sa1s3optim.patientpop.com/assets/docs/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244304.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
f1a63223d4cf9004087f93c6c04f6bbce2d2c982ab4a8e6d055c1ac735eef536

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"88651d576872fc7fff21c20cc0f70e339876f328"
age
11507880
x-amzn-requestid
f46b8dca-18c5-437c-80a0-4bc2aeb1bfc2
expires
Thu, 07 Aug 2025 07:08:17 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
-nDY0y2LVLUjNLmJu5Qd9FRIzMxuIG-3yJX7MHzyxUtrZGZVGilL2A==
date
Wed, 07 Aug 2024 07:08:17 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
cIGHTF3OoAMEObQ=
x-amzn-remapped-date
Wed, 07 Aug 2024 07:08:17 GMT
x-amzn-trace-id
Root=1-66b31d61-3d5137fc7ef27fba0cb488ba;Parent=359e7edf8d67efa9;Sampled=0;lineage=ceee4eea:0
via
1.1 074df32306fddeb7d54ca41312e6888e.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
13639
x-amz-cf-pop
IAD89-P2, JFK52-P7
244305.png
sa1s3optim.patientpop.com/assets/docs/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244305.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
dab748e20c11ac3ba319dc87e3aea53569e90293f606c2a80b87fb915ab5bb06

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"14b7a72d1db8d7721a582a9ba33c61df725d5b74"
age
11507880
x-amzn-requestid
799f6feb-e835-48b2-a305-baa9d7446bf0
expires
Thu, 07 Aug 2025 07:08:17 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
FTy1AhIvAtQR0HSAh6kpmcbMlxPd3fS4BOR9PPGoIQkSNtTdEoLDYA==
date
Wed, 07 Aug 2024 07:08:17 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
cIGHUFlgIAMEKzA=
x-amzn-remapped-date
Wed, 07 Aug 2024 07:08:17 GMT
x-amzn-trace-id
Root=1-66b31d61-0ba795da063fc9915d86ab67;Parent=0f147e5b2a25c153;Sampled=0;lineage=ceee4eea:0
via
1.1 92ed8a6103fa735c31caf49b92d4efb6.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
5231
x-amz-cf-pop
IAD89-P2, JFK52-P7
244291.png
sa1s3optim.patientpop.com/assets/docs/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244291.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
5a071ee43e39ca251a83e29b3471008abe3b89a4681fd248ae1a4bce5201ecea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"b500c937cc73b33b3973da9b8715e0e958610e59"
age
11507879
x-amzn-requestid
a131baee-398e-49ea-bda0-d1b2842e1fc1
expires
Thu, 07 Aug 2025 07:08:18 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
TTyrfPQakHsnbuAGOrQrDMe5Qj0_rSnEmYQMXhMRiT8jaIdmcwodXA==
date
Wed, 07 Aug 2024 07:08:18 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
cIGHWEiAIAMEpwA=
x-amzn-remapped-date
Wed, 07 Aug 2024 07:08:17 GMT
x-amzn-trace-id
Root=1-66b31d61-638c46f02a29ddb4501d2a0e;Parent=2006e2d67df03af0;Sampled=0;lineage=ceee4eea:0
via
1.1 68d323cfd4a0f1ae252f92c083654190.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
6630
x-amz-cf-pop
IAD89-P2, JFK52-P7
244292.jpg
sa1s3optim.patientpop.com/assets/docs/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244292.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
0296688d2b8e7c91a8fe2b0bcd7a1b786cca29fcf81fb42324e58c20a723f43e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"00ec38ae413c82c5fbd36f59237080dbcbd56cd5"
age
13464731
x-amzn-requestid
1803e369-ac83-4529-9c9f-0def3cea57c9
expires
Tue, 15 Jul 2025 15:34:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
jfB0OQDrmxcy4Khf_wC6pLTCl6Z0EMuGw9qyMsybTiuSKm3atFUYcA==
date
Mon, 15 Jul 2024 15:34:06 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
a9cpUEP2IAMEBhQ=
x-amzn-remapped-date
Mon, 15 Jul 2024 15:34:06 GMT
x-amzn-trace-id
Root=1-6695416e-72ffc5aa04c725487244b8e9;Parent=2258b4ba38f50dbb;Sampled=0;lineage=ceee4eea:0
via
1.1 e0a78b49206aba2a7e76eb45b9688a8e.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
10393
x-amz-cf-pop
IAD89-P2, JFK52-P7
244293.png
sa1s3optim.patientpop.com/assets/docs/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244293.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
ed0c69624c017347d2be6eba166a4ac7d44b3da24a2f404a381fc1d8ecf99409

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"26e3c307b259b325ba84460d63cfae125f718be9"
age
13464731
x-amzn-requestid
d981d7a8-0157-4b9e-9b92-cb6e556db5b6
expires
Tue, 15 Jul 2025 15:34:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
4ppNbolPKCPsIjxJ2PGsTu5yr3XHONpq4aYRcYML0IXUAeh61brtHA==
date
Mon, 15 Jul 2024 15:34:06 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
a9cpUGqeIAMEDOg=
x-amzn-remapped-date
Mon, 15 Jul 2024 15:34:06 GMT
x-amzn-trace-id
Root=1-6695416e-10c0e32037add97e162c57eb;Parent=00ab2c35ea364ed1;Sampled=0;lineage=ceee4eea:0
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
6488
x-amz-cf-pop
IAD89-P2, JFK52-P7
244294.png
sa1s3optim.patientpop.com/assets/docs/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244294.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
253ced5338559e1e82f4265160257149f1b5ef70f192fd5e8b9ee852e3e84eff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"7399aff1d1adf310686abb97340822154cdef66f"
age
13464731
x-amzn-requestid
f249a9ae-ca5c-4884-b26f-c5634d55e895
expires
Tue, 15 Jul 2025 15:34:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Gc8fQsyRloBIcvbpsGgi2AgZXbUnZWMX0mUUxVHWZ2taP_qdwRpWLQ==
date
Mon, 15 Jul 2024 15:34:06 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
a9cpUF9IIAMEDhQ=
x-amzn-remapped-date
Mon, 15 Jul 2024 15:34:06 GMT
x-amzn-trace-id
Root=1-6695416e-4d7a577d427a38ad5fa78cc5;Parent=2dae1f0440cdf58d;Sampled=0;lineage=ceee4eea:0
via
1.1 dfbe3a6f5b354f9a5f95a5a6814ce14e.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
3701
x-amz-cf-pop
IAD89-P2, JFK52-P7
244295.png
sa1s3optim.patientpop.com/assets/docs/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244295.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
419b122d1fc31faf86013e6bb331b18a1bea78e860b7b78a595c364fa23c3842

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"3bdd6bef9c1e46a7b3f92992d8be1a0d6b0f4a2a"
age
11507879
x-amzn-requestid
19333789-0a45-4cb1-a1dc-003730daeeb9
expires
Thu, 07 Aug 2025 07:08:18 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
8DXiy6EWktFAGdCN-U56nUHuDvzIFgMxpEm3GLxGOBp31C2DYFcHmQ==
date
Wed, 07 Aug 2024 07:08:18 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
cIGHaFBAIAMEL5A=
x-amzn-remapped-date
Wed, 07 Aug 2024 07:08:18 GMT
x-amzn-trace-id
Root=1-66b31d62-5803e84263842e03344e1ccb;Parent=14568704b0c379d3;Sampled=0;lineage=ceee4eea:0
via
1.1 1bd7d779bed244375679d82e1821cc3c.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
4097
x-amz-cf-pop
IAD89-P2, JFK52-P7
244322.jpg
sa1s3optim.patientpop.com/assets/docs/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244322.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
dd6837e46edaa9cf5aaf1eeeed187f8a4eb75e9521b52401f2cf2fc7db31778e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"81f5923b408df5d626fb384bd0e95173843bae26"
age
13464731
x-amzn-requestid
272b0fe1-3ca7-4d30-98f2-b7c255560d0d
expires
Tue, 15 Jul 2025 15:34:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
bs1JdszJI0Ify4QZVUt1x94tSaxejY60-c8xKG8dwCLWPw-x6_tEXA==
date
Mon, 15 Jul 2024 15:34:06 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
a9cpUGQNIAMEhWA=
x-amzn-remapped-date
Mon, 15 Jul 2024 15:34:06 GMT
x-amzn-trace-id
Root=1-6695416e-53b0f39842e5c8632dbaadb7;Parent=5818fe602ffcf2d7;Sampled=0;lineage=ceee4eea:0
via
1.1 1bd7d779bed244375679d82e1821cc3c.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
85101
x-amz-cf-pop
IAD89-P2, JFK52-P7
244324.jpg
sa1s3optim.patientpop.com/assets/docs/ 		123 KB
123 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244324.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
9a0d5f0148bb12e5409de2f4c69251292c2c723781b944e26669cd20012a5ad2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"3c690caa6abc80f0d4523e1d56dec8dd2caf084c"
age
13464731
x-amzn-requestid
bcaf18cf-f032-45e3-9998-120a3f1bdb8a
expires
Tue, 15 Jul 2025 15:34:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
NM16al_4_CaMz0XeYZU65igThFMMhIbC3pb4gWAuh8Ge3EIAlGghGw==
date
Mon, 15 Jul 2024 15:34:06 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
a9cpUE6GoAMEhqw=
x-amzn-remapped-date
Mon, 15 Jul 2024 15:34:06 GMT
x-amzn-trace-id
Root=1-6695416e-0632f6c324694d62432aa1b1;Parent=24106bfdcd298489;Sampled=0;lineage=ceee4eea:0
via
1.1 cbb1ad5df105c42cc24cca0b876989aa.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
125604
x-amz-cf-pop
IAD89-P2, JFK52-P7
244331.jpg
sa1s3optim.patientpop.com/assets/docs/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244331.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
ca4950fdbf5306923f89dac8eba285dd386538cd71f5935a416797b350e8a3f0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"1f1ae7f3e67e6d6aa9a6719cc586f61b67a932f4"
age
10655566
x-amzn-requestid
9207856c-572c-434b-839b-606fa82f5fb5
expires
Sun, 17 Aug 2025 03:53:31 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
hMdOtUrZZlwkkkaUdAmgLDaPuaLZehvAvzdqi9U7WyJyICDqQZlfag==
date
Sat, 17 Aug 2024 03:53:31 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
com9RFswoAMEPjw=
x-amzn-remapped-date
Sat, 17 Aug 2024 03:53:31 GMT
x-amzn-trace-id
Root=1-66c01ebb-6949919276bedf7043285400;Parent=69b58d8317861b36;Sampled=0;lineage=ceee4eea:0
via
1.1 782e548cb0b1b64c63d995fc59568b48.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
13283
x-amz-cf-pop
IAD89-P2, JFK52-P7
244325.jpg
sa1s3optim.patientpop.com/assets/docs/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244325.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
919a29f8e0ed37e876361198d922f29289c571664c80ccd430d38c0cf9debf03

