urlscan.io logo urlscan.io
SecurityTrails logo

helenair.com Open in urlscan Pro
192.104.182.209  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click1.email.lee.net/aldrbdpptpvnlmhbnykddnltwlngwrltlbszmspykstmpdy_ottkltmqwwdtlzqqmfwqw.html?a=helenair.com
Effective URL: https://helenair.com/
Submission: On August 26 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 96 IPs in 11 countries across 85 domains to perform 346 HTTP transactions. The main IP is 192.104.182.209, located in United States and belongs to LEE-ASN, US. The main domain is helenair.com.
TLS certificate: Issued by ZeroSSL ECC Domain Secure Site CA on July 7th 2021. Valid for: 3 months.
This is the only time helenair.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 74.214.203.11 14618 (AMAZON-AES)
9 192.104.182.209 10668 (LEE-ASN)
38 104.18.131.43 13335 (CLOUDFLAR...)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.224.96.5 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
23 142.250.186.98 15169 (GOOGLE)
7 13.224.90.44 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
13 13.225.87.51 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 9 54.194.226.253 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2600:9000:20e... 16509 (AMAZON-02)
1 2 107.178.250.234 15169 (GOOGLE)
1 3 13.224.96.7 16509 (AMAZON-02)
1 2600:9000:20e... 16509 (AMAZON-02)
1 2 34.254.108.170 16509 (AMAZON-02)
1 13.224.94.202 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 14 52.95.116.38 16509 (AMAZON-02)
2 13 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 5 2a00:1450:400... 15169 (GOOGLE)
2 104.16.88.26 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 34.102.205.239 15169 (GOOGLE)
1 2600:9000:219... 16509 (AMAZON-02)
2 52.22.56.164 14618 (AMAZON-AES)
1 1 2600:1f18:730... 14618 (AMAZON-AES)
1 52.2.140.242 14618 (AMAZON-AES)
1 67.202.110.33 32748 (STEADFAST)
3 2a03:2880:f12... 32934 (FACEBOOK)
2 208.100.17.184 32748 (STEADFAST)
2 104.16.39.14 13335 (CLOUDFLAR...)
2 18.195.155.181 16509 (AMAZON-02)
19 54.194.104.251 16509 (AMAZON-02)
2 8 2.18.234.21 16625 (AKAMAI-AS)
3 2.18.233.180 16625 (AKAMAI-AS)
1 5 23.37.42.132 16625 (AKAMAI-AS)
3 3 18.156.0.31 16509 (AMAZON-02)
2 6 35.244.159.8 15169 (GOOGLE)
5 8 185.33.220.243 29990 (ASN-APPNEX)
2 2 185.86.138.119 201081 (SMARTADSE...)
1 2 216.52.2.39 30282 (AS-INAPCD...)
2 2 13.248.245.213 16509 (AMAZON-02)
2 2600:9000:20e... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
3 3 172.217.18.98 15169 (GOOGLE)
1 2 209.54.178.82 16509 (AMAZON-02)
6 9 142.250.185.162 15169 (GOOGLE)
6 9 13.248.242.197 16509 (AMAZON-02)
1 1 54.205.198.81 14618 (AMAZON-AES)
2 2 18.158.226.176 16509 (AMAZON-02)
1 1 34.197.167.170 14618 (AMAZON-AES)
1 2.18.232.130 16625 (AKAMAI-AS)
2 67.202.110.23 32748 (STEADFAST)
2 52.18.224.238 16509 (AMAZON-02)
5 2600:9000:20e... 16509 (AMAZON-02)
1 2.16.186.209 20940 (AKAMAI-ASN1)
1 185.64.190.78 62713 (AS-PUBMATIC)
2 2 2620:116:800d... 16509 (AMAZON-02)
3 4 37.157.6.252 198622 (ADFORM)
2 2 185.33.221.11 29990 (ASN-APPNEX)
10 10 3.66.103.148 16509 (AMAZON-02)
2 2 52.17.151.21 16509 (AMAZON-02)
1 1 54.209.16.83 14618 (AMAZON-AES)
2 2 70.42.32.63 13789 (INTERNAP-...)
3 3 213.19.147.45 26120 (RHYTHMONE)
1 1 198.148.27.140 19189 (PULSEPOINT)
1 2 2a00:1288:110... 34010 (YAHOO-IRD)
1 1 52.203.60.58 14618 (AMAZON-AES)
1 193.122.174.27 31898 (ORACLE-BM...)
1 169.197.150.8 398989 (DEEPINTENT)
2 2 35.156.217.79 16509 (AMAZON-02)
4 4 185.29.134.248 30419 (MEDIAMATH...)
5 6 151.101.14.49 54113 (FASTLY)
1 208.100.17.175 32748 (STEADFAST)
1 1 202.241.208.56 4694 (IDCF IDC ...)
2 2 193.0.160.128 54312 (ROCKETFUEL)
2 2 185.184.8.65 204995 (RTB-HOUSE...)
4 9 72.251.249.9 29791 (VOXEL-DOT...)
4 11 69.173.144.139 26667 (RUBICONPR...)
4 4 52.30.92.119 16509 (AMAZON-02)
1 1 3.217.216.1 14618 (AMAZON-AES)
1 2 46.51.180.149 16509 (AMAZON-02)
2 2 213.155.156.167 1299 (TELIANET ...)
14 185.64.190.80 62713 (AS-PUBMATIC)
1 178.250.2.151 44788 (ASN-CRITE...)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
1 162.55.6.210 24940 (HETZNER-AS)
2 185.64.189.114 62713 (AS-PUBMATIC)
1 1 51.222.80.231 16276 (OVH)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2 54.171.74.241 16509 (AMAZON-02)
1 1 2001:678:cb4:... 56396 (TURN)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 159.65.197.210 14061 (DIGITALOC...)
4 4 66.155.71.149 13768 (COGECO-PEER1)
1 159.253.128.183 36351 (SOFTLAYER)
2 35.244.174.68 15169 (GOOGLE)
1 185.64.190.81 62713 (AS-PUBMATIC)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 52.208.138.90 16509 (AMAZON-02)
1 104.111.215.191 16625 (AKAMAI-AS)
1 52.72.74.246 14618 (AMAZON-AES)
346 96
1    74.214.203.11 (United States)

ASN14618 (AMAZON-AES, US)
click1.email.lee.net
9    192.104.182.209 (United States)

ASN10668 (LEE-ASN, US)
PTR: cms.chicago2.vip.townnews.com
helenair.com
38    104.18.131.43 (United States)

ASN13335 (CLOUDFLARENET, US)
bloximages.chicago2.vip.townnews.com
7    2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    13.224.96.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-5.zrh50.r.cloudfront.net
tags.crwdcntrl.net
4    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
fonts.gstatic.com
1    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
contributor.google.com
analytics.google.com
12    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
23    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
securepubads.g.doubleclick.net
7    13.224.90.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-90-44.zrh50.r.cloudfront.net
c.amazon-adsystem.com
3    2a00:1450:4001:80e::2011 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
survey.g.doubleclick.net
2    2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
13    13.225.87.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-51.fra2.r.cloudfront.net
tagan.adlightning.com
3    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
7    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
pagead2.googlesyndication.com
4    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ampcid.google.com
1    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ampcid.google.de
2    2a00:1450:400c:c0a::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.ch
2    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com
9    54.194.226.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
ad.crwdcntrl.net
bcp.crwdcntrl.net
sync.crwdcntrl.net
1    2a00:1450:4001:802::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
storage.googleapis.com
2    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2600:9000:20eb:5600:2:36a1:2f40:21 (United States)

ASN16509 (AMAZON-02, US)
d81mfvml8p5ml.cloudfront.net
2    107.178.250.234 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 234.250.178.107.bc.googleusercontent.com
js.matheranalytics.com
3    13.224.96.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-7.zrh50.r.cloudfront.net
sb.scorecardresearch.com
1    2600:9000:20eb:3e00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)
b-code.liadm.com
2    34.254.108.170 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-108-170.eu-west-1.compute.amazonaws.com
insight.adsrvr.org
1    13.224.94.202 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-202.zrh50.r.cloudfront.net
d1eoo1tco6rr5e.cloudfront.net
4    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
14    52.95.116.38 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
13    2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
5    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    104.16.88.26 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.tynt.com
sc.tynt.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    34.102.205.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.205.102.34.bc.googleusercontent.com
a.leetemplates.com
1    2600:9000:2190:6000:7:5031:dc0:21 (United States)

ASN16509 (AMAZON-02, US)
dn1i8v75r669j.cloudfront.net
2    52.22.56.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-56-164.compute-1.amazonaws.com
www.i.matheranalytics.com
1    2600:1f18:730:b120:5b38:df27:617f:9396 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rp.liadm.com
1    52.2.140.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-140-242.compute-1.amazonaws.com
rp4.liadm.com
1    67.202.110.33 (Crown Point, United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-110.static.steadfastdns.net
ic.tynt.com
3    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    208.100.17.184 (United States)

ASN32748 (STEADFAST, US)
PTR: ip184.208-100-17.static.steadfastdns.net
de.tynt.com
2    104.16.39.14 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-sic.33across.com
2    18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
19    54.194.104.251 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
rtb.gumgum.com
8    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
3    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
5    23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
secure-assets.rubiconproject.com
3    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
6    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
u.openx.net
us-u.openx.net
eu-u.openx.net
8    185.33.220.243 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
2    185.86.138.119 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
2    216.52.2.39 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
2    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    2600:9000:20eb:fa00:e:98bf:5f00:21 (United States)

ASN16509 (AMAZON-02, US)
dkpklk99llpj0.cloudfront.net
5    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
3    172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net
cm.g.doubleclick.net
2    209.54.178.82 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
9    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
cm.g.doubleclick.net
9    13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com
match.adsrvr.org
1    54.205.198.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-198-81.compute-1.amazonaws.com
sync.extend.tv
2    18.158.226.176 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
pm.w55c.net
1    34.197.167.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-167-170.compute-1.amazonaws.com
nep.advangelists.com
1    2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com
acdn.adnxs.com
2    67.202.110.23 (Crown Point, United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-110.static.steadfastdns.net
sic.33across.com
ssc.33across.com
2    52.18.224.238 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-224-238.eu-west-1.compute.amazonaws.com
am.freshrelevance.com
5    2600:9000:20eb:8200:16:f02f:46c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
c8.dycdn.net
1    2.16.186.209 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-209.deploy.static.akamaitechnologies.com
sli.helenair.com
1    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
4    37.157.6.252 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net
c1.adform.net
2    185.33.221.11 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
10    3.66.103.148 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-103-148.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    52.17.151.21 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
ads.avct.cloud
1    54.209.16.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
sync.srv.stackadapt.com
2    70.42.32.63 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
sync.outbrain.com
3    213.19.147.45 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
2    2a00:1288:110:c305::8000 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
pr-bh.ybp.yahoo.com
1    52.203.60.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
sync.ipredictive.com
1    193.122.174.27 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
2    35.156.217.79 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
ad.360yield.com
4    185.29.134.248 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
6    151.101.14.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    208.100.17.175 (United States)

ASN32748 (STEADFAST, US)
PTR: ip175.208-100-17.static.steadfastdns.net
ssc-cms.33across.com
1    202.241.208.56 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
tg.socdm.com
2    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
2    185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
creativecdn.com
9    72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ce.lijit.com
11    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel-eu.rubiconproject.com
token.rubiconproject.com
pixel.rubiconproject.com
4    52.30.92.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-92-119.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
1    3.217.216.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-216-1.compute-1.amazonaws.com
jadserve.postrelease.com
2    46.51.180.149 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-46-51-180-149.eu-west-1.compute.amazonaws.com
map.go.affec.tv
2    213.155.156.167 (Uppsala, Sweden)

ASN1299 (TELIANET Telia Carrier, SE)
d5p.de17a.com
14    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
simage2.pubmatic.com
1    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    85.114.159.93 (Schopfheim, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
dsp.adfarm1.adition.com
1    162.55.6.210 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.210.6.55.162.clients.your-server.de
csync.loopme.me
2    185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
1    51.222.80.231 (Canada)

ASN16276 (OVH, FR)
pixel.onaudience.com
2    2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
2    54.171.74.241 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
r.scoota.co
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (TURN, GB)
ad.turn.com
1    2a02:fa8:8806:12::1370 (United States)