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"703dea19615f0a019b93fd43257702bfd4bbcf18"
age
9220377
x-amzn-requestid
2188ec02-94ab-4ff0-93d6-943b4cb073e4
expires
Tue, 02 Sep 2025 18:33:20 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
4dbawiNRKGoGGzl4tLgw_-ShObchAVk5y81puXQ-fDGpFgh_XFdEQw==
date
Mon, 02 Sep 2024 18:33:20 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
dfW1mFaVIAMETgQ=
x-amzn-remapped-date
Mon, 02 Sep 2024 18:33:20 GMT
x-amzn-trace-id
Root=1-66d604f0-1b679d394f92c8701fcd2f0b;Parent=58baabcee011d911;Sampled=0;lineage=ceee4eea:0
via
1.1 6ef654a6fd950af1eb6fc4790b972c72.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
14536
x-amz-cf-pop
IAD89-P2, JFK52-P7
244326.jpg
sa1s3optim.patientpop.com/assets/docs/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244326.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
b30317cb3e98f85cd66864aad0f47d81c8a592a3adbcd7febd6c7d26a07d48a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"5f4a8ee40348bb19de81b551644ca5a14a67005f"
age
11507879
x-amzn-requestid
e6ffa4b0-087b-4ff2-abeb-0cb6517ca35d
expires
Thu, 07 Aug 2025 07:08:18 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
-hleZdHPz5ZSxpRDuURPVKMfQmj_gmrSUCL3upqD93hCqAtziQztyg==
date
Wed, 07 Aug 2024 07:08:18 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
cIGHbFdFIAMEFqQ=
x-amzn-remapped-date
Wed, 07 Aug 2024 07:08:18 GMT
x-amzn-trace-id
Root=1-66b31d62-0e7bb5cc708468e323061263;Parent=41bf62fc8a1f947c;Sampled=0;lineage=ceee4eea:0
via
1.1 cbb1ad5df105c42cc24cca0b876989aa.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
19387
x-amz-cf-pop
IAD89-P2, JFK52-P7
244327.jpg
sa1s3optim.patientpop.com/assets/docs/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244327.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
d3ba441ee2978e4d43fb1b68cc0e33ee48056b48a297a0fc56905995093c5cd0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"618277acd09582334da362ff95ab0088a5c11446"
age
13464731
x-amzn-requestid
b8359e31-270d-4354-b60c-4976ee7f8ff5
expires
Tue, 15 Jul 2025 15:34:06 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
w-T-LiEEP2LnHTMdxVkUXlVhBeSJHFcpoKXXodtOpPkEuTZR5OZjJw==
date
Mon, 15 Jul 2024 15:34:06 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
a9cpUH3uIAMEiOQ=
x-amzn-remapped-date
Mon, 15 Jul 2024 15:34:06 GMT
x-amzn-trace-id
Root=1-6695416e-60919481012838af710e6b77;Parent=26a70039fb7f05d9;Sampled=0;lineage=ceee4eea:0
via
1.1 0dc81f450c72d91e34b5a0b41d441f28.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
16521
x-amz-cf-pop
IAD89-P2, JFK52-P7
244339.png
sa1s3optim.patientpop.com/assets/docs/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244339.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
a7c8d56fd17d207da62a067d2006a050693718ec5fb768c17cc7afc38ddbe1b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"d9404388dd82e14687c37333e1b2cabae6366404"
age
13469022
x-amzn-requestid
9a38f328-bb18-49ff-8972-a8d18bd9e614
expires
Tue, 15 Jul 2025 14:22:35 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Oyb67y_kWx-5hcFsIznwINM5CJqNOqAhKatiqyK525a-Cb2SCu7u7A==
date
Mon, 15 Jul 2024 14:22:35 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
a9SKyFMqoAMEvQQ=
x-amzn-remapped-date
Mon, 15 Jul 2024 14:22:35 GMT
x-amzn-trace-id
Root=1-669530ab-578bbb5f197c4da434fc1956;Parent=390bb8d53dcb6553;Sampled=0;lineage=ceee4eea:0
via
1.1 5035c434ac92f0eed9f2b400824fa6e8.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
9227
x-amz-cf-pop
IAD89-P2, JFK52-P7
244341.png
sa1s3optim.patientpop.com/assets/docs/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244341.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
828cdeb72d68aa58f1258d49b04cf5a68455b3a9a0df9590c93c4082f5acd286

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"8ae8a444075443f7ce4cd4ce56c8b08822c2e8f8"
age
4029786
x-amzn-requestid
7608a7bc-95cd-45b0-93ec-693e696d2b2a
expires
Sat, 01 Nov 2025 20:23:11 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
zw45CieG2eJKyqd2SZFRmVRY--KsWGDcwcrxmC9EWb7AYjY4P1DuWA==
date
Fri, 01 Nov 2024 20:23:11 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
AlXLeFDgoAMEoBA=
x-amzn-remapped-date
Fri, 01 Nov 2024 20:23:11 GMT
x-amzn-trace-id
Root=1-672538af-2885ca6125a7bb2d76b0db3b;Parent=31b2ae494f5c0df9;Sampled=0;Lineage=1:ceee4eea:0
via
1.1 a3d7bfd4ff510fbf1dac72ccd39441fe.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
33105
x-amz-cf-pop
IAD89-P3, JFK52-P7
244342.png
sa1s3optim.patientpop.com/assets/docs/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244342.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
f98dd3decaf4cddcf127e8821fdb951056ce72ce28ca79b2ee704dbd5043dd6d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"b587411ba2a5e09c9f1199a698d7293d302b206f"
age
13464730
x-amzn-requestid
22f2edd1-8cf0-4ad5-b6ad-e9d932eb4c58
expires
Tue, 15 Jul 2025 15:34:07 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
09cjHqluyPcoAtldj8hXeKk7ZDP6cyjVxsCoGqEd4BdZGN3ppQugbg==
date
Mon, 15 Jul 2024 15:34:07 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
a9cpUE2DoAMEbtg=
x-amzn-remapped-date
Mon, 15 Jul 2024 15:34:06 GMT
x-amzn-trace-id
Root=1-6695416e-24ec3ffe41de1aca7fd6f889;Parent=2459434676384eb3;Sampled=0;lineage=ceee4eea:0
via
1.1 cbb1ad5df105c42cc24cca0b876989aa.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
42303
x-amz-cf-pop
IAD89-P2, JFK52-P7
244343.png
sa1s3optim.patientpop.com/assets/docs/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/244343.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
d6f11bd9653217703a42709f86a98e143c4a003771119e59256063df3654808c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"d90b9f5acf5cb05a8c4e8d41b31062bef308d15c"
age
7335603
x-amzn-requestid
1873c227-a3b4-42c1-ab3b-14a3acef029d
expires
Wed, 24 Sep 2025 14:06:14 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
kPWoc_ovNM80T95yJQ9gL7ga7WF3-DURsJ4Kl--IDX6DueufVw4ULA==
date
Tue, 24 Sep 2024 14:06:14 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
enQVjHtGoAMEm8g=
x-amzn-remapped-date
Tue, 24 Sep 2024 14:06:14 GMT
x-amzn-trace-id
Root=1-66f2c756-4d168ecb7354fdb060e070de;Parent=50c1de8c4de0d227;Sampled=0;Lineage=1:ceee4eea:0
via
1.1 624a1750702d82319b25f17c35c73d04.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
6761
x-amz-cf-pop
IAD89-P2, JFK52-P7
246753.png
sa1s3optim.patientpop.com/assets/docs/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/246753.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
86eb5a07f01af8a0f647f3d00da6259c6f0460c2ba1c6683a670069f4238f103

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"2af3273cb8fb58b7a9aa5e84959fb54442f52803"
age
11507879
x-amzn-requestid
aed6e02b-3df6-4810-87ad-3a0490b3f33b
expires
Thu, 07 Aug 2025 07:08:18 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Vkz3KRVqgFN2-Q_IvN8vaAeQ0exUTkkt9ALHaLe0TMfA_wtRdChzqw==
date
Wed, 07 Aug 2024 07:08:18 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
cIGHbGLloAMEnYA=
x-amzn-remapped-date
Wed, 07 Aug 2024 07:08:18 GMT
x-amzn-trace-id
Root=1-66b31d62-7d2aade42a617cac16fcdeeb;Parent=52a8bf53e62cd782;Sampled=0;lineage=ceee4eea:0
via
1.1 5840e9664aef77d9be1f708259e60d56.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
12720
x-amz-cf-pop
IAD89-P2, JFK52-P7
246754.png
sa1s3optim.patientpop.com/assets/docs/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/docs/246754.png
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
68ca69cc71631712541e0fd6ecc8e52921ac4e84f6d2477c3ee6f41ef52eec6e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"bd3377187162281a12527f0103c72fcc17abbe52"
age
11334633
x-amzn-requestid
0a55e4c2-0ddf-4b65-8c6b-bc4d45e53e01
expires
Sat, 09 Aug 2025 07:15:44 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
bnXn3oPYOWnNFglI2j_cYoFZ59u8_NnBXPii3Q56VqUUS3bt934h-Q==
date
Fri, 09 Aug 2024 07:15:44 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
cOtFDEw2IAMEYMw=
x-amzn-remapped-date
Fri, 09 Aug 2024 07:15:44 GMT
x-amzn-trace-id
Root=1-66b5c220-651ce34375794b6f3415a379;Parent=6fc5defb74f9e20e;Sampled=0;lineage=ceee4eea:0
via
1.1 5035c434ac92f0eed9f2b400824fa6e8.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
6802
x-amz-cf-pop
IAD89-P2, JFK52-P7
practice.application.js
www.naturalfacedr.com/assets/ 		275 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.naturalfacedr.com/assets/practice.application.js
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.102.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-102-112.jfk52.r.cloudfront.net
Software
nginx/1.18.0 / PHP/7.1.33
Resource Hash
359741ab3cbf794f3a82cc1c180f503e07d07d0de3390d9c579d7c6563a9672c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
X-Csrf-Token
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
x-cache
Miss from cloudfront
x-ua-compatible
IE=edge,chrome=1
x-amz-cf-id
8ArscrA8-MBIbQAZK5RFXgUjCbwlutkrKWYykK3RITyDyFl6vJ5V2Q==
date
Wed, 18 Dec 2024 11:46:17 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
1733792956
access-control-allow-headers
DNT,User-Agent,X-Requested-With,X-Store,X-Referer,X-Csrf-Token,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
cache-control
no-cache
via
1.1 4d9a3325cf123acd8863ea1677b5760e.cloudfront.net (CloudFront)
access-control-allow-origin
https://www.naturalfacedr.com
x-amz-cf-pop
JFK52-P6
x-powered-by
PHP/7.1.33
server
nginx/1.18.0
gtm.js
www.googletagmanager.com/ 		198 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N7S5Q7H
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.104 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
1406404f501f16c667dab4f5da00b3c8180468d4096bc0de584408db0cf10c9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 18 Dec 2024 11:46:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 11:46:18 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 18 Dec 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
72380
x-xss-protection
0
server
Google Tag Manager
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
2332275.jpg
sa1s3optim.patientpop.com/assets/production/practices/57a0326bfd465db49818b0c8a84711a459eae262/images/ 		147 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sa1s3optim.patientpop.com/assets/production/practices/57a0326bfd465db49818b0c8a84711a459eae262/images/2332275.jpg
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
7aecdaf24f2de7bc762cc5f2d74e29dd8a3b7cc42f7ae77b80abdf7f1904d34d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"98342a0f22280d7a56f24a5ed6780101b6cbefe0"
age
11507880
x-amzn-requestid
9ac47012-4eb8-4df3-8fce-40155f23f790
expires
Thu, 07 Aug 2025 07:08:18 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
NRMRE-VgAtCXx3dE6Ie56vs5mtlpUzaOHTMoLd4bcRgvPlQXttyXuQ==
date
Wed, 07 Aug 2024 07:08:18 GMT
content-type
image/jpeg
cache-control
max-age=31536000,public
x-amz-apigw-id
cIGHVGLuIAMEMyA=
x-amzn-remapped-date
Wed, 07 Aug 2024 07:08:17 GMT
x-amzn-trace-id
Root=1-66b31d61-296698c42b3ba670770cb493;Parent=09eaef80e4f3bfe6;Sampled=0;lineage=ceee4eea:0
via
1.1 e453cfec7ab7b0f50057381607edb486.cloudfront.net (CloudFront), 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
content-length
150565
x-amz-cf-pop
IAD89-P2, JFK52-P7
OpenSans-Light-webfont.woff
sa1s3.patientpop.com/assets/fonts/provider/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sa1s3.patientpop.com/assets/fonts/provider/OpenSans-Light-webfont.woff
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/assets/practice.atomic.application.scss
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a1cb81c9f07f1f399db66ec188c02a1c74bc382df9a8550ab8091aac93dff8a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.naturalfacedr.com
Referer
https://www.naturalfacedr.com/

Response headers

access-control-max-age
604800
etag
"45b47f3e9c7d74b80f5c6e0a3c513b23"
x-amz-version-id
G9Ry2j5bJn94lMDZYkt2jvIA.9LxU5BO
age
19298339
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
bspctEw74cqXSe_znUDUgT30uCuKu1WvUSE5Xy2E5JQOJ42IoEFDeQ==
date
Thu, 09 May 2024 03:07:20 GMT
content-type
application/octet-stream
last-modified
Thu, 14 Mar 2019 18:43:25 GMT
vary
Origin
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
via
1.1 f8b0654d6e6bbf12f54a635de5db7ee4.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
22248
x-amz-cf-pop
JFK50-P5
server
AmazonS3
351330.ttf
sa1s3.patientpop.com/assets/docs/ 		0
0
pp-font-awesome-atomic-subset.woff
sa1s3.patientpop.com/assets/fonts/pp-atomic-fonts/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sa1s3.patientpop.com/assets/fonts/pp-atomic-fonts/pp-font-awesome-atomic-subset.woff
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/assets/practice.atomic.application.scss
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6aea627104aee00f7759a73fdf71add52a713b5f11af2eddb7f116643068ad9a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.naturalfacedr.com
Referer
https://www.naturalfacedr.com/

Response headers

access-control-max-age
604800
etag
"b6d676750b43911df2982d49aaf549fa"
x-amz-version-id
pvMYvRo.QqGNbBMGvBQf1ivrbLs2q00T
age
13270414
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
M5VtkQ2tecTNNS5yICocarHYh82P_kmfKRXJtUYAy9leHW7RjdxCdQ==
date
Wed, 17 Jul 2024 21:32:45 GMT
content-type
application/font-woff
last-modified
Thu, 14 Mar 2019 18:45:36 GMT
vary
Origin
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
via
1.1 f8b0654d6e6bbf12f54a635de5db7ee4.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
24680
x-amz-cf-pop
JFK50-P5
server
AmazonS3
OpenSans-Regular-webfont.woff
sa1s3.patientpop.com/assets/fonts/provider/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sa1s3.patientpop.com/assets/fonts/provider/OpenSans-Regular-webfont.woff
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/assets/practice.atomic.application.scss
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-80.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.naturalfacedr.com
Referer
https://www.naturalfacedr.com/

Response headers

access-control-max-age
604800
etag
"79515ad0788973c533405f7012dfeccd"
x-amz-version-id
7N0CRiXKIkKkxel8gxz35HY45qfxEWkK
age
19298339
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
gADAfDjOmy3uae5FBlVd0cG4zB1gxjv_-GXkZMs2rHgMllXOxdrUBA==
date
Thu, 09 May 2024 03:07:20 GMT
content-type
application/octet-stream
last-modified
Thu, 14 Mar 2019 18:44:13 GMT
vary
Origin
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
via
1.1 f8b0654d6e6bbf12f54a635de5db7ee4.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
22660
x-amz-cf-pop
JFK50-P5
server
AmazonS3
CcKI4k9un7TZVWzRVT-T8wzyDMXhdD8sAj6OAJTFsBI.woff2
fonts.gstatic.com/s/raleway/v11/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v11/CcKI4k9un7TZVWzRVT-T8wzyDMXhdD8sAj6OAJTFsBI.woff2
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f3.1e100.net
Software
sffe /
Resource Hash
a818021f08b5e887916c2f865ba477c7a83fd7f8cf719f5a9cda9669c8e7ccfd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.naturalfacedr.com
Referer
https://www.naturalfacedr.com/

Response headers

age
487930
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 12 Dec 2025 20:14:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 12 Dec 2024 20:14:08 GMT
last-modified
Thu, 19 May 2016 23:54:55 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
13440
x-xss-protection
0
server
sffe
56f4f0a8dcb69ea5a607905.js
cdn.rlets.com/capture_configs/e99/497/aec/ 		198 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N7S5Q7H
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.252.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-252-20.jfk50.r.cloudfront.net
Software
/
Resource Hash
5fa3b12a529d70c8034b73c2260c768cf31a0608762f55e94cca133cc2a67f35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

x-request-id
7e1ddbf7bf966ac3da7bdbe893b2a83e
content-encoding
br
etag
W/"5fa3b12a529d70c8034b73c2260c768c"
age
83072
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
G0cq3Hl9DrwEFTey0XV9T4wdMgy1Z1qweXeo1FsTnmNk8QNn14C7wg==
date
Tue, 17 Dec 2024 12:41:46 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-runtime
0.072013
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
via
1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P10
storage.html
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/ Frame 5F9A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.naturalfacedr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length
2056
content-type
text/html
date
Wed, 18 Dec 2024 11:46:18 GMT
last-modified
Tue, 10 Dec 2024 22:51:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
22461
widgets.patientpop.com/bookonlinev2/router/ 		96 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widgets.patientpop.com/bookonlinev2/router/22461
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.204.56.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-204-56-94.compute-1.amazonaws.com
Software
nginx/1.18.0 / PHP/7.1.33
Resource Hash
b8451294e061c446e371b3bc0ea8afc7f1da78936f6d8845d1c579c9c366a2f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,X-Store,X-Referer,X-Csrf-Token,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
x-robots-tag
noindex, nofollow
cache-control
max-age=1800, no-cache, private
access-control-expose-headers
X-Csrf-Token
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS, PUT, PATCH, DELETE
date
Wed, 18 Dec 2024 11:46:19 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx/1.18.0
last-modified
1733792956
x-powered-by
PHP/7.1.33
js
www.googletagmanager.com/gtag/ 		324 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-SEK6GZLTX1
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.104 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
e9bae6de4041d145964f88e0c218c5ca2d6d2a15038c9c493d96072d12320927
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 18 Dec 2024 11:46:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 11:46:18 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109870
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		324 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-SEK6GZLTX1&l=dataLayer&cx=c&gtm=45He4cc1v851775438za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N7S5Q7H
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.104 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
cbec0e687b997eaffb0c782c9ef9d3025e0d4c1ba6f06da4566b6ab1ee69236a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 18 Dec 2024 11:46:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 11:46:18 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109894
x-xss-protection
0
server
Google Tag Manager
aem.js
wsmcdn.audioeye.com/ 		1 KB
685 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wsmcdn.audioeye.com/aem.js
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.29.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21ce02759d64e769ea019147538ea0e16ed158b5227892e712d0aa170094bdd2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
max-age=120
content-encoding
br
cf-cache-status
HIT
etag
W/"09bce93342ee26a0f93a6636adad9b46"
age
86
cf-ray
8f3ee9664deeac33-YYZ
date
Wed, 18 Dec 2024 11:46:19 GMT
content-type
application/javascript
vary
Accept-Encoding
surrogate-keys
server
cloudflare
430195.png
sa1s3optim.patientpop.com/assets/docs/ 		11 KB
11 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://sa1s3optim.patientpop.com/assets/docs/430195.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
3e5ee6cd7980711fc17f0b0bac85a37de0d7da21c8a930f6c54678dceb3224a0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"bb5e02d5ada5173244e714941e49a7d796c38cd7"
age
17003035
x-amzn-requestid
bdc9312e-00cc-42e5-85b6-eb35507e4f44
expires
Wed, 04 Jun 2025 16:42:23 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Wx9NSVFRPT5wvlIviqiZDxvb_0Vbm_pYLgt7dTAJXkHyCoC8dsIpVw==
date
Tue, 04 Jun 2024 16:42:23 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
Y2eNWFG8IAMEEdQ=
x-amzn-remapped-date
Tue, 04 Jun 2024 16:42:22 GMT
x-amzn-trace-id
Root=1-665f43ee-34c208284455b4664c94a990;Parent=2cb20ec3908871f5;Sampled=0;lineage=ceee4eea:0
via
1.1 e453cfec7ab7b0f50057381607edb486.cloudfront.net (CloudFront), 1.1 b3003c57fbd2e21494d8839411ec9fa6.cloudfront.net (CloudFront)
content-length
10934
x-amz-cf-pop
IAD89-P2, JFK52-P7
originCountry
capture-api.reachlocalservices.com/ 		36 B
588 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capture-api.reachlocalservices.com/originCountry
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-101.jfk52.r.cloudfront.net
Software
/
Resource Hash
cf62dd6c5566a94cdab6c86b4559bd31de00d2769326459801d6710f0242631c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www.naturalfacedr.com/

Response headers

x-amz-apigw-id
C_FiBFZ3vHcEVig=
x-amzn-trace-id
Root=1-6762b60c-079c34af176089733a45f1e7;Parent=4671f0279a1e7077;Sampled=0;Lineage=1:a245b58f:0
access-control-allow-credentials
true
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
x-amzn-requestid
1ae82b57-22ae-4da0-b01b-85046a366cdc
via
1.1 90707ba4ec932f1b72abfb5c4f1add2e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
36
x-amz-cf-id
KIy7DO6Shi34LUSYvwYFvDBsxCKcm7R3H0VbSpmP1g_uc8sb-1JNgw==
date
Wed, 18 Dec 2024 11:46:20 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P3
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
originCountry
capture-api.reachlocalservices.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://capture-api.reachlocalservices.com/originCountry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-101.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.naturalfacedr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
GET,OPTIONS
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Wed, 18 Dec 2024 11:46:20 GMT
via
1.1 90707ba4ec932f1b72abfb5c4f1add2e.cloudfront.net (CloudFront)
x-amz-apigw-id
C_Fh_E3ovHcEtOw=
x-amz-cf-id
N6viCiWn4aklxuOQP1hSQhaRdJr4xv4VDCx17c3V0z_xndKujF7VGg==
x-amz-cf-pop
JFK52-P3
x-amzn-requestid
7ba9436b-156d-487e-890c-546ef227c7c5
x-cache
Miss from cloudfront
430195.png
sa1s3optim.patientpop.com/assets/docs/ 		11 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://sa1s3optim.patientpop.com/assets/docs/430195.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
3.168.122.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-122-12.jfk52.r.cloudfront.net
Software
/
Resource Hash
3e5ee6cd7980711fc17f0b0bac85a37de0d7da21c8a930f6c54678dceb3224a0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

etag
"bb5e02d5ada5173244e714941e49a7d796c38cd7"
age
17003035
x-amzn-requestid
bdc9312e-00cc-42e5-85b6-eb35507e4f44
expires
Wed, 04 Jun 2025 16:42:23 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Wx9NSVFRPT5wvlIviqiZDxvb_0Vbm_pYLgt7dTAJXkHyCoC8dsIpVw==
date
Tue, 04 Jun 2024 16:42:23 GMT
content-type
image/png
cache-control
max-age=31536000,public
x-amz-apigw-id
Y2eNWFG8IAMEEdQ=
x-amzn-remapped-date
Tue, 04 Jun 2024 16:42:22 GMT
x-amzn-trace-id
Root=1-665f43ee-34c208284455b4664c94a990;Parent=2cb20ec3908871f5;Sampled=0;lineage=ceee4eea:0
via
1.1 e453cfec7ab7b0f50057381607edb486.cloudfront.net (CloudFront), 1.1 b3003c57fbd2e21494d8839411ec9fa6.cloudfront.net (CloudFront)
content-length
10934
x-amz-cf-pop
IAD89-P2, JFK52-P7
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-SEK6GZLTX1&gtm=45je4cc1v9119829643za200zb851775438&_p=1734522377972&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=957820341.1734522379&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734522379&sct=1&seg=0&dl=https%3A%2F%2Fwww.naturalfacedr.com%2F&dt=Robert%20M.%20Schwarcz%2C%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York%2C%20NY%20%26%20Rye%2C%20NY&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3544
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SEK6GZLTX1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.46 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f14.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.naturalfacedr.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 11:46:26 GMT
content-type
text/plain
server
Golfe2
bootstrap.js
wsv3cdn.audioeye.com/ 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/bootstrap.js?h=3867020eca8a7dae0e777e857bdd3508&cb=c86474f97
Requested by
Host: wsmcdn.audioeye.com
URL: https://wsmcdn.audioeye.com/aem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8c23f1e187cfecf1f6c20f2da3525c5978e8075494254abb576f53d376b0704