ASN41041 (VCLK-EU-SE, US)
pubmatic-match.dotomi.com
1    159.65.197.210 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
4    66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
1    159.253.128.183 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com
um.simpli.fi
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
1    185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
1    2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com
5    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
2    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    52.208.138.90 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-138-90.eu-west-1.compute.amazonaws.com
ml314.com
1    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    52.72.74.246 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-74-246.compute-1.amazonaws.com
thrtle.com
Apex Domain
Subdomains		 Transfer
43 doubleclick.net
securepubads.g.doubleclick.net
survey.g.doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
744 KB
38 townnews.com
bloximages.chicago2.vip.townnews.com
604 KB
28 googlesyndication.com
8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com
992 KB
23 amazon-adsystem.com
c.amazon-adsystem.com
aax-eu.amazon-adsystem.com
s.amazon-adsystem.com
83 KB
23 google.com
contributor.google.com
fundingchoicesmessages.google.com
ampcid.google.com
adservice.google.com
www.google.com
analytics.google.com
136 KB
21 pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
image2.pubmatic.com
simage2.pubmatic.com
image4.pubmatic.com
simage4.pubmatic.com
34 KB
19 gumgum.com
rtb.gumgum.com
6 KB
16 rubiconproject.com
eus.rubiconproject.com
secure-assets.rubiconproject.com
pixel-eu.rubiconproject.com
token.rubiconproject.com
pixel.rubiconproject.com
28 KB
13 adlightning.com
tagan.adlightning.com
311 KB
11 lijit.com
ap.lijit.com
ce.lijit.com
7 KB
11 adnxs.com
ib.adnxs.com
acdn.adnxs.com
secure.adnxs.com
40 KB
11 adsrvr.org
insight.adsrvr.org
match.adsrvr.org
4 KB
10 bidswitch.net
x.bidswitch.net
4 KB
10 crwdcntrl.net
tags.crwdcntrl.net
ad.crwdcntrl.net
bcp.crwdcntrl.net
sync.crwdcntrl.net
17 KB
10 helenair.com
helenair.com
sli.helenair.com
78 KB
8 casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
9 KB
7 google-analytics.com
www.google-analytics.com
62 KB
7 cookielaw.org
cdn.cookielaw.org
116 KB
6 everesttech.net
sync-tm.everesttech.net
2 KB
6 openx.net
u.openx.net
us-u.openx.net
eu-u.openx.net
2 KB
5 ampproject.org
cdn.ampproject.org
102 KB
5 dycdn.net
c8.dycdn.net
2 KB
5 yahoo.com
ups.analytics.yahoo.com
pr-bh.ybp.yahoo.com
3 KB
5 33across.com
cdn-sic.33across.com
sic.33across.com
ssc-cms.33across.com
ssc.33across.com
114 KB
5 tynt.com
cdn.tynt.com
sc.tynt.com
ic.tynt.com
de.tynt.com
8 KB
5 googletagservices.com
www.googletagservices.com
187 KB
5 cloudfront.net
d81mfvml8p5ml.cloudfront.net
d1eoo1tco6rr5e.cloudfront.net
dn1i8v75r669j.cloudfront.net
dkpklk99llpj0.cloudfront.net
22 KB
5 googletagmanager.com
www.googletagmanager.com
284 KB
4 sitescout.com
pixel-sync.sitescout.com
2 KB
4 bidr.io
match.prod.bidr.io
2 KB
4 mathtag.com
sync.mathtag.com
2 KB
4 adform.net
c1.adform.net
2 KB
4 matheranalytics.com
js.matheranalytics.com
www.i.matheranalytics.com
43 KB
4 google.de
adservice.google.de
ampcid.google.de
www.google.de
448 B
4 gstatic.com
www.gstatic.com
fonts.gstatic.com
43 KB
3 facebook.com
www.facebook.com
211 B
3 liadm.com
b-code.liadm.com
rp.liadm.com
rp4.liadm.com
11 KB
3 scorecardresearch.com
sb.scorecardresearch.com
2 KB
3 googleapis.com
storage.googleapis.com
fonts.googleapis.com
28 KB
2 2mdn.net
s0.2mdn.net
938 KB
2 rlcdn.com
id.rlcdn.com
idsync.rlcdn.com
328 B
2 scoota.co
r.scoota.co
1 KB
2 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
903 B
2 de17a.com
d5p.de17a.com
637 B
2 affec.tv
map.go.affec.tv
2 KB
2 creativecdn.com
creativecdn.com
695 B
2 rfihub.com
p.rfihub.com
1 KB
2 360yield.com
ad.360yield.com
617 B
2 1rx.io
sync.1rx.io
1 KB
2 avct.cloud
ads.avct.cloud
892 B
2 quantserve.com
pixel.quantserve.com
940 B
2 freshrelevance.com
am.freshrelevance.com
5 KB
2 w55c.net
pm.w55c.net
2 KB
2 3lift.com
eb2.3lift.com
743 B
2 smartadserver.com
ssbsync.smartadserver.com
506 B
2 emxdgt.com
cs.emxdgt.com
59 B
2 leetemplates.com
a.leetemplates.com
335 B
2 facebook.net
connect.facebook.net
114 KB
2 google.ch
adservice.google.ch
330 B
2 onetrust.com
geolocation.onetrust.com
423 B
1 thrtle.com
thrtle.com
1 bluekai.com
tags.bluekai.com
304 B
1 ml314.com
ml314.com
422 B
1 simpli.fi
um.simpli.fi
611 B
1 bidtheatre.com
match.adsby.bidtheatre.com
550 B
1 dotomi.com
pubmatic-match.dotomi.com
104 B
1 turn.com
ad.turn.com
518 B
1 onaudience.com
pixel.onaudience.com
400 B
1 loopme.me
csync.loopme.me
152 B
1 adition.com
dsp.adfarm1.adition.com
501 B
1 criteo.com
dis.criteo.com
360 B
1 postrelease.com
jadserve.postrelease.com
544 B
1 socdm.com
tg.socdm.com
838 B
1 deepintent.com
match.deepintent.com
44 B
1 technoratimedia.com
sync.technoratimedia.com
294 B
1 ipredictive.com
sync.ipredictive.com
428 B
1 outbrain.com
sync.outbrain.com
627 B
1 contextweb.com
bh.contextweb.com
659 B
1 unrulymedia.com
sync.targeting.unrulymedia.com
469 B
1 zemanta.com
b1sync.zemanta.com
281 B
1 stackadapt.com
sync.srv.stackadapt.com
616 B
1 advangelists.com
nep.advangelists.com
232 B
1 extend.tv
sync.extend.tv
546 B
1 cloudflare.com
cdnjs.cloudflare.com
4 KB
1 lee.net
click1.email.lee.net
299 B
346 85
Domain Requested by
38 bloximages.chicago2.vip.townnews.com helenair.com
bloximages.chicago2.vip.townnews.com
23 securepubads.g.doubleclick.net helenair.com
securepubads.g.doubleclick.net
www.googletagservices.com
cdn-sic.33across.com
19 rtb.gumgum.com aax-eu.amazon-adsystem.com
rtb.gumgum.com
15 tpc.googlesyndication.com 2 redirects tagan.adlightning.com
helenair.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
14 aax-eu.amazon-adsystem.com 1 redirects tagan.adlightning.com
aax-eu.amazon-adsystem.com
ssum-sec.casalemedia.com
u.openx.net
rtb.gumgum.com
ap.lijit.com
ads.pubmatic.com
13 tagan.adlightning.com helenair.com
tagan.adlightning.com
12 cm.g.doubleclick.net 9 redirects u.openx.net
rtb.gumgum.com
aax-eu.amazon-adsystem.com
12 fundingchoicesmessages.google.com helenair.com
tagan.adlightning.com
11 pagead2.googlesyndication.com tagan.adlightning.com
www.googletagservices.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
helenair.com
10 x.bidswitch.net 10 redirects
9 ce.lijit.com 4 redirects ap.lijit.com
9 match.adsrvr.org 6 redirects ssum-sec.casalemedia.com
u.openx.net
aax-eu.amazon-adsystem.com
9 helenair.com helenair.com
8 simage2.pubmatic.com ads.pubmatic.com
8 ib.adnxs.com 5 redirects acdn.adnxs.com
7 bcp.crwdcntrl.net 4 redirects ssum-sec.casalemedia.com
tagan.adlightning.com
bcp.crwdcntrl.net
7 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
helenair.com
7 c.amazon-adsystem.com helenair.com
c.amazon-adsystem.com
cdn-sic.33across.com
7 cdn.cookielaw.org helenair.com
cdn.cookielaw.org
6 image2.pubmatic.com ads.pubmatic.com
6 sync-tm.everesttech.net 5 redirects rtb.gumgum.com
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 token.rubiconproject.com 1 redirects aax-eu.amazon-adsystem.com
eus.rubiconproject.com
5 c8.dycdn.net dkpklk99llpj0.cloudfront.net
5 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
5 www.google.com 1 redirects tagan.adlightning.com
helenair.com
tpc.googlesyndication.com
5 www.googletagservices.com tagan.adlightning.com
5 www.googletagmanager.com helenair.com
www.googletagmanager.com
4 pixel.rubiconproject.com 1 redirects aax-eu.amazon-adsystem.com
4 pixel-sync.sitescout.com 4 redirects
4 match.prod.bidr.io 4 redirects
4 sync.mathtag.com 4 redirects
4 c1.adform.net 3 redirects ads.pubmatic.com
4 eus.rubiconproject.com aax-eu.amazon-adsystem.com
eus.rubiconproject.com
rtb.gumgum.com
3 us-u.openx.net 1 redirects u.openx.net
3 ups.analytics.yahoo.com 3 redirects
3 ads.pubmatic.com aax-eu.amazon-adsystem.com
rtb.gumgum.com
ads.pubmatic.com
3 ssum-sec.casalemedia.com 1 redirects aax-eu.amazon-adsystem.com
ssum-sec.casalemedia.com
3 www.facebook.com connect.facebook.net
helenair.com
3 sb.scorecardresearch.com 1 redirects helenair.com
3 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
3 survey.g.doubleclick.net helenair.com
survey.g.doubleclick.net
2 fonts.gstatic.com fonts.googleapis.com
2 googleads.g.doubleclick.net helenair.com
2 s0.2mdn.net helenair.com
2 fonts.googleapis.com securepubads.g.doubleclick.net
2 r.scoota.co 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 d5p.de17a.com 2 redirects
2 map.go.affec.tv 1 redirects helenair.com
2 pixel-eu.rubiconproject.com 2 redirects
2 creativecdn.com 2 redirects
2 p.rfihub.com 2 redirects
2 ad.360yield.com 2 redirects
2 pr-bh.ybp.yahoo.com 1 redirects ads.pubmatic.com
2 sync.1rx.io 2 redirects
2 ads.avct.cloud 2 redirects
2 secure.adnxs.com 2 redirects
2 pixel.quantserve.com 2 redirects
2 am.freshrelevance.com tagan.adlightning.com
dkpklk99llpj0.cloudfront.net
2 pm.w55c.net 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 dkpklk99llpj0.cloudfront.net d81mfvml8p5ml.cloudfront.net
2 eb2.3lift.com 2 redirects
2 ap.lijit.com 1 redirects aax-eu.amazon-adsystem.com
2 ssbsync.smartadserver.com 2 redirects
2 u.openx.net 1 redirects aax-eu.amazon-adsystem.com
2 cs.emxdgt.com aax-eu.amazon-adsystem.com
rtb.gumgum.com
2 cdn-sic.33across.com tagan.adlightning.com
2 de.tynt.com cdn.tynt.com
2 www.i.matheranalytics.com helenair.com
2 a.leetemplates.com storage.googleapis.com
2 www.google.de helenair.com
2 insight.adsrvr.org 1 redirects d1eoo1tco6rr5e.cloudfront.net
2 js.matheranalytics.com 1 redirects helenair.com
2 connect.facebook.net helenair.com
connect.facebook.net
2 adservice.google.com tagan.adlightning.com
securepubads.g.doubleclick.net
2 adservice.google.ch tagan.adlightning.com
securepubads.g.doubleclick.net
2 geolocation.onetrust.com cdn.cookielaw.org
2 contributor.google.com helenair.com
2 www.gstatic.com helenair.com
1 sync.crwdcntrl.net bcp.crwdcntrl.net
1 thrtle.com bcp.crwdcntrl.net
1 idsync.rlcdn.com bcp.crwdcntrl.net
1 tags.bluekai.com bcp.crwdcntrl.net
1 ml314.com bcp.crwdcntrl.net
1 e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 simage4.pubmatic.com ads.pubmatic.com
1 id.rlcdn.com aax-eu.amazon-adsystem.com
1 ssc.33across.com cdn-sic.33across.com
1 um.simpli.fi ads.pubmatic.com
1 match.adsby.bidtheatre.com 1 redirects
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 ad.turn.com 1 redirects
1 mwzeom.zeotap.com ads.pubmatic.com
1 spl.zeotap.com 1 redirects
1 pixel.onaudience.com 1 redirects
1 csync.loopme.me ads.pubmatic.com
1 dsp.adfarm1.adition.com 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 jadserve.postrelease.com 1 redirects
1 tg.socdm.com 1 redirects
1 ssc-cms.33across.com rtb.gumgum.com
1 secure-assets.rubiconproject.com 1 redirects
1 match.deepintent.com rtb.gumgum.com
1 sync.technoratimedia.com rtb.gumgum.com
1 sync.ipredictive.com 1 redirects
1 sync.outbrain.com 1 redirects
1 bh.contextweb.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 b1sync.zemanta.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 eu-u.openx.net u.openx.net
1 image6.pubmatic.com ads.pubmatic.com
1 sli.helenair.com helenair.com
1 sic.33across.com tagan.adlightning.com
1 acdn.adnxs.com cdn-sic.33across.com
1 nep.advangelists.com 1 redirects
1 sync.extend.tv 1 redirects
1 ic.tynt.com helenair.com
1 sc.tynt.com tagan.adlightning.com
1 rp4.liadm.com helenair.com
1 rp.liadm.com 1 redirects
1 dn1i8v75r669j.cloudfront.net d81mfvml8p5ml.cloudfront.net
1 analytics.google.com www.googletagmanager.com
1 cdnjs.cloudflare.com bloximages.chicago2.vip.townnews.com
1 cdn.tynt.com tagan.adlightning.com
1 d1eoo1tco6rr5e.cloudfront.net www.googletagmanager.com
1 b-code.liadm.com www.googletagmanager.com
1 d81mfvml8p5ml.cloudfront.net www.googletagmanager.com
1 storage.googleapis.com www.googletagmanager.com
1 ad.crwdcntrl.net tagan.adlightning.com
1 8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 ampcid.google.de www.google-analytics.com
1 ampcid.google.com www.google-analytics.com
1 adservice.google.de survey.g.doubleclick.net
1 tags.crwdcntrl.net helenair.com
1 click1.email.lee.net 1 redirects
346 138
Subject Issuer Validity Valid
helenair.com
ZeroSSL ECC Domain Secure Site CA		 2021-07-07 -
2021-10-05		 3 months crt.sh
bloximages.chicago2.vip.townnews.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-09 -
2022-04-09		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2021-06-01 -
2022-05-31		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2021-02-12 -
2022-02-11		 a year crt.sh
*.adlightning.com
Amazon		 2021-06-24 -
2022-07-23		 a year crt.sh
*.google.de
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
*.google.ch
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2021-07-26 -
2021-10-18		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-07-20 -
2021-10-18		 3 months crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
js.matheranalytics.com
Sectigo RSA Domain Validation Secure Server CA		 2021-03-19 -
2022-04-19		 a year crt.sh
*.scorecardresearch.com
Amazon		 2021-02-28 -
2022-03-29		 a year crt.sh
*.liadm.com
Amazon		 2021-03-02 -
2022-03-31		 a year crt.sh
aax-eu.amazon-adsystem.com
Amazon		 2021-04-09 -
2022-03-20		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2019-10-01 -
2021-09-30		 2 years crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
www.google.de
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
a.leetemplates.com
GTS CA 1D4		 2021-08-23 -
2021-11-21		 3 months crt.sh
www.i.matheranalytics.com
Sectigo RSA Domain Validation Secure Server CA		 2020-01-28 -
2022-01-27		 2 years crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2019-10-01 -
2021-09-30		 2 years crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2021-03-30 -
2022-04-04		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-04-01 -
2022-04-04		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2021-03-11 -
2022-04-12		 a year crt.sh
s.amazon-adsystem.com
Amazon		 2021-07-14 -
2022-06-27		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-03-11 -
2022-02-07		 a year crt.sh
*.freshrelevance.com
Amazon		 2021-06-16 -
2022-07-15		 a year crt.sh
*.dycdn.net
Amazon		 2021-04-11 -
2022-05-10		 a year crt.sh
sli.buffalo.com
R3		 2021-07-14 -
2021-10-12		 3 months crt.sh
*.technoratimedia.com
DigiCert SHA2 High Assurance Server CA		 2020-07-28 -
2021-10-01		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
affec.tv
Amazon		 2020-10-08 -
2021-11-07		 a year crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA		 2019-09-16 -
2021-09-20		 2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-06-27 -
2021-09-24		 3 months crt.sh
loopme.me
R3		 2021-07-11 -
2021-10-09		 3 months crt.sh
*.pbp.bf2.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-18 -
2021-11-17		 3 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.simpli.fi
DigiCert SHA2 Secure Server CA		 2019-09-18 -
2021-12-12		 2 years crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
misc-sni.google.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-07-26 -
2021-10-18		 3 months crt.sh
*.ml314.com
Amazon		 2021-01-17 -
2022-02-14		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2021-04-25 -
2022-04-26		 a year crt.sh
*.thrtle.com
Go Daddy Secure Certificate Authority - G2		 2021-03-22 -
2022-04-23		 a year crt.sh