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
max-age=3600, s-maxage=21600
content-encoding
br
cf-cache-status
HIT
etag
W/"97d3d1f7f9657f39c7c7a0e4c8ea3f4e"
cf-ray
8f3ee96899aa39f0-YYZ
date
Wed, 18 Dec 2024 11:46:19 GMT
content-type
application/javascript
vary
Accept-Encoding
surrogate-keys
3867020eca8a7dae0e777e857bdd3508
server
cloudflare
loader.js
cdn-prd.patientpop.com/scheduling-booking-ui/static/js/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-prd.patientpop.com/scheduling-booking-ui/static/js/loader.js?apiDomain=https://api.patientpop.com
Requested by
Host: widgets.patientpop.com
URL: https://widgets.patientpop.com/bookonlinev2/router/22461
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.168.73.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-168-73-113.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e1bca0b8933be7544e52e3b1ac2ec42ae203300aaaab2341e4b68ea997b8f85

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-encoding
gzip
etag
W/"9a073c73c286fe2154e758a768646078"
x-amz-version-id
null
age
52563
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
iea3s6QiRoDRZqKTKJ4uHZtGXBNUn8JepGWuei0qi0j0LjymxSaCgA==
date
Tue, 17 Dec 2024 21:10:17 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Thu, 08 Aug 2024 00:35:35 GMT
via
1.1 cfe5ea671495866e5a4c623571ef38a8.cloudfront.net (CloudFront)
origin-agent-cluster
?0
x-amz-cf-pop
JFK50-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
loader.js
wsv3cdn.audioeye.com/v2/scripts/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=3867020eca8a7dae0e777e857bdd3508&lang=en&cb=c86474f97
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/bootstrap.js?h=3867020eca8a7dae0e777e857bdd3508&cb=c86474f97
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb583d39de0134c5783f96f6c4ce8a39f6f2c10e5af2b75f37ab2f5236cc813c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.naturalfacedr.com
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
max-age=60, s-maxage=7200, max-stale=86400, stale-while-revalidate=86400, public
surrogate-key
prod 3867020eca8a7dae0e777e857bdd3508 c86474f97
cf-cache-status
HIT
content-encoding
br
cf-ray
8f3ee969bc0baacd-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:19 GMT
content-type
text/javascript;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
last-modified
Wed, 18 Dec 2024 11:20:50 GMT
startup.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 		391 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/v2/scripts/loader.js?h=3867020eca8a7dae0e777e857bdd3508&lang=en&cb=c86474f97
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44339852d3638346c691143ce83c8a920132d365e4965f5cd5406f15aeaf5dc8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"cecae4e0ff2011bea208787f42ad3e09"
age
2142
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8f3ee96a7ab939f0-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:19 GMT
content-type
text/javascript
last-modified
Fri, 13 Dec 2024 22:23:21 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
tangoEngine.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 		54 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5303f73ee46cc9e63f025425eecbf1ef107b63596e1c2fbff43ee6f630915fd4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"77be324ff083a2475d5e9459640d03b9"
age
2146
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8f3ee96b1b2539f0-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:20 GMT
content-type
text/javascript
last-modified
Fri, 13 Dec 2024 22:23:21 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cookieStorage.html
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ Frame A573 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/cookieStorage.html
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.29.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.naturalfacedr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
age
2146
cf-cache-status
HIT
cf-ray
8f3ee96bd86936ac-YYZ
content-encoding
br
content-type
text/html
date
Wed, 18 Dec 2024 11:46:20 GMT
last-modified
Fri, 13 Dec 2024 22:23:20 GMT
server
cloudflare
vary
Accept-Encoding
send
analytics.audioeye.com/air/v0/ 		0
61 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.audioeye.com/air/v0/send
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-81-112.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.naturalfacedr.com/

Response headers

date
Wed, 18 Dec 2024 11:46:20 GMT
access-control-allow-origin
*
content-length
0
launcher.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/launcher.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ca7b24eed0f4a2b07471901a20b6e8825c6aa4242574a647563a8cdec38b08c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"b51dc529f7b414ac2aa1db366eda0ff2"
age
2146
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8f3ee96b7b5639f0-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:20 GMT
content-type
text/javascript
last-modified
Fri, 13 Dec 2024 22:23:20 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
compliance.css
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 		2 KB
691 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/compliance.css
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"21190dc484113930ea0a8022dabce414"
age
2146
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8f3ee96b7b5739f0-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:20 GMT
content-type
text/css
last-modified
Fri, 13 Dec 2024 22:23:20 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
compliance.bundle.js
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 		56 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/compliance.bundle.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/startup.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd58514bd6a84dc726da96beb4e7a87b310bcbfeeb509117b4f3963d78eb4cb2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"9672531013673cbcd35c813ada022f44"
age
2146
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8f3ee96b7b5a39f0-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:20 GMT
content-type
text/javascript
last-modified
Fri, 13 Dec 2024 22:23:20 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
fullCSS.bundle.css
wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/ 		57 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/launcher.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c7719e1df0498984ff2c45f950b216687d87747feb8f5496c41e69ad13f0738

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"beb8032c6badf6ae39e2eff29f7872c3"
age
2145
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8f3ee96bcb9639f0-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:20 GMT
content-type
text/css
last-modified
Fri, 13 Dec 2024 22:23:20 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
audioeye-scanner.js
wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.5/ 		335 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wsv3cdn.audioeye.com/static-scripts/audioeye-scanner/v8.3.5/audioeye-scanner.js
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68ff4707a08cd2b00384783f26e3ce2559fc65adc1fa5e0c348484092831709d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-expose-headers
Content-Length,Content-Range
content-encoding
br
cf-cache-status
HIT
etag
W/"7ca8f1e83694fce29e87363ffdccac01"
age
2769
access-control-allow-methods
GET, POST, OPTIONS
cf-ray
8f3ee96beba939f0-YYZ
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:20 GMT
content-type
text/javascript
last-modified
Thu, 12 Dec 2024 14:54:37 GMT
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
css2
fonts.googleapis.com/ 		2 KB
895 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/fullCSS.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.74 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f10.1e100.net
Software
ESF /
Resource Hash
d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://wsv3cdn.audioeye.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 18 Dec 2024 11:46:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 11:46:27 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 18 Dec 2024 10:18:14 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
gannett
um.simpli.fi/ 		33 B
583 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://um.simpli.fi/gannett
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
ca62e45ca921a169ec06906961d16b8112724af7bcb83485774615e9e15afa75
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
_.gif
fault.rlets.com/static/ 		43 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fault.rlets.com/static/_.gif?s=e99497ae-c56f-4f0a-8dcb-69ea5a607905&m=Unknown%20OS%20or%20OS%20Version&f=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F131.0.0.0%20Safari%2F537.36
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOWALL

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

x-frame-options
ALLOWALL
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
861456cfbf338afc5ec996e741b1c95c
cache-control
max-age=0, private, must-revalidate
etag
W/"42b976597a2d977d0e300f6d06bc903d"
content-transfer-encoding
binary
access-control-allow-methods
GET, POST, PUT, OPTIONS
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
image/gif
content-disposition
inline
x-runtime
0.002256
access-control-allow-headers
Content-Type
capture.js
cdn.rlets.com/capture_static/mms/ Frame D264 		175 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rlets.com/capture_static/mms/capture.js
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.252.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-252-20.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b9cdd322e6832594a26813a0068e156ade500086257a2809bad22e9065824fa1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop
JFK50-P10
content-encoding
br
etag
W/"2cbdf502bae7e4ec5488aae66650a23c"
age
36288
via
1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
hEUMIpc3XhVG7ltbqgw7tI8sdadVNqNVYlzBQphZs0x5U8AjOuPqiw==
date
Wed, 18 Dec 2024 01:41:34 GMT
content-type
text/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 09 Dec 2024 17:45:06 GMT
x-amz-server-side-encryption
AES256
capture.js
cdn.rlets.com/capture_static/mms/ Frame 97BD 		175 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rlets.com/capture_static/mms/capture.js
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.252.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-252-20.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b9cdd322e6832594a26813a0068e156ade500086257a2809bad22e9065824fa1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop
JFK50-P10
content-encoding
br
etag
W/"2cbdf502bae7e4ec5488aae66650a23c"
age
36288
via
1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
hEUMIpc3XhVG7ltbqgw7tI8sdadVNqNVYlzBQphZs0x5U8AjOuPqiw==
date
Wed, 18 Dec 2024 01:41:34 GMT
content-type
text/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 09 Dec 2024 17:45:06 GMT
x-amz-server-side-encryption
AES256
capture.js
cdn.rlets.com/capture_static/mms/ Frame E556 		175 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rlets.com/capture_static/mms/capture.js
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.252.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-252-20.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b9cdd322e6832594a26813a0068e156ade500086257a2809bad22e9065824fa1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop
JFK50-P10
content-encoding
br
etag
W/"2cbdf502bae7e4ec5488aae66650a23c"
age
36288
via
1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
hEUMIpc3XhVG7ltbqgw7tI8sdadVNqNVYlzBQphZs0x5U8AjOuPqiw==
date
Wed, 18 Dec 2024 01:41:34 GMT
content-type
text/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 09 Dec 2024 17:45:06 GMT
x-amz-server-side-encryption
AES256
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.naturalfacedr.com
URL: https://www.naturalfacedr.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 47D2BBC209EC49FCA4334850439077C6 Ref B: YTO01EDGE0518 Ref C: 2024-12-18T11:46:22Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/ 		284 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-826568782
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.104 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
94b6f884f426d8509b7e2d59f91cddf54c6629ff0dde661d5e448f8634992724
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 18 Dec 2024 11:46:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 18 Dec 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
100172
x-xss-protection
0
server
Google Tag Manager
3f25cc00-b9ab-0134-0eba-0cc47a63c1a4
tag.simpli.fi/sifitag/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.simpli.fi/sifitag/3f25cc00-b9ab-0134-0eba-0cc47a63c1a4
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.86.110.8 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.110.86.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
80b2b66c15e12e819f1ddd5edc105cff199c756544f6aaee4736e156aaaa22c0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