This page contains 50 frames:

Primary Page: https://helenair.com/
Frame ID: B6E7355114C2A55983D333A688E33493
Requests: 160 HTTP requests in this frame

Frame: https://8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 210102350AA29149D2D8EFE49381839B
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Frame ID: E348EDCDB54BBF67C993B9C64A340409
Requests: 2 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Frame ID: CD6D23DAD1A9B5ABD6C0D3AFDEF2701C
Requests: 10 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Frame ID: 83480099CE6D291BB5AC383CFA579DFC
Requests: 5 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Frame ID: 1E5237C800B9EE1553523089D4CFA558
Requests: 6 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t
Frame ID: 1A3515F1A25781404BB209CB82D85851
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Frame ID: 59890593DBC1FE56F4DFE8BD5CD290D4
Requests: 10 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Frame ID: 7226CBDC4C53C27856AA7B3ED9FF0DE3
Requests: 9 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: 173D374E5999F8A7EA1DDF51E95DA92E
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Frame ID: D33AEA8C27DDBB2E0F5852564F221E81
Requests: 16 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: 43E17CA7B47965E100180D8168A84DCD
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Frame ID: 7E9F16F904F4C0D97B114FB38C064954
Requests: 21 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Frame ID: 1CFD0026835FE33EB3B24A090FF06DCE
Requests: 12 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=vmg.com&id=y-khG01d11l2PgOyeRG5907Km8wW28VrI-&
Frame ID: 73BEC25503649B4FD77A164D4D1BC87A
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: AAA85560673C23D0D463AE8127115B40
Requests: 7 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=districtm
Frame ID: AB33F52FD7D8956A11CE5E4F206B2AA4
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7504678566492325672&gdpr=1&gdpr_consent=
Frame ID: 803BE28A83306EC5C6E36BB9E0B9FEE2
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=appnexus.com
Frame ID: DA8A3560EE0A340213292B08CA84405D
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Frame ID: 326F0792A68D30E9F5405C0B0F0EFC7E
Requests: 7 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1496628670360972022
Frame ID: 8657488435FA6BA84027C61B6E4121C4
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ast/ast.js
Frame ID: AF85650F0862D05D69CA42299A794639
Requests: 4 HTTP requests in this frame

Frame: https://c.amazon-adsystem.com/aax2/apstag.js
Frame ID: 509913486973511F9D62E2E6CA864901
Requests: 2 HTTP requests in this frame

Frame: https://am.freshrelevance.com/tpc/
Frame ID: 8E36A740C68A68AEC9C6BB93E89DB4DF
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
Frame ID: 6E72263258F7821A41D45662C6532746
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=559a9994-f96e-4863-a231-6b63328e87eb&t=1632580314
Frame ID: 64EE43E64E5437119714E71381A2EBF9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 3FC1C10D8BDB630197D569306C738D4E
Requests: 4 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=cb516127-a5db-4400-a1b7-af54ad46b3e9&gdpr=&gdpr_consent=
Frame ID: E3AE1AC4D0485F295A2292EF05B39559
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YSel3gAEJLmr1QA4
Frame ID: DCE3EE90F63AB7D3C072E49C658E97F3
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9jM2Y0ZDQ4Ni05ZDEwLTQ3NTMtYjBlZS1jYWExNWUwYjVmMjg=&gdpr=&gdpr_consent=
Frame ID: 06611D34E4FF17DABBD157B0F945C48E
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: D08ADD4996E3B53A246FA3B637C09286
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: EB79A839DB8C9EBE71BB64C76AE2692B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YSel3sCo5tEAACuDEowAAAAA
Frame ID: 7E73746E8FC2D7367F7D80435C448D53
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=875739029348658870
Frame ID: 5299294B3E3713EEFDBD93A686FD501D
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=i0xcylF5upgdqC9Gutga&pi=gumgum&tc=1
Frame ID: 51FC8FB3ECAC0318F9E10295D29588B7
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=4998AC55-27EB-4D0E-B2B6-0ECE94430F02
Frame ID: B9C8EA5FD6E863D68EF5054FB41B093E
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6741320886335607183
Frame ID: 447C0E2703C6B0A4C2E8BC96C6531638
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 3E83EA249AD6AEFA29B56586E4B1F00A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7000746522974484632
Frame ID: C2ABE1F6460072EDA4505CC59F7E4523
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=
Frame ID: 2C75A122507E23B3C02D9F8A99C53099
Requests: 1 HTTP requests in this frame

Frame: https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
Frame ID: F95BE468380B7D0347881274AEC45D5A
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4998AC55-27EB-4D0E-B2B6-0ECE94430F02&ex=pubmatic.com
Frame ID: 13A22EB304DEFDA4D71764DEB8E89A58
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: D64B573A09D680B3EFC4FC9F54D50083
Requests: 8 HTTP requests in this frame

Frame: https://e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: FE2732AC8F8B39555F8AEF34F27E7680
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs
Frame ID: B635D9B6435193B1FD86E83B5C9EC6A5
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 21D93F841329018994FE58C9D5F5D6BB
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C514F16A84D88B6E4438985CFF7A9700
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Frame ID: 831F15F6D28E50C48EB7840C160CCB00
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: A9E6C0F10F7908280187BEE432583738
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BE652B6726DD9759C9ACF75A298BD06F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HelenaIR.com - Helena, Montana daily newsImage galleryImage galleryImage galleryImage galleryCollectionPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adBack ButtonSearch IconFilter IconArrow

Page URL History Show full URLs

  1. http://click1.email.lee.net/aldrbdpptpvnlmhbnykddnltwlngwrltlbszmspykstmpdy_ottkltmqwwdtlzqqmfwqw.html?a... HTTP 302
    https://helenair.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

346
Requests

100 %
HTTPS

35 %
IPv6

85
Domains

138
Subdomains

96
IPs

11
Countries

5164 kB
Transfer

10596 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://click1.email.lee.net/aldrbdpptpvnlmhbnykddnltwlngwrltlbszmspykstmpdy_ottkltmqwwdtlzqqmfwqw.html?a=helenair.com HTTP 302
    https://helenair.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87
  • https://js.matheranalytics.com/s/ma1527/725149323/lee/ml.js?cb=1572 HTTP 301
  • https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
Request Chain 90
  • https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe HTTP 303
  • https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Request Chain 110
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t
Request Chain 121
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCP9abGvQEQARgBMgih_GSU42q6nA HTTP 301
  • https://tpc.googlesyndication.com/simgad/9151868353653510961
Request Chain 122
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCP9abtJxABGAEyCHVZFgMEXZrd HTTP 301
  • https://tpc.googlesyndication.com/simgad/6437499816428550661
Request Chain 137
  • https://sb.scorecardresearch.com/b?c1=2&c2=10345586&ns__t=1629988312533&ns_c=UTF-8&cv=3.5&c8=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&c7=https%3A%2F%2Fhelenair.com%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1629988312533&ns_c=UTF-8&cv=3.5&c8=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&c7=https%3A%2F%2Fhelenair.com%2F&c9=
Request Chain 160
  • https://rp.liadm.com/j?tna=v2.0.1&aid=a-018v&wpn=lc-bundle&pu=https%3A%2F%2Fhelenair.com%2F&duid=ae0d61daaf1b--01fe1dznnaqx8m9mv80yd721vn&se=e30&dtstmp=1629988313530 HTTP 302
  • https://rp4.liadm.com/j?tna=v2.0.1&aid=a-018v&wpn=lc-bundle&pu=https%3A%2F%2Fhelenair.com%2F&duid=ae0d61daaf1b--01fe1dznnaqx8m9mv80yd721vn&se=e30&dtstmp=1629988313530&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true
Request Chain 185
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Request Chain 188
  • https://ups.analytics.yahoo.com/ups/58252/sync?redir=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58252/sync?redir=true&verify=true HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=vmg.com&id=y-khG01d11l2PgOyeRG5907Km8wW28VrI-&
Request Chain 189
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Request Chain 190
  • https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=districtm HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Ddistrictm HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=districtm
Request Chain 191
  • https://ssbsync.smartadserver.com/api/sync?callerId=2 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7504678566492325672&gdpr=1&gdpr_consent=
Request Chain 192
  • https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=appnexus.com
Request Chain 193
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com HTTP 302
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Request Chain 194
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1496628670360972022
Request Chain 199
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESELmOSYzAHIRsFiMobyYit0o&google_cver=1
Request Chain 200
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB&dcc=t
Request Chain 201
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YSel2hT0vvFEUfTkIZie4AAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFhGMC4g7U2sU-NPN8qfIqg&google_cver=1
Request Chain 203
  • https://sync.extend.tv/r.gif?exchange=index HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=3cc0dcd0-ed3a-4c60-9216-b143f248e3d3
Request Chain 204
  • https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YSel2hT0vvFEUfTkIZie4AAA%261135?gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YSel2hT0vvFEUfTkIZie4AAA%261135?gdpr_consent=&us_privacy=&gdpr=
Request Chain 205
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8BVGvvpI1Mjgq65
Request Chain 206
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f77db959-0952-4cea-b6c0-7955ef13ead4
Request Chain 223
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Bhp_vVEeKesdT3npCE5gvAgdKbodSn3sBhhJO5Sp
Request Chain 224
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3440908619926827973
Request Chain 227
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEl4DTiiVqTPwD-1hWFP00I&google_cver=1
Request Chain 228
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=6469976588687039299
Request Chain 229
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2 HTTP 307
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=fc1922e2-a634-498b-bfe5-dc5ce691b4bf&ssp=gumgum2 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=08135572-aa40-48fb-8726-21a0d5e9a7f5
Request Chain 230
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-251701a4-84d1-41b9-73e5-4bea35666456$ip$185.156.175.109
Request Chain 231
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&i=
Request Chain 232
  • https://sync.1rx.io/usersync2/floor6&gdpr=&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=303675170 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/559a9994-f96e-4863-a231-6b63328e87eb HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003
Request Chain 233
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=cCtRjrNbSPUx&ev=1&pid=558355
Request Chain 234
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28avLUhVG12D7j0x2_gdFv50_dFYusNkjxq9hOB6lazaW60xY9hyJd5UK9NwQ-Kva_%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28avLUhVG12D7j0x2_gdFv50_dFYusNkjxq9hOB6lazaW60xY9hyJd5UK9NwQ-Kva_%29
Request Chain 235
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=51629a84-a97f-04ba-13cb-66a3a9daf6b9
Request Chain 236
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-jMPg7NxE2pcCtEom0slZNOowuWWEnXFzJdYJ~A
Request Chain 237
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=5ce4fc80-067a-11ec-912e-c52e54b009cf
Request Chain 240
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=idi&i=320eeae3-0651-4b58-9f91-a08a68f43270
Request Chain 241
  • https://ssbsync.smartadserver.com/api/sync?callerId=15 HTTP 302
  • https://rtb.gumgum.com/usersync?b=sad&i=7504678566492325672&gdpr=1&gdpr_consent=
Request Chain 244
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=559a9994-f96e-4863-a231-6b63328e87eb&t=1632580314
Request Chain 245
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 246
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=cb516127-a5db-4400-a1b7-af54ad46b3e9&gdpr=&gdpr_consent=
Request Chain 247
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YSel3gAEJLmr1QA4
Request Chain 251
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YSel3sCo5tEAACuDEowAAAAA
Request Chain 252
  • https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=zet&i=875739029348658870
Request Chain 253
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=i0xcylF5upgdqC9Gutga&pi=gumgum&tc=1
Request Chain 255
  • https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=21eb0c06a12d935daa1e22e9/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=5001&3pid=84cc8719a3bb9ed4788bb63aca1b10ed&gdpr=0&gdpr_consent=
Request Chain 256
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=KST0YHZ1-28-M6HT&gdpr=0 HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=KST0YHZ1-28-M6HT&gdpr=0&dnr=1
Request Chain 257
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=fmx HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=1871597497736426398&expires=30&ssp=fmx HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1871597497736426398&expires=30&ssp=fmx HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=08135572-aa40-48fb-8726-21a0d5e9a7f5 HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=08135572-aa40-48fb-8726-21a0d5e9a7f5&dnr=1
Request Chain 258
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AACdkk7CT0wAAEch-lgGkw&gdpr=0 HTTP 302
  • https://ce.lijit.com/merge?pid=85&3pid=AACdkk7CT0wAAEch-lgGkw&gdpr=0&dnr=1
Request Chain 259
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=90&3pid=4a01d80c-a366-451a-9566-9ff040ebbaa8&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=90&3pid=4a01d80c-a366-451a-9566-9ff040ebbaa8&gdpr=0&gdpr_consent=&dnr=1
Request Chain 260
  • https://map.go.affec.tv/map/3a/?pid=CmUMLmEnpdmPg84HBNuIAg%3D%3D&us_privacy=&ts=1629988314628.1 HTTP 303
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D6127a5dcaf16e1000123a592%26chc%3Dtt%26floc%3D%26redirect_url%3D HTTP 302
  • https://map.go.affec.tv/map/an/6469976588687039299?ch=6127a5dcaf16e1000123a592&chc=tt&floc=&redirect_url=
Request Chain 264
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6741320886335607183
Request Chain 266
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7000746522974484632
Request Chain 267
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=
Request Chain 270
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SZisVSfrTQ6ytg7OlEMPAg%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 271
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=827e6127-a5db-4e00-8334-28c2837e24ba
Request Chain 272
  • https://pixel.onaudience.com/?partner=214&mapped=4998AC55-27EB-4D0E-B2B6-0ECE94430F02 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=e47ff3338586b23b HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169c81101f67&zcluid=e47ff3338586b23b&zdid=1332 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169c81101f67&zcluid=e47ff3338586b23b&zdid=1332&google_tc= HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEFN9MYbgJULDfQb5l0d5KyU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169c81101f67&zcluid=e47ff3338586b23b&zdid=1332
Request Chain 273
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3440908619926827973
Request Chain 274
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74036127-a5db-4a00-9908-9f0fe4ea4c3c&gdpr=0&gdpr_consent=
Request Chain 275
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=559a9994-f96e-4863-a231-6b63328e87eb
Request Chain 276
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESELNuZspTz4CJmE7Ojk1BRvQ&google_cver=1
Request Chain 277
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6469976588687039299&gdpr=0&gdpr_consent=
Request Chain 278
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=zsA9wpnEa5TVlTuWwJQiw8DHa8XVkD-TzsLGFPRx
Request Chain 279
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4998AC55-27EB-4D0E-B2B6-0ECE94430F02&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zv6gyF5E2uUqpO0wlNFSB56ovi15YyQ-~A&gdpr=0&gdpr_consent=
Request Chain 281
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
  • https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=90e5c509-33a6-4865-93b3-12f59c1793e5&ssp=pubmatic HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=29&expires=30&user_id=90e5c509-33a6-4865-93b3-12f59c1793e5&ssp=pubmatic HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2616d2ec-2e0c-4dbf-abc8-4ce379e9f51c&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 282
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7201022083141325463&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 283
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YSel3gAEJFur1gA4 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSel3gAEJFur1gA4&gdpr=0&gdpr_consent=&_test=YSel3gAEJFur1gA4
Request Chain 285
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:7981b92d-a656-4c94-a895-855ab1aaf1c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 286
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d6ee87f1-8ed5-42d1-8354-5be663477875-6127a5dc-4348&gdpr=0&gdpr_consent=
Request Chain 289
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=KST0YH8W-15-2WQ9&ex=d-rubiconproject.com&status=ok
Request Chain 298
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4db76127-a5db-4e00-9848-36e30db0ae50
Request Chain 300
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YSel3gAD3TI-hgBg HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSel3gAD3TI-hgBg&_test=YSel3gAD3TI-hgBg
Request Chain 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHhoDdno7tlROaOUDazPJBU&google_cver=1
Request Chain 303
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
Request Chain 330
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 336
  • https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=mag&i=KST0YKRT-M-BI71
Request Chain 338
  • https://bcp.crwdcntrl.net/5/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr HTTP 302
  • https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Request Chain 343
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0 HTTP 302
  • https://bcp.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=6173105f-63fb-4236-bee8-73cca50216f8 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=10620/tp=TRAD/tpid=6173105f-63fb-4236-bee8-73cca50216f8
Request Chain 346
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID HTTP 302
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?cookieQ=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID HTTP 302
  • https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=afbbb992-e738-4274-9acc-eca8a36e161a-6127a5e2-4348

346 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
helenair.com/
Redirect Chain
  • http://click1.email.lee.net/aldrbdpptpvnlmhbnykddnltwlngwrltlbszmspykstmpdy_ottkltmqwwdtlzqqmfwqw.html?a=helenair.com
  • https://helenair.com/
525 KB
67 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://helenair.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
5e5d9cd3b17fd047222e0cf1a3387e5f98041c108908938edf9bd745ce6e7c30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
helenair.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 08:42:37 GMT
content-type
text/html; charset=UTF-8
x-loop
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Aug 2021 08:42:36 GMT
x-robots-tag
noarchive
x-xrds-location
https://helenair.com/tncms/xrds/
x-ua-compatible
IE=edge
link
<https://bloximages.chicago2.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin <https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.6edb5af3e93b0a377ec925c5f1c6ddde.js>; rel=preload; as=script </shared-content/art/tncms/user/user.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.440cdcae2c3272df39c09befc9eb3dd6.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.cb897187c4718280fd69d2e6d6c3909d.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js>; rel=preload; as=script <https://cdn.cookielaw.org/scripttemplates/otSDKStub.js>; rel=preload; as=script
x-tncms
1.59.2; app17; 0.69s; 9.9M
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-xss-protection
1; mode=block
etag
W/dbde5ef4b2f971b929c58249417e4847
content-encoding
gzip
vary
X-IPCountry, X-Townnews-Now-API-Version, Accept-Encoding
age
20951
cache-control
public, max-age=10
x-vcache
HIT
accept-ranges
bytes
content-length
66258

Redirect headers

Server
Apache-Coyote/1.1
Connection
Keep-Alive
Keep-Alive
timeout=60
Set-Cookie
JSESSIONID=D27C6172CB6A7F2109F5EE67FAE234A6; Path=/; HttpOnly
Location
https://helenair.com
Content-Type
text/html;charset=utf-8
Content-Length
0
Date
Thu, 26 Aug 2021 14:31:48 GMT
jquery.min.6edb5af3e93b0a377ec925c5f1c6ddde.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/ 		98 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.6edb5af3e93b0a377ec925c5f1c6ddde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0785141e6461918363176bb595c118997a66d51af8338db5999308cd593cfebd
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
10489902
cf-ray
684dc418a92bcc42-ZRH
last-modified
Wed, 09 Sep 2020 19:56:59 GMT
x-vcache
MISS
server
cloudflare
etag
W/"5f59338b-18813"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Sat, 23 Apr 2022 02:56:47 GMT
user.js
helenair.com/shared-content/art/tncms/user/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://helenair.com/shared-content/art/tncms/user/user.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
0bd4bf1ae6486cfafef2d68fa19256bf5f9e2c5ec095a974e57722ef1696164c

Request headers

:path
/shared-content/art/tncms/user/user.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:27:20 GMT
content-encoding
gzip
last-modified
Mon, 16 Aug 2021 12:36:13 GMT
age
268
etag
W/"611a5bbd-29a2"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=600
x-vcache
HIT
accept-ranges
bytes
content-length
3909
service-worker-allowed
/
bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/ 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
10817935
cf-ray
684dc418b933cc42-ZRH
last-modified
Fri, 06 Sep 2019 14:16:03 GMT
x-vcache
MISS
server
cloudflare
etag
W/"5d726a23-9bd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Thu, 04 Nov 2021 10:17:22 GMT
common.08a61544f369cc43bf02e71b2d10d49f.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 		32 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
9208652
cf-ray
684dc418b936cc42-ZRH
last-modified
Wed, 05 May 2021 20:06:42 GMT
x-vcache
HIT
server
cloudflare
etag
W/"6092fad2-8154"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 11 May 2022 19:01:20 GMT
tnt.440cdcae2c3272df39c09befc9eb3dd6.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.440cdcae2c3272df39c09befc9eb3dd6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39b3f4ea7da5be033ccad2fbabd47e7fc1aeb7ef44651b4c1e08a216aabbef8d
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
4383934
cf-ray
684dc418a92ccc42-ZRH
last-modified
Tue, 06 Jul 2021 13:05:13 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60e45509-23b6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 06 Jul 2022 19:01:08 GMT
application.cb897187c4718280fd69d2e6d6c3909d.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.cb897187c4718280fd69d2e6d6c3909d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
165f2224fdb220f295f4c441bad7dfc35fd9ef57cb56af722285137944f598a7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
10817935
cf-ray
684dc418a92dcc42-ZRH
last-modified
Fri, 16 Apr 2021 14:03:19 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60799927-104a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Thu, 21 Apr 2022 19:01:27 GMT
tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 		2 KB
947 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
4383742
cf-ray
684dc418b938cc42-ZRH
last-modified
Tue, 06 Jul 2021 13:05:12 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60e45508-9ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 06 Jul 2022 19:01:08 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e45f3b0dad8aa0528790a6dd6dd2831bb8547129bd1320c10fd120118f44616
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BC5xsXKGgJbQbCzkLNvwBQ==
age
86708
vary
Accept-Encoding
content-length
6328
x-ms-lease-status
unlocked
last-modified
Wed, 04 Aug 2021 01:49:58 GMT
server
cloudflare
etag
0x8D956EA2A6E73F4
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b8d637e9-f01e-012a-80bd-8bebf6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
684dc4187e2f96a4-FRA
expires
Thu, 26 Aug 2021 18:31:49 GMT
bootstrap.min.44f4ed00052aeaf66307fd409db0d101.css
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/ 		107 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/bootstrap.min.44f4ed00052aeaf66307fd409db0d101.css
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d584af3d0a8ad98207995400856e5e8c608551e080e252ed413e82c19ffd04f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
10479973
cf-ray
684dc418a921cc42-ZRH
last-modified
Fri, 16 Apr 2021 14:03:10 GMT
x-vcache
MISS
server
cloudflare
etag
W/"6079991e-1ab8e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Sat, 23 Apr 2022 02:56:47 GMT
layout.a2e298cee785e277dcd2afd3184d7715.css
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/ 		138 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/layout.a2e298cee785e277dcd2afd3184d7715.css
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5340b5fc3790009ac910a68646074c8de500c26d5cb885eeaf889cbfe7ae940
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
1359581
cf-ray
684dc418a926cc42-ZRH
last-modified
Fri, 06 Aug 2021 14:14:41 GMT
x-vcache
MISS
server
cloudflare
etag
W/"610d43d1-22634"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 10 Aug 2022 19:01:10 GMT
lee.ds.css
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/ 		63 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/lee.ds.css?_dc=1629961267
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6bc5ccc0d04e6ccfbecd2bd5775b3604995e5196b4e08c179d0885e7e94925
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
20938
cf-ray
684dc418a927cc42-ZRH
last-modified
Thu, 26 Aug 2021 07:01:07 GMT
x-vcache
MISS
server
cloudflare
etag
W/"61273c33-fc8d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Fri, 26 Aug 2022 07:06:15 GMT
flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
5750111
cf-ray
684dc418a929cc42-ZRH
last-modified
Fri, 16 Apr 2021 14:04:22 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60799966-189c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Sat, 23 Apr 2022 02:56:47 GMT
owl.carousel.d631cca58a0d014854c4a6c1815f1da3.css
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/styles/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/styles/owl.carousel.d631cca58a0d014854c4a6c1815f1da3.css
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f43f4ee69c1e53622d634119250c9ecc2b189983c3e9dcf6bca4c59523b2b4e
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
1685842
cf-ray
684dc418a92acc42-ZRH
last-modified
Fri, 16 Jul 2021 14:02:29 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60f19175-12b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Thu, 21 Jul 2022 22:26:32 GMT
cc.js
tags.crwdcntrl.net/c/6894/ 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/c/6894/cc.js?ns=_cc6894
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.96.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-96-5.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5a2f10e09cd6e81eb686dbca9e6056ed485e87d3869bac347455547c294cb036

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 25 Aug 2021 14:50:18 GMT
content-encoding
gzip
etag
W/"8cd042d9f203fe2e01747c7444f95498"
last-modified
Tue, 15 Dec 2020 16:50:47 GMT
server
AmazonS3
age
85292
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 871dedfc10f4428aa2412b6f788b791a.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
41M49GoHtSxkapgourItu0cCZgTooC_Qm5OUro-iQiJ4UXbawAzSrQ==
user-controls.578df3df79d812af55ab13bae47f9857.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/ 		532 B
469 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/user-controls.578df3df79d812af55ab13bae47f9857.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
321fb426ca5f214a70f2faf9f9ded0e9332a1d134c0279983cb821d50c94b7f2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
1888512
cf-ray
684dc41969bccc42-ZRH
last-modified
Wed, 05 May 2021 20:06:25 GMT
x-vcache
MISS
server
cloudflare
etag
W/"6092fac1-214"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Tue, 24 May 2022 10:38:07 GMT
owl.carousel.66c591eb93f177b0f59892f361c3b1b4.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/owl.carousel.66c591eb93f177b0f59892f361c3b1b4.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2bedb8d9b818971c16b394180d1decd7e9993d6d6bcc0656637fa4a2e0ef191
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
1635349
cf-ray
684dc41979d0cc42-ZRH
last-modified
Wed, 05 May 2021 20:06:46 GMT
x-vcache
MISS
server
cloudflare
etag
W/"6092fad6-9fe8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 25 May 2022 05:57:26 GMT
tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
1652427
cf-ray
684dc419aa16cc42-ZRH
last-modified
Tue, 06 Jul 2021 13:05:11 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60e45507-db8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 06 Jul 2022 19:01:08 GMT
tnt.notify.panel.d7dc4795339f38cc067ead9f2f5ef1fb.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.notify.panel.d7dc4795339f38cc067ead9f2f5ef1fb.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ff30298cb08600b21e18d99439aab14c6616c4436c5183aeeb1b47f68994448
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
4379818
cf-ray
684dc419aa17cc42-ZRH
last-modified
Tue, 06 Jul 2021 13:05:12 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60e45508-19d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 06 Jul 2022 19:01:08 GMT
firebase-app.js
www.gstatic.com/firebasejs/6.6.2/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/6.6.2/firebase-app.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 07:01:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
286236
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3945
x-xss-protection
0
last-modified
Thu, 19 Sep 2019 21:11:52 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 07:01:14 GMT
firebase-messaging.js
www.gstatic.com/firebasejs/6.6.2/ 		31 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/6.6.2/firebase-messaging.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 25 Aug 2021 23:59:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52321
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8653
x-xss-protection
0
last-modified
Thu, 19 Sep 2019 21:11:54 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 25 Aug 2022 23:59:49 GMT
messaging.js
helenair.com/shared-content/art/tncms/api/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://helenair.com/shared-content/art/tncms/api/messaging.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
fe5d23d415187d71dfa026db8852418f98513ef7f7a1c3e1321bc95d6d6a0f5f

Request headers

:path
/shared-content/art/tncms/api/messaging.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:27:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Aug 2021 12:36:13 GMT
age
244
etag
W/"611a5bbd-11aa"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=600
x-vcache
HIT
accept-ranges
bytes
content-length
1259
service-worker-allowed
/
tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 		198 B
275 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8416f8febc369c76d3fc82e78d0c49c84bf1dd1904b73cee557fccdbbb5b9005
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:49 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
10814956
cf-ray
684dc418b937cc42-ZRH
last-modified
Wed, 24 Feb 2021 19:07:01 GMT
x-vcache
MISS
server
cloudflare
etag
W/"6036a3d5-c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Fri, 25 Feb 2022 06:40:58 GMT
tracking.js
helenair.com/shared-content/art/tncms/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://helenair.com/shared-content/art/tncms/tracking.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
18eadbed616a1c6d3afcf2750befa4c653869688479efbfdb0020c7c836d718b