x-request-id
GBJC6pOLgvuT3fLuWgOC
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
openresty
gannett
um.simpli.fi/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://um.simpli.fi/gannett
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.naturalfacedr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/plain; charset=UTF-8
date
Wed, 18 Dec 2024 11:46:21 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
storage.html
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/ Frame EBDE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length
2056
content-type
text/html
date
Wed, 18 Dec 2024 11:46:18 GMT
last-modified
Tue, 10 Dec 2024 22:51:08 GMT
storage.html
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/ Frame CAF7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length
2056
content-type
text/html
date
Wed, 18 Dec 2024 11:46:18 GMT
last-modified
Tue, 10 Dec 2024 22:51:08 GMT
storage.html
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/ Frame 4788 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length
2056
content-type
text/html
date
Wed, 18 Dec 2024 11:46:18 GMT
last-modified
Tue, 10 Dec 2024 22:51:08 GMT
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.naturalfacedr.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1527536850.1734522381&dt=Robert%20M.%20Schwarcz%2C%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York%2C%20NY%20%26%20Rye%2C%20NY&auid=57660696.1734522381&navt=n&npa=0&gtm=45be4cc1za200&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734522381306&tfd=5717&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-826568782
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/826568782/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/826568782/?random=1734522381297&cv=11&fst=1734522381297&bg=ffffff&guid=ON&async=1&gtm=45be4cc1za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.naturalfacedr.com%2F&hn=www.googleadservices.com&frm=0&tiba=Robert%20M.%20Schwarcz%2C%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York%2C%20NY%20%26%20Rye%2C%20NY&npa=0&pscdl=noapi&auid=57660696.1734522381&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-826568782
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
caa6ad4fa5441ecc608a5ec060f1c11d0b589b31b4ef67f57e99020a5fdc7d1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2303
date
Wed, 18 Dec 2024 11:46:21 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
826568782
td.doubleclick.net/td/rul/ Frame 6864 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/826568782?random=1734522381297&cv=11&fst=1734522381297&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.naturalfacedr.com%2F&hn=www.googleadservices.com&frm=0&tiba=Robert%20M.%20Schwarcz%2C%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York%2C%20NY%20%26%20Rye%2C%20NY&npa=0&pscdl=noapi&auid=57660696.1734522381&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-826568782
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.165.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lax30s03-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.naturalfacedr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 18 Dec 2024 11:46:24 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame 679C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fwww.naturalfacedr.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-826568782
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.104 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f8.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
482668
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Thu, 12 Dec 2024 21:41:55 GMT
expires
Fri, 12 Dec 2025 21:41:55 GMT
last-modified
Thu, 12 Dec 2024 10:18:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
capture.js
cdn.rlets.com/capture_static/mms/ Frame A3A2 		175 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rlets.com/capture_static/mms/capture.js
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.252.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-252-20.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b9cdd322e6832594a26813a0068e156ade500086257a2809bad22e9065824fa1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop
JFK50-P10
content-encoding
br
etag
W/"2cbdf502bae7e4ec5488aae66650a23c"
age
36288
via
1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
hEUMIpc3XhVG7ltbqgw7tI8sdadVNqNVYlzBQphZs0x5U8AjOuPqiw==
date
Wed, 18 Dec 2024 01:41:34 GMT
content-type
text/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Mon, 09 Dec 2024 17:45:06 GMT
x-amz-server-side-encryption
AES256
gannett
um.simpli.fi/ Frame E556 		33 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://um.simpli.fi/gannett
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
880c5f402b5eec862a17e422808192a0ca9b4d2d906fe43723f062629655a838
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
gannett
um.simpli.fi/ Frame D264 		33 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://um.simpli.fi/gannett
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
6b2dccc13a3660fa942b1856c554bfead229af482ad2353b9f434f07b44a5598
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
visits
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/api/v1/ 		0
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/api/v1/visits
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOWALL

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www.naturalfacedr.com/

Response headers

x-frame-options
ALLOWALL
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
b7f1e97b88ba0b9b278d978809e1557c
cache-control
no-cache
access-control-allow-methods
GET, POST, PUT, OPTIONS
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:23 GMT
content-type
text/html
x-runtime
0.008145
access-control-allow-headers
Content-Type
gannett
um.simpli.fi/ Frame 97BD 		33 B
587 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://um.simpli.fi/gannett
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
6c62bac3d206a6fb50c5fed33758bd51e584c91ab6d2d301fc806e2d29e56b20
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
storage.html
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/ Frame 16CD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/static/storage.html
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length
2056
content-type
text/html
date
Wed, 18 Dec 2024 11:46:18 GMT
last-modified
Tue, 10 Dec 2024 22:51:08 GMT
visits
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/api/v1/visits
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.168.224.78 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
78.224.168.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOWALL

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.naturalfacedr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, PUT, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-type
text/html
date
Wed, 18 Dec 2024 11:46:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-frame-options
ALLOWALL
x-request-id
52d9622546f3305b87261e0337b6f535
x-runtime
0.002089
/
www.google.com/pagead/1p-user-list/826568782/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/826568782/?random=1734522381297&cv=11&fst=1734519600000&bg=ffffff&guid=ON&async=1&gtm=45be4cc1za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.naturalfacedr.com%2F&hn=www.googleadservices.com&frm=0&tiba=Robert%20M.%20Schwarcz%2C%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York%2C%20NY%20%26%20Rye%2C%20NY&npa=0&pscdl=noapi&auid=57660696.1734522381&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dLu-iQBcxxPyyIzFOBPblQz3sefQTFA&random=383726759&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 18 Dec 2024 11:46:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.ca/pagead/1p-user-list/826568782/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/826568782/?random=1734522381297&cv=11&fst=1734519600000&bg=ffffff&guid=ON&async=1&gtm=45be4cc1za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.naturalfacedr.com%2F&hn=www.googleadservices.com&frm=0&tiba=Robert%20M.%20Schwarcz%2C%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York%2C%20NY%20%26%20Rye%2C%20NY&npa=0&pscdl=noapi&auid=57660696.1734522381&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dLu-iQBcxxPyyIzFOBPblQz3sefQTFA&random=383726759&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.3 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 18 Dec 2024 11:46:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
p
i.simpli.fi/ 		798 B
763 B 		Script
General
Check archive.org
Download Go to
Full URL
https://i.simpli.fi/p?cid=25&cb=sifi_att_42656._hp
Requested by
Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/3f25cc00-b9ab-0134-0eba-0cc47a63c1a4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.86.110.8 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.110.86.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
c8cbc0c8f1f014e1fb9e45de5d97316b0574dbb7270d033988cb12e565c016de

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Wed, 18 Dec 2024 11:46:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
openresty
receive
pixel.tapad.com/idsync/ex/
Redirect Chain
  • https://um.simpli.fi/smaato
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=E2176E280970405FADA57BD5208BE231
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3372&partner_device_id=e010544c85
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%252C%252C&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%252C%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=639eedf8-6484-4c4a-9468-4df7a5c894f0&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%2C%2C
95 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=639eedf8-6484-4c4a-9468-4df7a5c894f0&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%2C%2C
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=31536000
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
95
date
Wed, 18 Dec 2024 11:46:38 GMT
content-type
image/png
server
Jetty(11.0.13)

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=639eedf8-6484-4c4a-9468-4df7a5c894f0&ttd_puid=bf19336b-5440-450b-a033-76c2f91a0a93%2C%2C
content-length
359
date
Wed, 18 Dec 2024 11:46:38 GMT
server
Kestrel
RX-00dca97c-382b-4406-b72c-3fab36206f43-005
sync.targeting.unrulymedia.com/csync/
Redirect Chain
  • https://um.simpli.fi/nexxen
  • https://sync.1rx.io/usersync/simplifi/E2176E280970405FADA57BD5208BE231
  • https://sync.1rx.io/usersync/simplifi/E2176E280970405FADA57BD5208BE231?zcc=1&cb=1734522362182
  • https://sync.targeting.unrulymedia.com/csync/RX-00dca97c-382b-4406-b72c-3fab36206f43-005
43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-00dca97c-382b-4406-b72c-3fab36206f43-005
Protocol
H2
Server
69.194.240.13 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
/
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
date
Wed, 18 Dec 2024 11:46:23 GMT
content-length
43

Redirect headers

expires
0
cache-control
no-store, no-cache, must-revalidate
location
https://sync.targeting.unrulymedia.com/csync/RX-00dca97c-382b-4406-b72c-3fab36206f43-005
date
Wed, 18 Dec 2024 11:46:23 GMT
pragma
no-cache
content-type
text/html
xuid
eb2.3lift.com/
Redirect Chain
  • https://um.simpli.fi/triplelift
  • https://eb2.3lift.com/xuid?mid=7969&xuid=E2176E280970405FADA57BD5208BE231&dongle=yf3
  • https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=E2176E280970405FADA57BD5208BE231&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
37 B
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=E2176E280970405FADA57BD5208BE231&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date
Wed, 18 Dec 2024 11:46:23 GMT
content-type
image/gif

Redirect headers

cache-control
no-cache, no-store, must-revalidate
location
/xuid?ld=1&mid=7969&xuid=E2176E280970405FADA57BD5208BE231&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date
Wed, 18 Dec 2024 11:46:23 GMT
sync
simplifi.partners.tremorhub.com/
Redirect Chain
  • https://um.simpli.fi/telaria_p
  • https://simplifi.partners.tremorhub.com/sync?UISF=E2176E280970405FADA57BD5208BE231
43 B
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simplifi.partners.tremorhub.com/sync?UISF=E2176E280970405FADA57BD5208BE231
Protocol
H2
Server
34.239.33.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-239-33-178.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Wed, 18 Dec 2024 11:46:37 GMT
content-type
image/gif
server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://simplifi.partners.tremorhub.com/sync?UISF=E2176E280970405FADA57BD5208BE231
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 17 Dec 2024 11:46:22 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain
  • https://um.simpli.fi/tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=E2176E280970405FADA57BD5208BE231
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=E2176E280970405FADA57BD5208BE231
95 B
428 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=E2176E280970405FADA57BD5208BE231
Protocol
H2
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=31536000
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
95
date
Wed, 18 Dec 2024 11:46:25 GMT
content-type
image/png
server
Jetty(11.0.13)

Redirect headers

strict-transport-security
max-age=31536000
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=E2176E280970405FADA57BD5208BE231
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Wed, 18 Dec 2024 11:46:25 GMT
server
Jetty(11.0.13)
empty.gif
um.simpli.fi/
Redirect Chain
  • https://um.simpli.fi/ad_advisor
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=E2176E280970405FADA57BD5208BE231
  • https://d.agkn.com/pixel/10751/?che=1734522397782&ip=154.47.17.42&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D214180605100011776145
  • https://um.simpli.fi/aa_px?sk=214180605100011776145
  • https://um.simpli.fi/empty.gif
43 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/empty.gif
Protocol
H2
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
43
date
Wed, 18 Dec 2024 11:46:38 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
location
/empty.gif
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
142
date
Wed, 18 Dec 2024 11:46:38 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain
  • https://um.simpli.fi/intentiq
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=E2176E280970405FADA57BD5208BE231
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=E2176E280970405FADA57BD5208BE231&ckls=true&ci=41g4tBQ76j&nc=false&trid=1857837527
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=E2176E280970405FADA57BD5208BE231&ckls=true&ci=41g4tBQ76j&nc=false&trid=1857837527
Protocol
H2
Server
18.173.219.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-219-5.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 686217785c5aa257660a5a0c173f7be8.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P1
x-amz-cf-id
sMfFJ6cHva-Bh7_amjYiVC5uzC1nSIss0u49vmKDURn5-UoFLDGgyQ==