Request headers

:path
/shared-content/art/tncms/tracking.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:27:21 GMT
content-encoding
gzip
last-modified
Mon, 16 Aug 2021 12:36:13 GMT
age
268
etag
W/"611a5bbd-a4b"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=600
x-vcache
HIT
accept-ranges
bytes
content-length
1149
service-worker-allowed
/
otCCPAiab.js
cdn.cookielaw.org/opt-out/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/opt-out/otCCPAiab.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b53a8679f64261d270c8e531fe1e2b8e463f3592155dcf4c2dbc5deeab2f3b63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
vK1pqwR5vAdncTOZa1Txzw==
age
1626058
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Tue, 29 Jun 2021 08:52:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
bb51bcfd-c01e-000f-7abd-8b3510000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
684dc419aec296a4-FRA
fontawesome.edd147e4c2830f416874012247117438.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 		252 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/fontawesome.edd147e4c2830f416874012247117438.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffa8814637fab7a454e06a6403a650615c04044d4f881b04ffdfcdc1395d98da
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
10817936
cf-ray
684dc419ba18cc42-ZRH
last-modified
Fri, 23 Oct 2020 13:08:53 GMT
x-vcache
HIT
server
cloudflare
etag
W/"5f92d5e5-3f1a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Fri, 05 Nov 2021 04:59:19 GMT
tracker.js
helenair.com/shared-content/art/stats/common/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://helenair.com/shared-content/art/stats/common/tracker.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f

Request headers

:path
/shared-content/art/stats/common/tracker.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:30:22 GMT
content-encoding
gzip
last-modified
Thu, 03 Jun 2021 19:09:11 GMT
age
87
etag
W/"60b928d7-2200"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=600
x-vcache
HIT
accept-ranges
bytes
content-length
3224
service-worker-allowed
/
helenair.com.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/400/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/400/helenair.com.png?_dc=Aug.Thu.2021
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e46bbca81676cec30cde85d511665c7c5b372f3850e37cd1d619b184cfee33f7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
20939
last-modified
Wed, 25 Sep 2019 23:22:39 GMT
content-length
7944
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5d8bf6bf-1f08"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc419ba19cc42-ZRH
expires
Thu, 25 Aug 2022 10:46:08 GMT
1ccc9064-420d-11ea-b290-7b59fef69160.png
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/custom/image/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/custom/image/1ccc9064-420d-11ea-b290-7b59fef69160.png
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18d2b7197419b8adf795a97ed23cb9fe30658495d508783644e0df6a5cbdbeb0
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
5381571
last-modified
Tue, 28 Jan 2020 20:31:07 GMT
content-length
1470
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5e309a0b-5be"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc419ba1acc42-ZRH
expires
Wed, 25 May 2022 06:03:51 GMT
0844d4da-420d-11ea-b290-b3a85feffde5.png
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/custom/image/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/custom/image/0844d4da-420d-11ea-b290-b3a85feffde5.png?resize=640%2C94
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb5ce01b20484f41ca2f7bfcf6c603f197ed3422418b62eff31c6f68a654303d
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
199884
cf-ray
684dc419ba1bcc42-ZRH
last-modified
Tue, 28 Jan 2020 20:30:32 GMT
x-vcache
MISS
server
cloudflare
etag
"14293f64b66fea01f3707748345b4ccc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Sat, 23 Apr 2022 02:56:47 GMT
gtm.js
www.googletagmanager.com/ 		170 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
29d41dd050cda909b114b1aaa7a77f72fbe6bb0d42a4639d044afff7c02c602f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58772
x-xss-protection
0
last-modified
Thu, 26 Aug 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 26 Aug 2021 14:31:50 GMT
loader.js
contributor.google.com/scripts/b765fd5c002b8ec/ 		107 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contributor.google.com/scripts/b765fd5c002b8ec/loader.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7ed3dec353a1d177e660a5ebd744150d06bd7eae1d37b6453233a46b4d2a341b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-nKk0V+0IC1ZdwVm9cADQtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorTargetingHttp/cspreport;worker-src 'self', script-src 'nonce-nKk0V+0IC1ZdwVm9cADQtA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorTargetingHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorTargetingHttp/cspreport
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorTargetingHttp"
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
report-to
{"group":"ContributorTargetingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorTargetingHttp/external"}]}
content-type
application/javascript; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
private, max-age=86400
content-security-policy
script-src 'report-sample' 'nonce-nKk0V+0IC1ZdwVm9cADQtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorTargetingHttp/cspreport;worker-src 'self', script-src 'nonce-nKk0V+0IC1ZdwVm9cADQtA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorTargetingHttp/cspreport
expires
Thu, 26 Aug 2021 14:31:50 GMT
AGSKWxWx7yQUhe008vdbx7qOwWhCKmR-osSuFC3DDyvCm_K_nNMTjE2EGmV28JFHdjHcINdbHwRu0oRU4n5mb0jEyQ==
fundingchoicesmessages.google.com/f/ 		96 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWx7yQUhe008vdbx7qOwWhCKmR-osSuFC3DDyvCm_K_nNMTjE2EGmV28JFHdjHcINdbHwRu0oRU4n5mb0jEyQ==
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cb7e2c1f7122238eda04ed3cd8a75e9b4bfa787c2fb2a2b695736c3e0309b5b3
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-9wXagYbCpX8FzR1H5weWOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-9wXagYbCpX8FzR1H5weWOw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-9wXagYbCpX8FzR1H5weWOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-9wXagYbCpX8FzR1H5weWOw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		71 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
2012d0c179af652ff2333e802fc096ec743f36514e47201e29e7ec1a26ed0b9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"969 / 619 of 1000 / last-modified: 1629976524"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25270
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:50 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		127 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-90-44.zrh50.r.cloudfront.net
Software
Server /
Resource Hash
1465ea73b9db4601cda29c323ea3eea1fc28337bd2c5193154c9ecbd7bf38bbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id
iCBj9h3R_OzDH4Og0Gd_eqIrtWDOxSOx
content-encoding
gzip
etag
708a268139e52bdfbe59398b3e766151
age
142
x-cache
Hit from cloudfront
server
Server
x-amz-rid
18D04GRND806HDNBHG5T
date
Thu, 26 Aug 2021 14:29:28 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
WzS5yXvC9pwYB_UZ0mSYaIcY0ps7VAunCIBgkfX2IkFQS4yV4YPMuA==
8f4bc1ca-1a9d-4e85-92aa-4a93d5036fdb.json
cdn.cookielaw.org/consent/8f4bc1ca-1a9d-4e85-92aa-4a93d5036fdb/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/8f4bc1ca-1a9d-4e85-92aa-4a93d5036fdb/8f4bc1ca-1a9d-4e85-92aa-4a93d5036fdb.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a5a3fbb570e2fb0305390a410128e5abd9b173f209c82566885aebafd6ff4e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ISJYtKYBjpSZ9qQvXfuLBg==
age
1625798
vary
Accept-Encoding
content-length
1100
x-ms-lease-status
unlocked
last-modified
Tue, 07 Jul 2020 16:26:20 GMT
server
cloudflare
etag
0x8D822927B3022A4
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
33550c78-001e-0152-03bd-8b8341000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
684dc419abc14303-FRA
tracker.gif
helenair.com/shared-content/art/stats/common/ 		0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://helenair.com/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_upage=1&tnms_do=helenair.com&tnms_uri=/&tnms_ref=&rt=1629988310024
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_upage=1&tnms_do=helenair.com&tnms_uri=/&tnms_ref=&rt=1629988310024
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
last-modified
Thu, 16 Oct 2008 20:11:25 GMT
age
0
etag
"48f79fed-0"
x-vcache
MISS
content-type
image/gif
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
0
survey
survey.g.doubleclick.net/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://survey.g.doubleclick.net/survey?site=_7zzjmruuzybbu3e2nkclgasxna&url=https%3A%2F%2Fhelenair.com%2F&cid=everything&random=1629988310024
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
4e5f4917fcbf9bd8784a026015ec9bd4a53ba94dda9236429102896b81daa700
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, no-cache, must-revalidate, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
vary
*
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		164 B
224 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
684dc419ef01bf19-FRA
10221820-420d-11ea-b290-330fa9a563f6.png
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/custom/image/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/custom/image/10221820-420d-11ea-b290-330fa9a563f6.png?resize=400%2C59
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ba48222d5ae6066f894806e15f6d6d18a7634f6de6f6dec31df4c4853a29012
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
1235048
last-modified
Tue, 28 Jan 2020 20:30:46 GMT
content-length
4120
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"e63b2b357d51f1c0e4ec1ba0acb3cf56"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc41a0a5dcc42-ZRH
expires
Sat, 23 Apr 2022 02:56:47 GMT
op.js
tagan.adlightning.com/leeenterprises/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/op.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a37e78100d484338c2a2fc7c643da6e713b32ac9882a0fd115ead24b3e61ac83

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id
mbf6yK9OzOIgPgCUiNAIjudDnZ3OP4MQ
content-encoding
gzip
etag
"49f9fd1cfa40ce1af6f9f2fc4af32cf9"
age
1827
x-cache
Hit from cloudfront
content-length
18464
x-amz-meta-git_commit
7b120a5
last-modified
Thu, 26 Aug 2021 03:01:02 GMT
server
AmazonS3
date
Thu, 26 Aug 2021 14:02:41 GMT
content-type
application/javascript
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
-ERVJ6ZY1Tia3ah0GbuCG1ERJ1VhC0Q_uscwTtZM74glb69g9J0jkA==
dmp.reactive.0e53d3f9d235eed93a6018d451147284.js
bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/ 		510 B
389 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/dmp.reactive.0e53d3f9d235eed93a6018d451147284.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ddd466f2537ff1e7c620b9f5d3c50229baa530655c61abbdc412cf7b6c7fd5e
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
4798985
cf-ray
684dc41a0a5bcc42-ZRH
last-modified
Wed, 05 May 2021 20:06:25 GMT
x-vcache
MISS
server
cloudflare
etag
W/"6092fac1-1fe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Wed, 25 May 2022 05:57:26 GMT
dfp.lazy.min.js
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/dfp.lazy.min.js?_dc=1626332473
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c79456b94ef17205d2e7ce09158c3c97e909feb47209e69b0590d7951759849c
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
3653973
cf-ray
684dc41a0a5ccc42-ZRH
last-modified
Thu, 15 Jul 2021 07:01:13 GMT
x-vcache
MISS
server
cloudflare
etag
W/"60efdd39-1292"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Fri, 15 Jul 2022 07:06:40 GMT
dnsfeed
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 		162 B
199 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/dnsfeed
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfeb7783a538aaf85df056bf149c808937dccdb3e3af5714d6fba017054e2f94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
684dc41a3f21bf19-FRA
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
3319
date
Thu, 26 Aug 2021 13:36:31 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Thu, 26 Aug 2021 15:36:31 GMT
gtm.js
www.googletagmanager.com/ 		99 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d940a34f56c7163f85bfe3ccd1467f9cab0b03ae7493c26193a9821c689b8dc9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38416
x-xss-protection
0
last-modified
Thu, 26 Aug 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 26 Aug 2021 14:31:50 GMT
pubads_impl_2021082501.js
securepubads.g.doubleclick.net/gpt/ 		330 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
bb74cc8e45d1408e44d42285d7c37a61cb1e79b7b700349757649e38a2e94350
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 25 Aug 2021 08:38:40 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118226
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:50 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		127 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=helenair.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
4b0224fae2e405a8bc4d63456b01fcd8d31f19ef9ad06af143a34c7b39dc7fe8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:50 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.2.0/ 		325 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe83bf4d90f17ac9ecb4808ffe059d64d79d5cf6752859c37a8113584e959c2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
lTz3ZVqTbRC0XOtXa5KYcg==
age
13541703
vary
Accept-Encoding
content-length
74003
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jun 2020 17:33:18 GMT
server
cloudflare
etag
0x8D819F70401AE6F
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
9a85d63a-f01e-012a-055d-1febf6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
684dc41a8f0696a4-FRA
expires
Fri, 03 Sep 2021 14:31:50 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		57 B
411 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3266&u=https%3A%2F%2Fhelenair.com%2F
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-90-44.zrh50.r.cloudfront.net
Software
Server /
Resource Hash
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 08:42:37 GMT
via
1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
server
Server
age
20952
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://helenair.com
cache-control
max-age=86087, s-maxage=86400
access-control-allow-credentials
true
x-amz-cf-pop
ZRH50-C1
content-length
57
x-amz-cf-id
IaEJ8lD5jCmWBFqSGdKRUJ6t0tfAyuodYiCCcDRUZ3paOdjeORb-3w==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-90-44.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 06:51:15 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
27636
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Sat, 21 Aug 2021 01:59:01 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
96XhsjGsBxsrm3kyucJOVw9g9hT2d.yB
via
1.1 110750d14d1d900cd5c76d0ac872f5dd.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
ZRH50-C1
content-type
application/javascript
x-amz-cf-id
0Aeo-w9VR8OA94AzI5En3Qx0eabBdhL7nMPT1LUSJ02nW6a4L9RUZQ==
prompt_embed_static.js
survey.g.doubleclick.net/insights/consumersurveys/static/437526454656025334/ 		393 KB
393 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://survey.g.doubleclick.net/insights/consumersurveys/static/437526454656025334/prompt_embed_static.js
Requested by
Host: survey.g.doubleclick.net
URL: https://survey.g.doubleclick.net/survey?site=_7zzjmruuzybbu3e2nkclgasxna&url=https%3A%2F%2Fhelenair.com%2F&cid=everything&random=1629988310024
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
ad2de503b302c2e4db22fc86cfe1f6e62a880e7e014574fbbb8e8551bd2ac671