Redirect headers

patent
https://www.almondnet.com/ip
cache-control
no-cache, no-store, must-revalidate
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=E2176E280970405FADA57BD5208BE231&ckls=true&ci=41g4tBQ76j&nc=false&trid=1857837527
pragma
no-cache
via
1.1 686217785c5aa257660a5a0c173f7be8.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P1
x-amz-cf-id
OiaCd00t8sKifQOSSLVUPH6WatrE8nxM9po45qc4-WsvtM_RUaQGPQ==
Pug
image2.pubmatic.com/AdServer/
Redirect Chain
  • https://um.simpli.fi/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E2176E280970405FADA57BD5208BE231
42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E2176E280970405FADA57BD5208BE231
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-store, no-cache, private
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 18 Dec 2024 11:18:33 GMT
content-type
image/gif; charset=utf-8
server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E2176E280970405FADA57BD5208BE231
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 17 Dec 2024 11:46:22 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
user-registering
ads.stickyadstv.com/
Redirect Chain
  • https://um.simpli.fi/freewheel
  • https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=E2176E280970405FADA57BD5208BE231
43 B
655 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=E2176E280970405FADA57BD5208BE231
Protocol
HTTP/1.1
Server
63.251.28.230 Secaucus, United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache
Pragma
no-cache
x-sticky-vk
1734522389822056-115
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Date
Wed, 18 Dec 2024 11:46:29 GMT
Content-Type
image/gif
Server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=E2176E280970405FADA57BD5208BE231
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 17 Dec 2024 11:46:22 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
engine
pbid.pro-market.net/
Redirect Chain
  • https://um.simpli.fi/dtnx
  • https://fei.pro-market.net/engine?du=24;csync=E2176E280970405FADA57BD5208BE231;mimetype=img;
  • https://fei.pro-market.net/engine?du=24;csync=E2176E280970405FADA57BD5208BE231;mimetype=img;sr
  • https://cms.analytics.yahoo.com/cms?partner_id=DATCS
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS&verify=true
  • https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-OCL8fF9E2pRF4tVHr_A_NmQG5EijM4wsdsQ-~A
43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-OCL8fF9E2pRF4tVHr_A_NmQG5EijM4wsdsQ-~A
Protocol
H2
Server
107.178.240.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.240.178.107.bc.googleusercontent.com
Software
Apache-Coyote/1.1 /
Resource Hash
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
anserver
gapp1
expires
Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin
*
alt-svc
clear
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-length
43
date
Wed, 18 Dec 2024 11:46:25 GMT
content-type
image/gif
server
Apache-Coyote/1.1

Redirect headers

strict-transport-security
max-age=31536000
location
https://pbid.pro-market.net/engine?du=81&mimetype=img&csync=y-OCL8fF9E2pRF4tVHr_A_NmQG5EijM4wsdsQ-~A
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 18 Dec 2024 11:46:26 GMT
content-type
text/html
server
ATS
/
loadm.exelator.com/load/
Redirect Chain
  • https://um.simpli.fi/exelatem
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=E2176E280970405FADA57BD5208BE231&j=0
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=E2176E280970405FADA57BD5208BE231&j=0&xl8blockcheck=1
0
767 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadm.exelator.com/load/?p=204&g=2191&simid=E2176E280970405FADA57BD5208BE231&j=0&xl8blockcheck=1
Protocol
H2
Server
34.229.3.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-229-3-43.compute-1.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Wed, 18 Dec 2024 11:46:22 GMT
x-powered-by
Undertow/1
server
nginx
access-control-allow-credentials
true

Redirect headers

cache-control
no-cache
location
https://loadm.exelator.com/load/?p=204&g=2191&simid=E2176E280970405FADA57BD5208BE231&j=0&xl8blockcheck=1
access-control-allow-credentials
true
content-length
0
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
image/gif
x-powered-by
Undertow/1
server
nginx
sync
ups.analytics.yahoo.com/ups/55964/
Redirect Chain
  • https://um.simpli.fi/yahoo
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=E2176E280970405FADA57BD5208BE231
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=E2176E280970405FADA57BD5208BE231&verify=true
0
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55964/sync?uid=E2176E280970405FADA57BD5208BE231&verify=true
Protocol
H2
Server
69.147.92.11 Ashburn, United States, ASN14777 (YAHOO, US),
Reverse DNS
e1.ycpi.vip.dca.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 18 Dec 2024 11:46:26 GMT
age
0
content-type
text/html
server
ATS
referrer-policy
no-referrer-when-downgrade

Redirect headers

strict-transport-security
max-age=31536000
location
https://ups.analytics.yahoo.com/ups/55964/sync?uid=E2176E280970405FADA57BD5208BE231&verify=true
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Wed, 18 Dec 2024 11:46:26 GMT
content-type
text/html
server
ATS
sync
sync.bfmio.com/
Redirect Chain
  • https://um.simpli.fi/beachfront
  • https://sync.bfmio.com/sync?pid=141&uid=E2176E280970405FADA57BD5208BE231
0
421 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.bfmio.com/sync?pid=141&uid=E2176E280970405FADA57BD5208BE231
Protocol
HTTP/1.1
Server
52.201.85.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-85-232.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

Date
Wed, 18 Dec 2024 11:46:22 GMT
Connection
keep-alive

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://sync.bfmio.com/sync?pid=141&uid=E2176E280970405FADA57BD5208BE231
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 17 Dec 2024 11:46:22 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
29931
stags.bluekai.com/site/
Redirect Chain
  • https://um.simpli.fi/bluekai
  • https://stags.bluekai.com/site/29931?id=E2176E280970405FADA57BD5208BE231
0
0
tpid=E2176E280970405FADA57BD5208BE231
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/
Redirect Chain
  • https://um.simpli.fi/crwdcntrl
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=E2176E280970405FADA57BD5208BE231
  • https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=E2176E280970405FADA57BD5208BE231
49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=E2176E280970405FADA57BD5208BE231
Protocol
H2
Server
52.54.3.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-3-156.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache
pragma
no-cache
expires
0
access-control-allow-origin
*
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
49
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
image/gif
x-server
10.40.3.87
server
Jetty(9.4.38.v20210224)

Redirect headers

cache-control
no-cache
location
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=E2176E280970405FADA57BD5208BE231
pragma
no-cache
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
0
date
Wed, 18 Dec 2024 11:46:22 GMT
x-server
10.40.61.109
server
Jetty(9.4.38.v20210224)
merge
ce.lijit.com/
Redirect Chain
  • https://um.simpli.fi/lj_match
  • https://ce.lijit.com/merge?pid=2&3pid=E2176E280970405FADA57BD5208BE231
  • https://ce.lijit.com/merge?pid=2&3pid=E2176E280970405FADA57BD5208BE231&dnr=1
43 B
511 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=2&3pid=E2176E280970405FADA57BD5208BE231&dnr=1
Protocol
H2
Server
35.173.105.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-105-65.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma
no-cache
expires
Fri, 20 Mar 2009 00:00:00 GMT
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 18 Dec 2024 11:46:37 GMT
content-type
image/gif
vary
Accept-Encoding

Redirect headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
location
https://ce.lijit.com/merge?pid=2&3pid=E2176E280970405FADA57BD5208BE231&dnr=1
pragma
no-cache
expires
Fri, 20 Mar 2009 00:00:00 GMT
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 18 Dec 2024 11:46:37 GMT
vary
Accept-Encoding
sync
pippio.com/api/
Redirect Chain
  • https://um.simpli.fi/liveramp_match
  • https://idsync.rlcdn.com/419566.gif?partner_uid=E2176E280970405FADA57BD5208BE231
  • https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogRTIxNzZFMjgwOTcwNDA1RkFEQTU3QkQ1MjA4QkUyMzEQABoNCJ3sirsGEgUI6AcQAEIASgA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=864dfb8cbc26d3ee29794300e5d346498e25a1d76229d4e34c2f34c7954c80cf791426b5417dce21&_=2
42 B
571 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pippio.com/api/sync?pid=5324&it=1&iv=864dfb8cbc26d3ee29794300e5d346498e25a1d76229d4e34c2f34c7954c80cf791426b5417dce21&_=2
Protocol
H2
Server
107.178.254.65 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
65.254.178.107.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-cache, no-store
timing-allow-origin
*
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
42
date
Wed, 18 Dec 2024 11:46:38 GMT
content-type
image/gif

Redirect headers

cache-control
no-cache, no-store
timing-allow-origin
*
location
https://pippio.com/api/sync?pid=5324&it=1&iv=864dfb8cbc26d3ee29794300e5d346498e25a1d76229d4e34c2f34c7954c80cf791426b5417dce21&_=2
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length
0
date
Wed, 18 Dec 2024 11:46:37 GMT
/
www.google.ca/pagead/1p-conversion/1026675585/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1734522381848&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHB...
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFs...
  • https://www.google.ca/pagead/1p-conversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQ...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAg&pscrd=IhMI6b68s5-xigMVSExHAR2s9DIIMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL3d3dy5uYXR1cmFsZmFjZWRyLmNvbS8&is_vtc=1&cid=CAQSKQCa7L7d_suTOB5SLud_5Jp_iugpKjj8QxJ7gd-bKECx3DwsvKQsAJih&random=1203890119&ipr=y
Protocol
H3
Server
142.250.80.3 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 18 Dec 2024 11:46:22 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.ca/pagead/1p-conversion/1026675585/?random=442995956&cv=7&fst=1734522381848&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAg&pscrd=IhMI6b68s5-xigMVSExHAR2s9DIIMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh5odHRwczovL3d3dy5uYXR1cmFsZmFjZWRyLmNvbS8&is_vtc=1&cid=CAQSKQCa7L7d_suTOB5SLud_5Jp_iugpKjj8QxJ7gd-bKECx3DwsvKQsAJih&random=1203890119&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 18 Dec 2024 11:46:22 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
spotx_match
um.simpli.fi/ 		0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/spotx_match
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

access-control-allow-methods
GET, POST, OPTIONS
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:22 GMT
x-content-type-options
nosniff
bounce
ib.adnxs.com/
Redirect Chain
  • https://um.simpli.fi/an
  • https://ib.adnxs.com/setuid?entity=66&code=E2176E280970405FADA57BD5208BE231
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DE2176E280970405FADA57BD5208BE231
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DE2176E280970405FADA57BD5208BE231
Protocol
H2
Server
68.67.179.87 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
154.47.17.42; 154.47.17.42; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
faed1236-9739-4f3f-919a-9987eaa04671
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 18 Dec 2024 11:46:37 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DE2176E280970405FADA57BD5208BE231
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
154.47.17.42; 154.47.17.42; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
7dde7aa3-17c3-4833-a1ec-232b22c41535
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 18 Dec 2024 11:46:37 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://um.simpli.fi/rb_match
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=E2176E280970405FADA57BD5208BE231&expires=365
42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=E2176E280970405FADA57BD5208BE231&expires=365
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
0228ab361cece0438ff9eb16e4e5890e
Pragma
no-cache
content-length
42
Content-Type
image/gif

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=E2176E280970405FADA57BD5208BE231&expires=365
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Tue, 17 Dec 2024 11:46:22 GMT
access-control-allow-origin
*
content-length
142
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://um.simpli.fi/ox_match
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=E2176E280970405FADA57BD5208BE231
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=E2176E280970405FADA57BD5208BE231&cc=1
43 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072966&val=E2176E280970405FADA57BD5208BE231&cc=1
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
x-forwarded-for
154.47.17.42
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 18 Dec 2024 11:46:37 GMT
content-type
image/gif
vary
Accept

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537072966&val=E2176E280970405FADA57BD5208BE231&cc=1
x-forwarded-for
154.47.17.42
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 18 Dec 2024 11:46:36 GMT
content-type
text/plain; charset=utf-8
vary
Origin
g_match
um.simpli.fi/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEClYWZ-jVdrTAIoj9KqX97E&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E2176E280970405FADA57BD5208BE231
  • https://um.simpli.fi/g_match?id=
0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/g_match?id=
Protocol
H2
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Tue, 17 Dec 2024 11:46:22 GMT
access-control-allow-origin
*
date
Wed, 18 Dec 2024 11:46:22 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

cache-control
no-cache, must-revalidate
location
https://um.simpli.fi/g_match?id=
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
229
date
Wed, 18 Dec 2024 11:46:22 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
97137903.js
bat.bing.com/p/action/ 		363 B
423 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/97137903.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D42FD8C04FCD4AAEAA3DFC325E0FFAEE Ref B: YTO01EDGE0518 Ref C: 2024-12-18T11:46:22Z
x-cache
CONFIG_NOCACHE
date
Wed, 18 Dec 2024 11:46:22 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
0
bat.bing.com/action/ 		0
359 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=97137903&Ver=2&mid=388f0644-0738-4d3c-b0e6-e2b50963d166&bo=1&sid=b444e080bd3511ef9a0815e415804d48&vid=b4458580bd3511ef95e5173b98195dbb&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Robert%20M.%20Schwarcz,%20MD%20%3A%20Cosmetic%20Surgery%3A%20Upper%20East%20Side%20New%20York,%20NY%20%26%20Rye,%20NY&p=https%3A%2F%2Fwww.naturalfacedr.com%2F&r=&lt=3294&evt=pageLoad&sv=1&cdb=AQAQ&rn=249859
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.naturalfacedr.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 29F7C98D10634418B4CF9630E5654977 Ref B: YTO01EDGE0518 Ref C: 2024-12-18T11:46:22Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 18 Dec 2024 11:46:22 GMT
insights
capturelogger-prod-usa.localiq.com/capture_logger/api/v1/ 		16 B
579 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capturelogger-prod-usa.localiq.com/capture_logger/api/v1/insights
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/e99/497/aec/56f4f0a8dcb69ea5a607905.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.70.182.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-70-182-28.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www.naturalfacedr.com/

Response headers

access-control-max-age
7200
x-request-id
54343663-d6d7-4aec-ac6e-303b111d8fdc
access-control-expose-headers
etag
W/"c955e57777ec0d73639dca6748560d00"
x-permitted-cross-domain-policies
none
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Dec 2024 11:46:23 GMT
content-type
application/json; charset=utf-8
vary
Accept, Origin
x-runtime
0.009178
x-frame-options
SAMEORIGIN
cache-control
max-age=0, private, must-revalidate
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
x-download-options
noopen
access-control-allow-origin
*
x-xss-protection
1; mode=block
insights
capturelogger-prod-usa.localiq.com/capture_logger/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://capturelogger-prod-usa.localiq.com/capture_logger/api/v1/insights
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.70.182.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-70-182-28.us-west-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.naturalfacedr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 18 Dec 2024 11:46:23 GMT
via
1.1 google
truncated
/ 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.naturalfacedr.com
Referer

Response headers

Content-Type
font/truetype
Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2
fonts.gstatic.com/s/schibstedgrotesk/v3/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/schibstedgrotesk/v3/Jqz55SSPQuCQF3t8uOwiUL-taUTtap9Gayo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Schibsted+Grotesk:wght@400;600&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f3.1e100.net
Software
sffe /
Resource Hash
6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.naturalfacedr.com
Referer
https://fonts.googleapis.com/

Response headers

age
427433
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 13 Dec 2025 13:02:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 13 Dec 2024 13:02:34 GMT
last-modified
Tue, 02 May 2023 14:49:56 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
46764
x-xss-protection
0
server
sffe
report
analytics.audioeye.com/v2/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.audioeye.com/v2/report
Requested by
Host: wsv3cdn.audioeye.com
URL: https://wsv3cdn.audioeye.com/static-scripts/v2/c86474f97/tangoEngine.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-81-112.us-west-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://www.naturalfacedr.com/

Response headers

date
Wed, 18 Dec 2024 11:46:29 GMT
access-control-allow-origin
*
content-length
0
report
analytics.audioeye.com/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://analytics.audioeye.com/v2/report
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.81.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-81-112.us-west-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.naturalfacedr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Wed, 18 Dec 2024 11:46:29 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sa1s3.patientpop.com
URL
https://sa1s3.patientpop.com/assets/docs/351330.ttf
Domain
stags.bluekai.com
URL
https://stags.bluekai.com/site/29931?id=E2176E280970405FADA57BD5208BE231

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| dataLayer string| recaptcha_public_key function| checkForNonLoadedIframes function| Hashids object| pop function| $ function| jQuery function| googleMapsScriptLoaded object| jQuery111103350520287453089 function| _ function| Chosen function| getCookie function| setCookie function| validateDate function| validatePhone function| isValidEmailAddress function| timeInMinutes function| getUrlParameters function| getUrlParameter function| clone function| isIE9OrBelow function| goToByScroll function| brightenColor function| rgb2hex object| patientpop function| recaptchaCallback object| google_tag_manager object| google_tag_data object| rl_widget_cfg object| RLCAP object| captureStatus number| PPoppracticeId string| PPoppracticeUuid object| PPop function| gtag function| ppTrackEvent boolean| ppGA4Enabled string| __AudioEyeSiteHash function| onYouTubeIframeAPIReady object| gaGlobal boolean| __audioEyeInitialized function| readyCallback object| __audioEyeContext boolean| __audioEyeRunnerComplete number| __AudioEyeInitialLoadTime object| __AudioEyePerformance object| BookOnlineFrame string| aecb function| ae_choose function| loadStaticScript function| loaderFunction number| __AudioEyeLoaderStartTime object| AudioEye object| AudioEyeWebpackJsonp function| $ae function| ae_jQuery object| uetq object| GooglebQhCsO object| RL object| sifi_att_42656 function| UET function| UET_init function| UET_push object| ueto_3e1e4f6d8d

78 Cookies

Domain/Path Name / Value
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: test
Value: test
.naturalfacedr.com/ Name: _ga_SEK6GZLTX1
Value: GS1.1.1734522379.1.0.1734522379.0.0.0
.naturalfacedr.com/ Name: _ga
Value: GA1.1.957820341.1734522379
widgets.patientpop.com/ Name: AWSALBCORS
Value: AzwiCsJ4mSyYkUDeV8dUEuFMR/2v8qpYWj4pSaHQb5OjdBG6ZIYpdQaa6+M1q35xiwQyco/7dlExtyfec1R2so941m8CYCmCCjPbSCgTfdk3Imrc7u2Oy1WUj6g3
www.naturalfacedr.com/ Name: _aeaid
Value: 95375272-fa2c-4084-b7f6-0627cc829ead
www.naturalfacedr.com/ Name: aelastsite
Value: PZzq7cZvmToNygZAfJkqfOOz46ZADfrTmnFlHBwKz1bsyPyTobCHzCzcn%2FNulsl4
www.naturalfacedr.com/ Name: aelreadersettings
Value: %7B%22c_big%22%3A0%2C%22rg%22%3A0%2C%22memph%22%3A0%2C%22contrast_setting%22%3A0%2C%22colorshift_setting%22%3A0%2C%22text_size_setting%22%3A0%2C%22space_setting%22%3A0%2C%22font_setting%22%3A0%2C%22k%22%3A0%2C%22k_disable_default%22%3A0%2C%22hlt%22%3A0%2C%22disable_animations%22%3A0%2C%22display_alt_desc%22%3A0%7D
www.naturalfacedr.com/ Name: aeatstartmessage
Value: true
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: rl_campaign
Value: {"campaign":{"scid":"","cid":"","tc":"","rl_key":"","kw":"","pub_cr_id":"","isPaidCampaign":false,"tid":"","uid":"","ohid":"","id_creative_resource":"","utm_data":"","ecid":"","marketing_policy":false},"urls":["https://www.naturalfacedr.com/"]}
.naturalfacedr.com/ Name: _gcl_au
Value: 1.1.57660696.1734522381
www.naturalfacedr.com/ Name: rl_visitor_history
Value: 5599e396-e519-426b-83a8-2dd84b8fe161
www.naturalfacedr.com/ Name: sifi_user_id
Value: 923E94501E534F82B296E2341C541482
.simpli.fi/ Name: suid
Value: E2176E280970405FADA57BD5208BE231
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: bot_type
Value:
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: history_campaign
Value: {"scid":"","cid":"","tc":"","rl_key":"","kw":"","pub_cr_id":"","isPaidCampaign":false,"tid":"","uid":"","ohid":"","id_creative_resource":"","utm_data":"","ecid":""}
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: history_referrer_type
Value: DIRECT
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: last_activity_at
Value: 1734522381769
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: visitor_id
Value: 5599e396-e519-426b-83a8-2dd84b8fe161
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: sifi_user_id
Value: 923E94501E534F82B296E2341C541482
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com/ Name: visit_id
Value: aef301db-1d1c-4495-8011-6b4cc3a2ca06
.simpli.fi/ Name: uid_syncd_secure
Value: true
.doubleclick.net/ Name: IDE
Value: AHWqTUmCswIS85Q3wkMIoGFWHUYKZ9waS2wvHq4ra-Rtc8A0Rd5V5cWUOEAvOMcP
.intentiq.com/ Name: intentIQ
Value: 41g4tBQ76j
.intentiq.com/ Name: IQver
Value: 1.9
.intentiq.com/ Name: CSDT
Value: UEQ6MTAwNDNfMCZVWEo5OUw3
.intentiq.com/ Name: IQPData
Value: 2586775850#1734522382214#0#1734522382214
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: intentIQCDate
Value: 1734522382215
.exelator.com/ Name: EE
Value: "ab3811589527ac993208b586fdfa087c"
.rubiconproject.com/ Name: audit_p
Value: 1|4Y6rObCvvMDcsusCF4nGT9HGwCH0b4K7Dd0tiMneOlm6DKtRtV0ye+XPjJNrW/S2qRUWOK4oq0qM1KxoLazIt04KBbjzRD/Y5dDZuxGLGk/y5sviGfWUcR9jepg+UuhcmAsbrlK8iRSVgWu0jTUcRl0evKltLJvxSpxNqhhzGypRm99a3bMoP35/bkYCLFZe
.rubiconproject.com/ Name: khaos
Value: M4TTUBR5-D-2U3O
.rubiconproject.com/ Name: khaos_p
Value: M4TTUBR5-D-2U3O
.rubiconproject.com/ Name: audit
Value: 1|4Y6rObCvvMDcsusCF4nGT9HGwCH0b4K7Dd0tiMneOlm6DKtRtV0ye+XPjJNrW/S2qRUWOK4oq0qM1KxoLazIt04KBbjzRD/Y5dDZuxGLGk/y5sviGfWUcR9jepg+UuhcmAsbrlK8iRSVgWu0jTUcRl0evKltLJvxSpxNqhhzGypRm99a3bMoP35/bkYCLFZe
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQSExydjC0NDUwtLUyDwx2dLS2MjAIsnUwiwtJS3RwMI8eXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDYcEl%252BUWb6ImfHxUUpaQyLSopPBZ98cwYAggMqvQ%253D%253D"
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.naturalfacedr.com/ Name: _uetsid
Value: b444e080bd3511ef9a0815e415804d48
.naturalfacedr.com/ Name: _uetvid
Value: b4458580bd3511ef95e5173b98195dbb
.bing.com/ Name: MUID
Value: 0445C44AF87B683D0B1AD113F9D169CA
.bat.bing.com/ Name: MR
Value: 0
.3lift.com/ Name: tluidp
Value: 4540932135884115401527
.3lift.com/ Name: tluid
Value: 4540932135884115401527
.bfmio.com/ Name: __141_cid
Value: E2176E280970405FADA57BD5208BE231
.bfmio.com/ Name: __io_cid
Value: 51f2cc1d38b8742c251970894179767af3765c98
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-00dca97c-382b-4406-b72c-3fab36206f43-005%22%7D
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-00dca97c-382b-4406-b72c-3fab36206f43-005%22%7D
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.tapad.com/ Name: TapAd_TS
Value: 1734522385227
.tapad.com/ Name: TapAd_DID
Value: bf19336b-5440-450b-a033-76c2f91a0a93
.pro-market.net/ Name: anHistory
Value: "-kjmyhd73y379+2+!#7')%z!e<("
.analytics.yahoo.com/ Name: IDSYNC
Value: 176k~2mgb
.yahoo.com/ Name: A3
Value: d=AQABBBK2YmcCEMTJOBa1-bTMH4Xx8YhpIcMFEgEBAQEHZGdsZyXaxyMA_eMAAA&S=AQAAAhivKD6RN_qZiZ0QK0TLcGE
.pro-market.net/ Name: anProfile
Value: "-kjmyhd73y379+1+1j=3k:1+rs=s+rt=9A2F112A+s2=(soou1d)+vm=24-E2176E280970405FADA57BD5208BE231:81-y-OCL8fF9E2pRF4tVHr_A_NmQG5EijM4wsdsQ-%7EA"
.ads.stickyadstv.com/ Name: UID
Value: 58d285669a6f813e8a33938ca5d42045
.ads.stickyadstv.com/ Name: uid-bp-26865
Value: E2176E280970405FADA57BD5208BE231
.openx.net/ Name: i
Value: 157c401d-182c-42c0-9466-a7945a883e91|1734522397
.lijit.com/ Name: ljt_reader
Value: J2hiAQZH5u7w6Zj1QXSfHnAo
.rlcdn.com/ Name: rlas3
Value: YjL/zMVuGkFT88um3nXNVuBDvMvevXfb6VDdpSQjQsQ=
.adnxs.com/ Name: XANDR_PANID
Value: It_SyU9BxNbSyQqWlLi0OnX53idRPZPlCHriwP8lTdToVp8jqAPlYiCxYJ1BAvu1zyTwlycTQ9QSHHFVU27HGwK0_CdX286eMFrlb4HKogc.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 6316915524878595453
.agkn.com/ Name: ab
Value: 0001%3AS2P0RFsRyJSJvJ4CoKTSAviypnV64q5C
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:E2176E280970405FADA57BD5208BE231&KRTB&23486-uid:E2176E280970405FADA57BD5208BE231&KRTB&23489-uid:E2176E280970405FADA57BD5208BE231&KRTB&23539-uid:E2176E280970405FADA57BD5208BE231
.pubmatic.com/ Name: PugT
Value: 1734520713
.smaato.net/ Name: SCM
Value: e010544c85
.smaato.net/ Name: SCMtapad
Value: e010544c85
.smaato.net/ Name: SCM1001136
Value: e010544c85
.adnxs.com/ Name: anj
Value: dTM7k!M4.FE:2jUF']wIg2GVRerjtm!]tbPl1N!7On*M$=BX3#i.qovfQTfDlvcpHjFUG`iJCxseVQzIdXGCPkQKzHW%*Ve(j#iP(Md+>)fy*JD5/cE
.rlcdn.com/ Name: pxrc
Value: CJ3sirsGEgUI6AcQABIFCOhHEAA=
.lijit.com/ Name: _ljtrtb_2
Value: E2176E280970405FADA57BD5208BE231
.adsrvr.org/ Name: TDID
Value: 639eedf8-6484-4c4a-9468-4df7a5c894f0
.adsrvr.org/ Name: TDCPM
Value: CAESFAoFdGFwYWQSCwjg3fCe9djPPRAFGAUgASgCMgsIqN60y4vZzz0QBTgB
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!8483
.agkn.com/ Name: u
Value: C|0AAAAAAAALvVyngAAAAAA
.pippio.com/ Name: did
Value: HmiEnRHtK_hjwj5w
.pippio.com/ Name: didts
Value: 1734522398
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CAA=