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 25 Aug 2021 22:39:39 GMT
last-modified
Wed, 25 Aug 2021 17:20:13 GMT
server
Google Frontend
age
57131
content-type
application/javascript
x-cloud-trace-context
ff076e082e70e80ec92103ab42233714
cache-control
public, max-age=2592000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
402438
integrator.sync.js
adservice.google.de/adsid/ 		111 B
172 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.sync.js?domain=helenair.com
Requested by
Host: survey.g.doubleclick.net
URL: https://survey.g.doubleclick.net/survey?site=_7zzjmruuzybbu3e2nkclgasxna&url=https%3A%2F%2Fhelenair.com%2F&cid=everything&random=1629988310024
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
da46bc766028c67f94e34c39ecf0c36513fd5ffffe1e126ce09908ebcd671eb6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
AGSKWxXPMAKyC0nwiNfNTW2rH3h6KT1rleRaPBy_38cA5yH0W00oMQ47kqPkzaOTWkjrKa4RgjjmfH3VUvjzuCEZqw==
fundingchoicesmessages.google.com/el/ 		0
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXPMAKyC0nwiNfNTW2rH3h6KT1rleRaPBy_38cA5yH0W00oMQ47kqPkzaOTWkjrKa4RgjjmfH3VUvjzuCEZqw==?pvid=695752A2-2F36-4595-9DE3-D20E4FF2546A&anonid=69AB3399-5749-4A69-AFBE-F9E138979DF4
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.LXWGhRLIAo8.es5.O/d=1/rs=AJlcJMwz-6wqsyAiIE7Em3tTI4ufOMlSgA/m=loader_js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-d6mT6cMpdYyNOs/2lYA6Lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-d6mT6cMpdYyNOs/2lYA6Lg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-d6mT6cMpdYyNOs/2lYA6Lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-d6mT6cMpdYyNOs/2lYA6Lg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUx2GfBXyHVyZDmbcnxNIhrqhiJLxamP_xe0EIsl2MmHHF51RqpMAR6U6fxxqQEyHXdGqO5oheFNhOVTUZo6g==
fundingchoicesmessages.google.com/f/ 		88 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUx2GfBXyHVyZDmbcnxNIhrqhiJLxamP_xe0EIsl2MmHHF51RqpMAR6U6fxxqQEyHXdGqO5oheFNhOVTUZo6g==?fccs=W251bGwsW1tdLFtdXSxudWxsLG51bGwsbnVsbCwyLFsxNjI5OTg4MzEwLDM0NDAwMDAwMF0sIjY5NTc1MkEyLTJGMzYtNDU5NS05REUzLUQyMEU0RkYyNTQ2QSIsIjY5QUIzMzk5LTU3NDktNEE2OS1BRkJFLUY5RTEzODk3OURGNCIsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL2hlbGVuYWlyLmNvbS8iXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingLoaderClientJs.en_US.LXWGhRLIAo8.es5.O/d=1/rs=AJlcJMwz-6wqsyAiIE7Em3tTI4ufOMlSgA/m=loader_js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
723b190bd7d2a6c13c282a309cdbb34466016b01b9fb3b007ecb20d8dc2bf366
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-yrtvPeYHJaVaFkfWI+A7+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-yrtvPeYHJaVaFkfWI+A7+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-yrtvPeYHJaVaFkfWI+A7+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-yrtvPeYHJaVaFkfWI+A7+g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
ec.js
www.google-analytics.com/plugins/ua/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 13:46:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
2735
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1306
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:46:15 GMT
publisher:getClientId
ampcid.google.com/v1/ 		74 B
177 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://helenair.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
94
x-xss-protection
0
publisher:getClientId
ampcid.google.de/v1/ 		3 B
106 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://helenair.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
0
checksub
contributor.google.com/scripts/b765fd5c002b8ec:D:74ca6754963b5832/ 		392 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://contributor.google.com/scripts/b765fd5c002b8ec:D:74ca6754963b5832/checksub
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorTargetingClientJs.en_US.s2pUbIWI54c.es5.O/d=1/rs=AJlcJMz_nBWS1eQ77kpD-7eBcbfJh6InbA/m=contributor
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5cd66459aa15b4ecd19335032593163d728cb4f9b2db0ac0deb907936ab580d4
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-MwSFn2cmuEwGI7SY55MHVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorTargetingHttp/cspreport;worker-src 'self', script-src 'nonce-MwSFn2cmuEwGI7SY55MHVQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorTargetingHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorTargetingHttp/cspreport
cross-origin-resource-policy
cross-origin
access-control-allow-methods
POST, GET, OPTIONS
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorTargetingHttp"
x-frame-options
SAMEORIGIN
access-control-max-age
86400
report-to
{"group":"ContributorTargetingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorTargetingHttp/external"}]}
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://helenair.com
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-MwSFn2cmuEwGI7SY55MHVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorTargetingHttp/cspreport;worker-src 'self', script-src 'nonce-MwSFn2cmuEwGI7SY55MHVQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorTargetingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
en.json
cdn.cookielaw.org/consent/8f4bc1ca-1a9d-4e85-92aa-4a93d5036fdb/75787057-4552-493b-aa72-b303111d8f91/ 		14 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/8f4bc1ca-1a9d-4e85-92aa-4a93d5036fdb/75787057-4552-493b-aa72-b303111d8f91/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17168638051807ecfd255466abf630f13d7e4d0bb1778ff3d07c7e4306d47fff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
RPh2s6qCpQzKez35mPJX0w==
age
1625798
vary
Accept-Encoding
content-length
4660
x-ms-lease-status
unlocked
last-modified
Tue, 07 Jul 2020 16:26:22 GMT
server
cloudflare
etag
0x8D822927CC2571A
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
bda4a46a-401e-0111-50bd-8ba9a8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
684dc41cab934303-FRA
collect
stats.g.doubleclick.net/j/ 		1 B
82 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-54716522-7&cid=1697705571.1629988311&jid=645805128&gjid=554134630&_gid=1039007600.1629988311&_u=aGBAgUALAAQCAE~&z=376675874
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 26 Aug 2021 14:31:50 GMT
content-type
text/plain
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j93&aip=1&a=875731673&t=pageview&_s=1&dl=https%3A%2F%2Fhelenair.com%2F&ul=en-us&de=UTF-8&dt=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgUALAAQC~&jid=645805128&gjid=554134630&cid=1697705571.1629988311&tid=UA-54716522-7&_gid=1039007600.1629988311&gtm=2wg8n0PDQV3N&cd2=editorial&cd3=flex&cd4=flex-editorial&cd5=no&cd6=Large%3A%20Desktop%20computers.&cd8=200&cd9=No&cd10=No&cd12=No&cd13=https%3A%2F%2Fhelenair.com%2F&cd16=No&cd17=Page%20View&cm1=688&z=414017442
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 13:24:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
4034
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
prompt
survey.g.doubleclick.net/gk/ 		0
41 B 		Script
General
Check archive.org
Download Go to
Full URL
https://survey.g.doubleclick.net/gk/prompt?site=_7zzjmruuzybbu3e2nkclgasxna&t=1&url=https%3A%2F%2Fhelenair.com%2F&cid=everything&random=1629988310170&ref=&token=
Requested by
Host: survey.g.doubleclick.net
URL: https://survey.g.doubleclick.net/survey?site=_7zzjmruuzybbu3e2nkclgasxna&url=https%3A%2F%2Fhelenair.com%2F&cid=everything&random=1629988310024
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-why
UserPrivacyInfo does not meet requirements to be served (LAT and/or OPT_OUT modifier).
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 26 Aug 2021 14:31:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23
x-xss-protection
0
otFloatingFlat.json
cdn.cookielaw.org/scripttemplates/6.2.0/assets/ 		18 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.2.0/assets/otFloatingFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d8b76cb673b3af30f99448de96d4bfa03546c4e7808ce9c6ccaa9777efc90ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
LROBGyipCAjpSiLc19tFcQ==
age
10984633
vary
Accept-Encoding
content-length
2966
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jun 2020 17:33:09 GMT
server
cloudflare
etag
0x8D819F6FE6057CE
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
2bfaf61a-001e-003b-1f9f-369ab8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
684dc41cfc664303-FRA
expires
Fri, 03 Sep 2021 14:31:50 GMT
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.2.0/assets/ 		100 KB
21 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.2.0/assets/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10ab566c9fb0560fc9b7690af2b2a06cb4ce5af583a6e9796d1ece57c702c5e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
uHciMKc/pvNFERq4hQBWgw==
age
10984633
vary
Accept-Encoding
content-length
20976
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jun 2020 17:33:09 GMT
server
cloudflare
etag
0x8D819F6FE54BCDE
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
9c9a87ed-b01e-0162-439f-36d96b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
684dc41cfc694303-FRA
expires
Fri, 03 Sep 2021 14:31:50 GMT
js
www.googletagmanager.com/gtag/ 		128 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NFTGWT90ER&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
722c7ab4681dd36bc27477089b5977dfaed2ca5f035d15e5ec30d7eb72d4a20c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51627
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:50 GMT
gtm.js
www.googletagmanager.com/ 		374 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1757667d3c2c68250df460d25347d52074edb4345faf2ee208da5fef1329a30b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
90467
x-xss-protection
0
last-modified
Thu, 26 Aug 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 26 Aug 2021 14:31:50 GMT
truncated
/ 		73 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		75 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e31c42447e764b1195ff393437950867800ce2465dd3724c95640f4f5b34487c

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
serif-ds.woff2
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/serif-ds.woff2
Requested by
Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/lee.ds.css?_dc=1629961267
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Origin
https://helenair.com
Referer
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/lee.ds.css?_dc=1629961267
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:50 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
545371
last-modified
Wed, 21 Apr 2021 07:01:17 GMT
content-length
26164
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"607fcdbd-6634"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc41e9a9201eb-ZRH
expires
Sat, 23 Apr 2022 01:40:52 GMT
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-NFTGWT90ER&gtm=2oe8n0&_p=875731673&sr=1600x1200&ul=en-us&cid=1697705571.1629988311&_s=1&dl=https%3A%2F%2Fhelenair.com%2F&dt=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&sid=1629988310&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.application=editorial&ep.theme=flex&ep.skin_name=flex-editorial&ep.subscription_required=No&epn.blox_render_time=688&up.logged_in=No
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NFTGWT90ER&l=dataLayer&cx=c
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:50 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
b-7b120a5-9b73d8fb.js
tagan.adlightning.com/leeenterprises/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 17:20:30 GMT
content-encoding
gzip
age
1977081
x-cache
Hit from cloudfront
content-length
28059
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 03 Aug 2021 17:19:43 GMT
server
AmazonS3
etag
"afbaa3aad41d7158588b073852555441"
x-amz-version-id
UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
_uLuFe0O2kmjrr1_VxaZbU-qqMogmSktpjCaPHTj4mbI12XyRHGc0g==
bl-7b120a5-7c01691a.js
tagan.adlightning.com/leeenterprises/ 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4dfecece4900e75ceb75f2cad93a0eac31ccaa12c4d882ed101942b0e912034

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 03:48:06 GMT
content-encoding
gzip
age
38626
x-cache
Hit from cloudfront
content-length
20873
x-amz-meta-git_commit
7b120a5
last-modified
Thu, 26 Aug 2021 03:00:09 GMT
server
AmazonS3
etag
"e519d273d4d59d3c2adeb4b4d0628a05"
x-amz-version-id
Dgy.RzsbCffkuNN4c0iz6A5ldhbtxyiH
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Mwzb-ASYRhljznzwB9c0DS2Ru25D9kH5pg0MuIcgnLsT8lFyqQSuFQ==
bid
c.amazon-adsystem.com/e/dtb/ 		169 B
533 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3266&u=https%3A%2F%2Fhelenair.com%2F&pid=LxY5KU0e1fMGI&cb=0&ws=1600x1200&v=7.68.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F8438%2Fhelenair.com%2Fhomepage%22%7D%5D&pj=%7B%22sections%22%3A%22%22%7D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-90-44.zrh50.r.cloudfront.net
Software
Server /
Resource Hash
243fd09deaa5cba44ae685d3c62db15e621067e76b94f09ac74e6274a33d6c45

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
server
Server
x-amz-cf-pop
ZRH50-C1
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://helenair.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
158
via
1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
x-amz-cf-id
01ckBOxAUqL0VsOzEz_UJMg33XWh_yLwyVjrB5JPI9d38i849PCSyQ==
bid
c.amazon-adsystem.com/e/dtb/ 		169 B
531 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3266&u=https%3A%2F%2Fhelenair.com%2F&pid=LxY5KU0e1fMGI&cb=1&ws=1600x1200&v=7.68.00&t=2000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F8438%2Fhelenair.com%2Fhomepage%22%7D%5D&pj=%7B%22sections%22%3A%22%22%7D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-90-44.zrh50.r.cloudfront.net
Software
Server /
Resource Hash
acb4ca36dc176ee8ed53b2f2e35b790124db29dde45ad8da201e69be9f642cc0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
server
Server
x-amz-cf-pop
ZRH50-C1
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://helenair.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
157
via
1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
x-amz-cf-id
5ypRnxLYwq-CR1LuidktyPYuZ6Ej-o1RDQl_kx3_coQxoRleS4DEzw==
integrator.js
adservice.google.ch/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=helenair.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=helenair.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		33 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3991345993864993&correlator=4200978841776573&output=ldjh&impl=fifs&eid=31062395%2C31062297%2C31062312&vrg=2021082501&ptt=17&us_privacy=1YYN&sc=1&sfv=1-0-38&ecs=20210826&iu_parts=8438%2Chelenair.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=2x1&prev_scp=pos%3Dfixed-impact-top%2Catf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D2%26lee_hours%3D14%26lee_day%3D4&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26k%3Dnews%252Csports%252Cweather%252Ccrime%252Cpolitics%252Cnatural%2520resources%252Cenvironment%252Ceducation%252Chelena%252Cmontana%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1629967356&dt=1629988311160&dlt=1629988309820&idt=688&frm=20&biw=1600&bih=1200&oid=2&adxs=799&adys=0&adks=2007792130&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fhelenair.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1&msz=1600x1&ga_vid=1697705571.1629988311&ga_sid=1629988311&ga_hid=875731673&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
827bc7a88b36b8c61707052ef37d8b41d800ee4302eaf464e1f869b798031370
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11625
x-xss-protection
0
google-lineitem-id
5770244581
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138360431736
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2101 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Thu, 26 Aug 2021 14:31:51 GMT
expires
Fri, 26 Aug 2022 14:31:51 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
securepubads.g.doubleclick.net/gampad/ 		16 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3991345993864993&correlator=3579423309381426&output=ldjh&impl=fifs&eid=31062395%2C31062297%2C31062312&vrg=2021082501&ptt=17&us_privacy=1YYN&sc=1&sfv=1-0-38&ecs=20210826&iu_parts=8438%2Chelenair.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&prev_scp=pos%3Dfixed-impact-bottom%2Cbtf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D4%26lee_hours%3D14%26lee_day%3D4&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26k%3Dnews%252Csports%252Cweather%252Ccrime%252Cpolitics%252Cnatural%2520resources%252Cenvironment%252Ceducation%252Chelena%252Cmontana%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1629967356&dt=1629988311166&dlt=1629988309820&idt=688&frm=20&biw=1600&bih=1200&oid=2&adxs=800&adys=1&adks=3804360403&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fhelenair.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1&msz=1600x1&ga_vid=1697705571.1629988311&ga_sid=1629988311&ga_hid=875731673&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
81b7af26b74252d07703011bffcfde89c858f09fb8dd8f24713a61564fd06218
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7954
x-xss-protection
0
google-lineitem-id
751596797
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
89240352317
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		25 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3991345993864993&correlator=3678783883497098&output=ldjh&impl=fifs&eid=31062395%2C31062297%2C31062312&vrg=2021082501&ptt=17&us_privacy=1YYN&sc=1&sfv=1-0-38&ecs=20210826&iu_parts=8438%2Chelenair.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=pos%3Dhome_primary_middle%2Cbtf%2C50%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D5%26lee_hours%3D14%26lee_day%3D4&eri=1&cust_params=k%3Dnews%252Csports%252Cweather%252Ccrime%252Cpolitics%252Cnatural%2520resources%252Cenvironment%252Ceducation%252Chelena%252Cmontana%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1629967356&dt=1629988311169&dlt=1629988309820&idt=688&frm=20&biw=1600&bih=1200&oid=2&adxs=120&adys=1229&adks=4230052061&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fhelenair.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1697705571.1629988311&ga_sid=1629988311&ga_hid=875731673&ga_fc=false&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
2dddeffdd7426663d94d31aef8ddfe4b2e39d4a0304168ca6acb4795f433d247
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10974
x-xss-protection
0
google-lineitem-id
5752089018
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138358351310
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		23 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3991345993864993&correlator=3666323020203250&output=ldjh&impl=fifs&eid=31062395%2C31062297%2C31062312&vrg=2021082501&ptt=17&us_privacy=1YYN&sc=1&sfv=1-0-38&ecs=20210826&iu_parts=8438%2Chelenair.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=5x1&prev_scp=pos%3Dmembers-impact%2Catf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D4%26lee_hours%3D14%26lee_day%3D4&eri=1&cust_params=k%3Dnews%252Csports%252Cweather%252Ccrime%252Cpolitics%252Cnatural%2520resources%252Cenvironment%252Ceducation%252Chelena%252Cmontana%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1629967356&dt=1629988311173&dlt=1629988309820&idt=688&frm=20&biw=1600&bih=1200&oid=2&adxs=798&adys=6739&adks=3078710981&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fhelenair.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1&msz=1600x1&ga_vid=1697705571.1629988311&ga_sid=1629988311&ga_hid=875731673&ga_fc=false&fws=4&ohw=1600&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
82ced36c2772bf72b7e1e3b66510b2bfe031605be7de58e44b8887d9d814bf62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9811
x-xss-protection
0
google-lineitem-id
5575483893
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138360539008
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
var=tncms_siteaud
ad.crwdcntrl.net/5/c=6881/pe=y/ 		77 B
312 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.crwdcntrl.net/5/c=6881/pe=y/var=tncms_siteaud
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
059bc42513157b8af9033f063157dffd7a9a1c6bbc9e4f2b3bc75d52be38863d