3 Console Messages

Source Level URL
Text
javascript error URL: https://www.naturalfacedr.com/
Message:
Access to font at 'https://sa1s3.patientpop.com/assets/docs/351330.ttf' from origin 'https://www.naturalfacedr.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://sa1s3.patientpop.com/assets/docs/351330.ttf
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://stags.bluekai.com/site/29931?id=E2176E280970405FADA57BD5208BE231
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
ads.stickyadstv.com
analytics.audioeye.com
bat.bing.com
bcp.crwdcntrl.net
capture-api.reachlocalservices.com
capturelogger-prod-usa.localiq.com
cdn-prd.patientpop.com
cdn.rlets.com
ce.lijit.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
cosmeticeyesnyc.com
d.agkn.com
e99497ae-c56f-4f0a-8dcb-69ea5a607905.rlets.com
eb2.3lift.com
fault.rlets.com
fei.pro-market.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
loadm.exelator.com
match.adsrvr.org
pbid.pro-market.net
pippio.com
pixel.rubiconproject.com
pixel.tapad.com
s.ad.smaato.net
sa1s3.patientpop.com
sa1s3optim.patientpop.com
simplifi.partners.tremorhub.com
stags.bluekai.com
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
sync.targeting.unrulymedia.com
tag.simpli.fi
td.doubleclick.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
widgets.patientpop.com
wsmcdn.audioeye.com
wsv3cdn.audioeye.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.naturalfacedr.com
sa1s3.patientpop.com
stags.bluekai.com
104.18.28.155
104.18.29.155
107.178.240.89
107.178.254.65
108.139.29.103
13.226.94.14
13.33.252.20
142.250.176.195
142.250.65.162
142.250.80.3
142.250.80.46
142.250.80.66
142.250.80.74
142.251.40.104
142.251.41.2
142.251.41.4
15.197.225.128
150.171.27.10
172.217.165.130
18.164.96.80
18.173.219.5
18.238.49.101
3.168.102.112
3.168.122.12
3.168.122.52
3.168.73.113
34.111.113.62
34.150.170.96
34.168.224.78
34.204.56.94
34.215.81.112
34.229.3.43
34.239.33.178
34.86.110.8
34.98.64.218
35.173.105.65
35.244.154.8
35.71.131.137
52.201.85.232
52.223.22.214
52.54.3.156
54.70.182.28
63.251.28.230
68.67.179.87
69.147.92.11
69.173.151.100
69.194.240.13
8.28.7.83
0296688d2b8e7c91a8fe2b0bcd7a1b786cca29fcf81fb42324e58c20a723f43e
0ca7b24eed0f4a2b07471901a20b6e8825c6aa4242574a647563a8cdec38b08c
1406404f501f16c667dab4f5da00b3c8180468d4096bc0de584408db0cf10c9d
21ce02759d64e769ea019147538ea0e16ed158b5227892e712d0aa170094bdd2
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
253ced5338559e1e82f4265160257149f1b5ef70f192fd5e8b9ee852e3e84eff
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
359741ab3cbf794f3a82cc1c180f503e07d07d0de3390d9c579d7c6563a9672c
3c7719e1df0498984ff2c45f950b216687d87747feb8f5496c41e69ad13f0738
3e5ee6cd7980711fc17f0b0bac85a37de0d7da21c8a930f6c54678dceb3224a0
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
419b122d1fc31faf86013e6bb331b18a1bea78e860b7b78a595c364fa23c3842
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44339852d3638346c691143ce83c8a920132d365e4965f5cd5406f15aeaf5dc8
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c9d6303ec5cc3cda7b4c4aa265a1371ca05197de74fa3ae1a23c5315d024e99
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5303f73ee46cc9e63f025425eecbf1ef107b63596e1c2fbff43ee6f630915fd4
5a071ee43e39ca251a83e29b3471008abe3b89a4681fd248ae1a4bce5201ecea
5fa3b12a529d70c8034b73c2260c768cf31a0608762f55e94cca133cc2a67f35
68ca69cc71631712541e0fd6ecc8e52921ac4e84f6d2477c3ee6f41ef52eec6e
68ff4707a08cd2b00384783f26e3ce2559fc65adc1fa5e0c348484092831709d
6aea627104aee00f7759a73fdf71add52a713b5f11af2eddb7f116643068ad9a
6b2dccc13a3660fa942b1856c554bfead229af482ad2353b9f434f07b44a5598
6b2e740cd29afe711f1048feedc00c524a0fa1aea25fbf70db41d784646273d0
6c62bac3d206a6fb50c5fed33758bd51e584c91ab6d2d301fc806e2d29e56b20
78b8e92a560933a581b06e591e2a52e6f74758a88f1bbd3d7252b37ab8bdcd47
7aecdaf24f2de7bc762cc5f2d74e29dd8a3b7cc42f7ae77b80abdf7f1904d34d
80b2b66c15e12e819f1ddd5edc105cff199c756544f6aaee4736e156aaaa22c0
828cdeb72d68aa58f1258d49b04cf5a68455b3a9a0df9590c93c4082f5acd286
853999ba5b54311dc17a2a754e0f0203b326d1d44532acd744045ff9f75c05ad
86eb5a07f01af8a0f647f3d00da6259c6f0460c2ba1c6683a670069f4238f103
880c5f402b5eec862a17e422808192a0ca9b4d2d906fe43723f062629655a838
919a29f8e0ed37e876361198d922f29289c571664c80ccd430d38c0cf9debf03
94b6f884f426d8509b7e2d59f91cddf54c6629ff0dde661d5e448f8634992724
9a0d5f0148bb12e5409de2f4c69251292c2c723781b944e26669cd20012a5ad2
9e1bca0b8933be7544e52e3b1ac2ec42ae203300aaaab2341e4b68ea997b8f85
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1cb81c9f07f1f399db66ec188c02a1c74bc382df9a8550ab8091aac93dff8a2
a7c8d56fd17d207da62a067d2006a050693718ec5fb768c17cc7afc38ddbe1b5
a818021f08b5e887916c2f865ba477c7a83fd7f8cf719f5a9cda9669c8e7ccfd
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b30317cb3e98f85cd66864aad0f47d81c8a592a3adbcd7febd6c7d26a07d48a2
b8451294e061c446e371b3bc0ea8afc7f1da78936f6d8845d1c579c9c366a2f8
b8c23f1e187cfecf1f6c20f2da3525c5978e8075494254abb576f53d376b0704
b9cdd322e6832594a26813a0068e156ade500086257a2809bad22e9065824fa1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd58514bd6a84dc726da96beb4e7a87b310bcbfeeb509117b4f3963d78eb4cb2
c8cbc0c8f1f014e1fb9e45de5d97316b0574dbb7270d033988cb12e565c016de
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9d4a8affec2755faeb4adc9c40ee3173e53b84cfc2b456eb8bcf781c711a502
ca4950fdbf5306923f89dac8eba285dd386538cd71f5935a416797b350e8a3f0
ca62e45ca921a169ec06906961d16b8112724af7bcb83485774615e9e15afa75
caa6ad4fa5441ecc608a5ec060f1c11d0b589b31b4ef67f57e99020a5fdc7d1f
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cbec0e687b997eaffb0c782c9ef9d3025e0d4c1ba6f06da4566b6ab1ee69236a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf62dd6c5566a94cdab6c86b4559bd31de00d2769326459801d6710f0242631c
d08ca522e8eb6a6a776784fe81d91d8aec8e7a2ba7fd76c6309f30a900105c35
d30232224150c5b0e211a076219e723daac45ef8532ecf116b166fd8bd59a38c
d3ba441ee2978e4d43fb1b68cc0e33ee48056b48a297a0fc56905995093c5cd0
d6f11bd9653217703a42709f86a98e143c4a003771119e59256063df3654808c
dab748e20c11ac3ba319dc87e3aea53569e90293f606c2a80b87fb915ab5bb06
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd6837e46edaa9cf5aaf1eeeed187f8a4eb75e9521b52401f2cf2fc7db31778e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9bae6de4041d145964f88e0c218c5ca2d6d2a15038c9c493d96072d12320927
eb583d39de0134c5783f96f6c4ce8a39f6f2c10e5af2b75f37ab2f5236cc813c
ed0c69624c017347d2be6eba166a4ac7d44b3da24a2f404a381fc1d8ecf99409
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1a63223d4cf9004087f93c6c04f6bbce2d2c982ab4a8e6d055c1ac735eef536
f98dd3decaf4cddcf127e8821fdb951056ce72ce28ca79b2ee704dbd5043dd6d