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:51 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.0.88
content-type
application/javascript;charset=utf-8
content-length
77
expires
0
js
www.googletagmanager.com/gtag/ 		128 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-G2BL49024K&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6aacc52873a6948e2c72e879491c0dc78d66893a9da8f7b89f919ef5a5bfdbac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51611
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:51 GMT
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
882 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:20:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
686
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Thu, 26 Aug 2021 15:20:25 GMT
sp-gzip-2-17-3.js
storage.googleapis.com/lee-snowplow/static/ 		77 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/lee-snowplow/static/sp-gzip-2-17-3.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
7169b20ff9116852953e326ad3776ac06c0f14a5a21a3e07f3fb8b5c46418a61

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:30:57 GMT
content-encoding
gzip
age
54
x-guploader-uploadid
ADPycdsKSMTn5yRhdZZ062ZBI3itW7o5UZk-jPGCWWFPb_lbuzs483wEGv_H7LSQrrEhRIz-0djOWIV_6CV-MwzwlQ8SbAJMQQ
x-goog-storage-class
STANDARD
x-goog-custom-time
1970-01-01T00:00:00Z
x-goog-metageneration
4
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26950
x-goog-meta-
last-modified
Thu, 18 Feb 2021 15:16:40 GMT
server
UploadServer
etag
"d3142accd3f370a95f561f0fbfb3114b"
vary
Accept-Encoding
x-goog-hash
crc32c=C/nZJQ==, md5=0xQqzNPzcKlfVh8Pv7MRSw==
x-goog-generation
1613661400000346
cache-control
max-age=31536000
x-goog-stored-content-length
26950
accept-ranges
bytes
content-type
text/javascript
expires
Fri, 26 Aug 2022 14:30:57 GMT
fbevents.js
connect.facebook.net/en_US/ 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
99d9db36685f4473105170acb756d375a1bf6aa18a5f9453964ca7cae9083830
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
25993
x-xss-protection
0
pragma
public
x-fb-debug
acpYBx3stXY/hGstwlX42ZB9TtzFna1BomhCWGi1wpmxNIYG9BKgAObMbpIMtLCCjIQfJI8KjBwT/5cQ2vx7cA==
x-fb-trip-id
1718053925
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Thu, 26 Aug 2021 14:31:51 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
i99g3gee.js
d81mfvml8p5ml.cloudfront.net/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:5600:2:36a1:2f40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3c9a2d086d47148ae23b40fb16fa13a5bd578e40aa7ee5acabd1ad9d3c958ecf

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:23:05 GMT
content-encoding
br
last-modified
Thu, 29 Jul 2021 19:07:57 GMT
server
AmazonS3
age
1071
etag
W/"d5439e10177501ec79fe34fba97cb263"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
cache-control
max-age=600
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
oEfEFQ187PP0988M75zITTK-BjxSuWDDn8EQWFixh8kuUjJNmJih2A==
ml.br.js
js.matheranalytics.com/static/ltm/ma1527/lee/5/
Redirect Chain
  • https://js.matheranalytics.com/s/ma1527/725149323/lee/ml.js?cb=1572
  • https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
145 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.250.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
234.250.178.107.bc.googleusercontent.com
Software
nginx /
Resource Hash
8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 01:29:37 GMT
content-encoding
br
last-modified
Wed, 04 Aug 2021 03:52:13 GMT
server
nginx
age
46934
etag
"96d23de5d1ede166c2abc188adf1ebd7"
vary
Accept-Encoding
x-cache
HIT Wed, 04 Aug 2021 04:04:18 GMT
content-type
application/x-javascript
via
1.1 google
cache-control
public,max-age=3600
alt-svc
clear
content-length
43093

Redirect headers

date
Thu, 26 Aug 2021 14:31:51 GMT
via
1.1 google
server
nginx
vary
Accept-Encoding
location
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
cache-control
public, max-age=269200
alt-svc
clear
x-served-by
2-gc-euw1-10926
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.96.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-96-7.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:25:02 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
409
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
TgFobLixODhGwD0OjxG2RMNv_BcgX2cSL88GPa0-4P8p2O4gsGqE3A==
a-018v.min.js
b-code.liadm.com/ 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/a-018v.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:3e00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ZIO-Http /
Resource Hash
9684b98d3f0145a9252aecec6b30b937a05c6db86e72d19ded16a23d9a2c7f77

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 25 Aug 2021 18:33:24 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
server
ZIO-Http
age
71907
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-pop
FRA2-C1
content-encoding
gzip
x-amz-cf-id
i6Ddlz5asubk2WY4uEKwRr6WqGr7FzxtP00ZlTCqCkbaZ2Ma6CMjgA==
iframe
d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/ Frame E348
Redirect Chain
  • https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
138 B
630 B 		Document
General
Check archive.org
Download Go to
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.202 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-202.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447

Request headers

Host
d1eoo1tco6rr5e.cloudfront.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://helenair.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

Content-Type
text/html
Content-Length
138
Connection
keep-alive
Last-Modified
Fri, 09 Jul 2021 12:42:12 GMT
Accept-Ranges
bytes
Server
AmazonS3
Date
Thu, 26 Aug 2021 05:13:50 GMT
Cache-Control
max-age=86400
ETag
"50351b1f6590b5c4886c111874e016a0"
X-Cache
Hit from cloudfront
Via
1.1 08c5e904e2f0226b2d9c1417f32b12f2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
ZRH50-C1
X-Amz-Cf-Id
hzh1cWG2KXusSGko1QECcRmGr8TJtXy9j9_YYbs2WgcwowdqyTif9w==
Age
33495

Redirect headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-type
text/html; charset=UTF-8
content-length
183
location
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
bl-7b120a5-7c01691a.js
tagan.adlightning.com/leeenterprises/ Frame CD6D 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4dfecece4900e75ceb75f2cad93a0eac31ccaa12c4d882ed101942b0e912034

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 03:48:06 GMT
content-encoding
gzip
age
38626
x-cache
Hit from cloudfront
content-length
20873
x-amz-meta-git_commit
7b120a5
last-modified
Thu, 26 Aug 2021 03:00:09 GMT
server
AmazonS3
etag
"e519d273d4d59d3c2adeb4b4d0628a05"
x-amz-version-id
Dgy.RzsbCffkuNN4c0iz6A5ldhbtxyiH
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
b_iLhgBVQkNoadRkmQ9ZmHF2f_f8tPZhcHVaJCnLG0D2q_8mQaItUw==
b-7b120a5-9b73d8fb.js
tagan.adlightning.com/leeenterprises/ Frame CD6D 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 17:20:30 GMT
content-encoding
gzip
age
1977081
x-cache
Hit from cloudfront
content-length
28059
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 03 Aug 2021 17:19:43 GMT
server
AmazonS3
etag
"afbaa3aad41d7158588b073852555441"
x-amz-version-id
UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
kNSih7X27vnugkF7UFd-q7rDPMww67_GpLal4bTrhy_xu8WPrwRk1w==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CD6D 		124 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1629718280506303"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38186
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:51 GMT
bl-7b120a5-7c01691a.js
tagan.adlightning.com/leeenterprises/ Frame 8348 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4dfecece4900e75ceb75f2cad93a0eac31ccaa12c4d882ed101942b0e912034

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 03:48:06 GMT
content-encoding
gzip
age
38626
x-cache
Hit from cloudfront
content-length
20873
x-amz-meta-git_commit
7b120a5
last-modified
Thu, 26 Aug 2021 03:00:09 GMT
server
AmazonS3
etag
"e519d273d4d59d3c2adeb4b4d0628a05"
x-amz-version-id
Dgy.RzsbCffkuNN4c0iz6A5ldhbtxyiH
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
yghr4XAvzIFOv5PHV03H2fbMuwNyxhW-ROdFiIPFVwFpXOvNbLTDcw==
b-7b120a5-9b73d8fb.js
tagan.adlightning.com/leeenterprises/ Frame 8348 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 17:20:30 GMT
content-encoding
gzip
age
1977081
x-cache
Hit from cloudfront
content-length
28059
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 03 Aug 2021 17:19:43 GMT
server
AmazonS3
etag
"afbaa3aad41d7158588b073852555441"
x-amz-version-id
UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
DhRYaO4BvPCaMXsueAF9d1j8eCCQLeWBWzVRAd6V8piTQqJd8tV2cA==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8348 		124 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1629718280506303"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38186
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:51 GMT
bl-7b120a5-7c01691a.js
tagan.adlightning.com/leeenterprises/ Frame 1E52 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4dfecece4900e75ceb75f2cad93a0eac31ccaa12c4d882ed101942b0e912034

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 03:48:06 GMT
content-encoding
gzip
age
38626
x-cache
Hit from cloudfront
content-length
20873
x-amz-meta-git_commit
7b120a5
last-modified
Thu, 26 Aug 2021 03:00:09 GMT
server
AmazonS3
etag
"e519d273d4d59d3c2adeb4b4d0628a05"
x-amz-version-id
Dgy.RzsbCffkuNN4c0iz6A5ldhbtxyiH
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
ERZFLfPf8fbc4neuttSr8libNjYTaT6gBVhbthWBl6GIupRdSNbS2w==
b-7b120a5-9b73d8fb.js
tagan.adlightning.com/leeenterprises/ Frame 1E52 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 17:20:30 GMT
content-encoding
gzip
age
1977081
x-cache
Hit from cloudfront
content-length
28059
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 03 Aug 2021 17:19:43 GMT
server
AmazonS3
etag
"afbaa3aad41d7158588b073852555441"
x-amz-version-id
UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
ja6t3A1mMSr2N9j1etCaCagSmXMbLjs4eHpfHdbjzmKzy7zw1Dzxsw==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1E52 		124 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1629718280506303"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38186
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:51 GMT
61271c561f9e9.preview-620.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/eedition/8/29/8290a5f1-43b8-5f93-a08a-41e2e1d8d6fa/ 		193 KB
193 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/eedition/8/29/8290a5f1-43b8-5f93-a08a-41e2e1d8d6fa/61271c561f9e9.preview-620.jpg?resize=620%2C1253
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bcbd407315629962e522137179b674eb1f06e73a7d68847d9c20b009182fb02
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
20936
last-modified
Thu, 26 Aug 2021 04:45:11 GMT
cf-bgj
h2pri
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"37422442d50b9c601916296def5cd5ca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
684dc422a90ecc42-ZRH
expires
Fri, 26 Aug 2022 06:07:13 GMT
6125151706dfc.preview.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/d/6b/d6b09f3f-6b3c-5f2f-ac15-24488eaa959b/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/d/6b/d6b09f3f-6b3c-5f2f-ac15-24488eaa959b/6125151706dfc.preview.jpg?crop=1763%2C992%2C0%2C92&resize=150%2C84&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68b8dcfdc69521111731a7c8091cb4886638343ee50752911b52e88fe87a9483
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
cf-cache-status
HIT
age
20936
last-modified
Tue, 24 Aug 2021 15:49:43 GMT
strict-transport-security
max-age=604800
content-length
4227
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"d23418f0d41beb5d1f83201bdf9606f1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 06:09:02 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc422a911cc42-ZRH
cf-bgj
h2pri
6102395d8d8d5.image.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/8/05/805c91ea-8b85-5232-8ecf-caa7bd689f6b/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/8/05/805c91ea-8b85-5232-8ecf-caa7bd689f6b/6102395d8d8d5.image.jpg?crop=516%2C290%2C0%2C3&resize=150%2C84&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e37b589b15c35555fee3cc6ca69dc10391533290a33520f335015a90d846d48a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
cf-cache-status
HIT
age
20936
last-modified
Thu, 29 Jul 2021 05:15:09 GMT
strict-transport-security
max-age=604800
content-length
6821
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"80c3c1951b210a375c23caf23c7c4393"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 19 Aug 2022 06:14:08 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc422a914cc42-ZRH
cf-bgj
h2pri
60789de965fa7.preview.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/7/81/781b9ce6-9e26-11eb-bf22-6b109f2be857/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/7/81/781b9ce6-9e26-11eb-bf22-6b109f2be857/60789de965fa7.preview.jpg?crop=1080%2C608%2C0%2C236&resize=150%2C84&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b47f209ec42adefdc4478377971469aaa38a5d3976fd7a4d899cfb3d9fbc26b2
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
cf-cache-status
HIT
age
182337
last-modified
Thu, 15 Apr 2021 20:11:21 GMT
strict-transport-security
max-age=604800
content-length
4762
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"99af5810f7c3a38e1074296de4f6d120"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Sun, 03 Jul 2022 08:18:58 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc422a917cc42-ZRH
cf-bgj
h2pri
61015cc3a05e7.image.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/6/f5/6f58aee0-0fa7-5987-ac3a-cb171e383a7e/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/6/f5/6f58aee0-0fa7-5987-ac3a-cb171e383a7e/61015cc3a05e7.image.jpg?crop=300%2C169%2C0%2C0&resize=150%2C84&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a84ef2b0185b4cc40d7ae7116311b6b8a1ec8f4c9b09948c123fd652e887762b
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
cf-cache-status
HIT
age
20936
last-modified
Wed, 28 Jul 2021 13:33:55 GMT
strict-transport-security
max-age=604800
content-length
3550
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"fc702e10c110d46fa31c7fae91a5c0b2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 25 Aug 2022 11:26:53 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc422a91acc42-ZRH
cf-bgj
h2pri
603836bc5856b.image.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/a/54/a541be96-6871-5f2a-b829-a8d6794d75fc/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/a/54/a541be96-6871-5f2a-b829-a8d6794d75fc/603836bc5856b.image.jpg?crop=1800%2C1013%2C0%2C10&resize=750%2C422&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f85b23a2b7db5c7a66a29c99e5649a9447a91edcbf9b3881b0bda48dedd82c95
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
20936
last-modified
Thu, 25 Feb 2021 23:46:04 GMT
cf-bgj
h2pri
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"59d636dc13701cad115a4422021e2e30"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
684dc422a91dcc42-ZRH
expires
Fri, 26 Aug 2022 00:21:01 GMT
6126e84ea0103.preview.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/b/cb/bcb45742-3e9f-589d-ab2c-a5ab03b3a99d/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/b/cb/bcb45742-3e9f-589d-ab2c-a5ab03b3a99d/6126e84ea0103.preview.jpg?crop=1675%2C942%2C162%2C0&resize=225%2C127&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6eee83f6b80c0e1ea2da03e9c526dae896f5617d6bde939053699e91c9d5058
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
cf-cache-status
HIT
age
20936
last-modified
Thu, 26 Aug 2021 01:03:11 GMT
strict-transport-security
max-age=604800
content-length
9172
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"01e9d52ba0cda44f97a30af4e0ff9255"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Fri, 26 Aug 2022 01:46:32 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc422a91fcc42-ZRH
cf-bgj
h2pri
573f757412a92.image.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/f/b0/fb0302dd-2d5b-5276-8586-524f8c95cd4d/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/f/b0/fb0302dd-2d5b-5276-8586-524f8c95cd4d/573f757412a92.image.jpg?crop=1662%2C935%2C0%2C155&resize=150%2C84&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1396b4de00482f4808baefce87ab7b9cb9059f7b9cc4d6fcef9770ee8f7c1c68
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
20936
last-modified
Fri, 20 May 2016 20:37:08 GMT
cf-bgj
h2pri
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"7ef04307a5670e8f081ea93d4341bdd0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
684dc422a922cc42-ZRH
expires
Fri, 26 Aug 2022 00:18:33 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		432 B
255 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3991345993864993&correlator=2684941222950718&output=ldjh&impl=fifs&eid=31062395%2C31062297%2C31062312&vrg=2021082501&ptt=17&us_privacy=1YYN&sc=1&sfv=1-0-38&ecs=20210826&iu_parts=8438%2Chelenair.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x90%7C728x90&prev_scp=pos%3Dfixed-leaderboard-top%2Catf%2C50%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D8%26lee_hours%3D14%26lee_day%3D4%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=k%3Dnews%252Csports%252Cweather%252Ccrime%252Cpolitics%252Cnatural%2520resources%252Cenvironment%252Ceducation%252Chelena%252Cmontana%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie=ID%3D7c15ea38f6a41d25-22e993f4c0c800b1%3AT%3D1629988311%3AS%3DALNI_MZuUh9XGqs7T-QVL_M4Oi_fpy7mmw&bc=31&abxe=1&lmt=1629967356&dt=1629988311493&dlt=1629988309820&idt=688&frm=20&biw=1600&bih=1200&oid=2&adxs=315&adys=284&adks=2196195694&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fhelenair.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1584x250&msz=1584x250&psts=AGkb-H89UUrGaCMCmoxlPOYMPLIkFy2rAbekgSZn0P3RuM8kXXb6QhuVAe9lHBU290l3qnsEk7sQq1-HFTE%2CAGkb-H9BTZhaUylNTDCV6nkyFA5KNIP4wpYeh-npX5zNoECEYc7e0WXZp2rWob6HjlnQL_qFWPLLhggqdCyMWO7r4QfU%2CAGkb-H-TOa86dPGyzeJfUahBo34X5ePC61KWQvSVYHvmF_kccZlnV50HNDkDh2UHC6sAZC0RUnuMAbKYbvbfm2XMu9v8&ga_vid=1697705571.1629988311&ga_sid=1629988311&ga_hid=875731673&ga_fc=false&ga_cid=1039007600.1629988311&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
7b905c61f09034c9105890220ab9e41587342adb7aa5a69f2cce72792bff2049
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
224
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		24 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3991345993864993&correlator=1137949721193902&output=ldjh&impl=fifs&eid=31062395%2C31062297%2C31062312&vrg=2021082501&ptt=17&us_privacy=1YYN&sc=1&sfv=1-0-38&ecs=20210826&iu_parts=8438%2Chelenair.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&prev_scp=pos%3Dfixed-big-ad-top%2Catf%2C50%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D7%26lee_hours%3D14%26lee_day%3D4%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=k%3Dnews%252Csports%252Cweather%252Ccrime%252Cpolitics%252Cnatural%2520resources%252Cenvironment%252Ceducation%252Chelena%252Cmontana%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie=ID%3D7c15ea38f6a41d25-22e993f4c0c800b1%3AT%3D1629988311%3AS%3DALNI_MZuUh9XGqs7T-QVL_M4Oi_fpy7mmw&bc=31&abxe=1&lmt=1629967356&dt=1629988311506&dlt=1629988309820&idt=688&frm=20&biw=1600&bih=1200&oid=2&adxs=1180&adys=577&adks=435523245&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fhelenair.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x600&msz=300x600&psts=AGkb-H89UUrGaCMCmoxlPOYMPLIkFy2rAbekgSZn0P3RuM8kXXb6QhuVAe9lHBU290l3qnsEk7sQq1-HFTE%2CAGkb-H9BTZhaUylNTDCV6nkyFA5KNIP4wpYeh-npX5zNoECEYc7e0WXZp2rWob6HjlnQL_qFWPLLhggqdCyMWO7r4QfU%2CAGkb-H-TOa86dPGyzeJfUahBo34X5ePC61KWQvSVYHvmF_kccZlnV50HNDkDh2UHC6sAZC0RUnuMAbKYbvbfm2XMu9v8&ga_vid=1697705571.1629988311&ga_sid=1629988311&ga_hid=875731673&ga_fc=false&ga_cid=1039007600.1629988311&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
0280ff19fe11ee011a065d97ef884976f5495b979735ec9bcbc64edc4584a9f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10517
x-xss-protection
0
google-lineitem-id
5752089018
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138358351310
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
Cookie set iu3
aax-eu.amazon-adsystem.com/s/ Frame 1A35
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t
291 B
964 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
bd036ad86754ea25ac1107a2c362aa7ccef6726614534b5e49723b6765caad91

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://helenair.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ad-id=Az_OWEE4ekc1qEPunUfbbGs|t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:51 GMT
Content-Type
text/html;charset=ISO-8859-1
Content-Length
227
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie
ad-id=Az_OWEE4ekc1qEPunUfbbGs; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 14:31:51 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Thu, 01-Oct-2026 14:31:51 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip

Redirect headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:51 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t
Set-Cookie
ad-id=Az_OWEE4ekc1qEPunUfbbGs|t; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 14:31:51 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary
User-Agent
bl-7b120a5-7c01691a.js
tagan.adlightning.com/leeenterprises/ Frame 5989 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4dfecece4900e75ceb75f2cad93a0eac31ccaa12c4d882ed101942b0e912034

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 03:48:06 GMT
content-encoding
gzip
age
38626
x-cache
Hit from cloudfront
content-length
20873
x-amz-meta-git_commit
7b120a5
last-modified
Thu, 26 Aug 2021 03:00:09 GMT
server
AmazonS3
etag
"e519d273d4d59d3c2adeb4b4d0628a05"
x-amz-version-id
Dgy.RzsbCffkuNN4c0iz6A5ldhbtxyiH
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
-Kwm2eVbIxTCG6Ms_NHKNuG1GnSTDGyOWev2XNmmllQQQF2wovwnZA==
b-7b120a5-9b73d8fb.js
tagan.adlightning.com/leeenterprises/ Frame 5989 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 17:20:30 GMT
content-encoding
gzip
age
1977081
x-cache
Hit from cloudfront
content-length
28059
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 03 Aug 2021 17:19:43 GMT
server
AmazonS3
etag
"afbaa3aad41d7158588b073852555441"
x-amz-version-id
UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
n2tt2SlY4V9HAfXf-xcZkfzfaDPgSilIFFoJZcpf_dLkG_wa3i04cA==
8042387372650788568
tpc.googlesyndication.com/simgad/ Frame 5989 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/8042387372650788568
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a1351e8e44a29799f94b3c8e83310022985e38b823f2fbdc86a7ec871550abb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Aug 2021 18:19:22 GMT
server
sffe
x-dns-prefetch-control
off
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22049
x-xss-protection
0
expires
Fri, 26 Aug 2022 14:31:51 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210823/r20110914/client/ Frame 5989 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210823/r20110914/client/window_focus_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:24:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
437
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 09 Sep 2021 14:24:34 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5989 		124 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1629718280506303"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38186
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:51 GMT
l
www.google.com/ads/measurement/ Frame 5989 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTydo9NmUFJoc18gJemzonrBKdC0eBH35Vo7RSu6ptrUU5u3Sag_DUFp7ecjg8m8J3YYC_1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers
view
securepubads.g.doubleclick.net/pcs/ Frame CD6D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstvdBzzHalaV_O3t4iVeEApkNfHp0zfCCYt9e7L76kzYMH1wMa0tI5BCRYUYXNgndfb9Efwdz-Wqa9HK_KKcNKgHJKpMVLt0wppY8cfwCRAeH8-7adJSs0Rg07s2qMr1chYHjXyGiyVtNMhUcQsmSKLNuMoCTyYQKCwq8ShH8gAD8zn2cL7t9avm98cGUYzIshAqvgJ0f3G7eYyN18vPfYEUnjSVIiRH3wRZ8Q4vfcXyJ_9YDdq3QUs67cXvxV2G2zTO72fVJIDZ2LhHUeYEZUup8REQTTJJQxBDPQzqtdIULw_WYNmTeNiNjULmpA-alBYVrMSa1Yhx9CvUA&sai=AMfl-YRIk_NtRW-t2mfe8t6BbFGJAyCnm-rcQolWnb6BRD7h1w5f46Q-flVTJSL8rdeizHxe9O-rUGIeMrojBkMS2wbOPUv9zaY-8MMOd4p-785CGylg9ar-crcf4tQbImI&sig=Cg0ArKJSzCBAsWz36-EyEAE&urlfix=1&adurl=
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
rciv.js
cdn.tynt.com/ Frame CD6D 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tynt.com/rciv.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.88.26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7472515853b3544b603dbd5f4bb0d4f5a498e184680e8a12ac068be657b854c

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 11 May 2021 16:57:45 GMT
server
cloudflare
age
163639
etag
W/"609ab789-3dbe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
684dc426acf723af-ZRH
expires
Sun, 29 Aug 2021 14:31:52 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 8348 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuH3cXZSOgARMaDbcyhAsYlOYi2mMZUSl1o5JPh-ahshDX0GODxdl9r5zbwXsxRqn0Qye6IKWk9aQRrcI8EvQvcQyCE57Mk9-WNvinxv2E_oowA-7mlcAEYKM4R7fSSQce_XP7vDfqIQVC7G0X_SN7DGMwm0Jgxx7eQSI-YirA_z4y_mqRkXrGCI4SgSWN2tOYbW592rNaGHI4OxeixNzBDDr1mKHa7OiyV22Jxx4J7m3CdG7H7YDAq-8lUeo-qWEpHQOWdQpeSSXgIDyR3tFFRDtJg5MAf5Vj0r0SEF0miIVytUoCdqKSeG4t3SzeQ9iNw&sai=AMfl-YQWrYTCqXQgN_xqlVgGcQUErChhBOYWMhONHw-c_5pp7A96i05G1FbFP3NDSGHdNt39KFQGWfo8Q8tQJClCtG7VVInldPjrw1Pbc2a4jYaMrALfWmjUIrXjvkpYsgFH&sig=Cg0ArKJSzAbXcpxxGHZfEAE&urlfix=1&adurl=
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 26 Aug 2021 14:31:52 GMT
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/ 		52 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
Requested by
Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.6edb5af3e93b0a377ec925c5f1c6ddde.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1412211
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
3279
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d2a-ce35"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRGsZBBvTxZWcAM6c0%2BGnYdpJuYIDaCuJKkrhNMaTY9NU1vYF6F6wrEUxvcIjPeOggNhFGKV7FgnXflcXAO7ZJDD7N7XgPF8v8p9HT%2FWN%2FLy282Lt%2BSnfBYiRfClX%2BrPTgJAQLxWOViPQVRGUFKsMVaO"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
684dc426e98f2488-FRA
expires
Tue, 16 Aug 2022 14:31:52 GMT
9151868353653510961
tpc.googlesyndication.com/simgad/
Redirect Chain
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCP9abGvQEQARgBMgih_GSU42q6nA
  • https://tpc.googlesyndication.com/simgad/9151868353653510961
230 KB
231 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/9151868353653510961
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1786d43f606e88572a2ac843d78f1be0a042a2c6811a4ba62b85fba61ef46edc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 25 Aug 2021 14:46:44 GMT
x-content-type-options
nosniff
age
85509
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
235944
x-xss-protection
0
last-modified
Tue, 24 Aug 2021 21:07:59 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Aug 2022 14:46:44 GMT

Redirect headers

timing-allow-origin
*
date
Wed, 25 Aug 2021 14:46:41 GMT
x-content-type-options
nosniff
server
cafe
age
85511
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://tpc.googlesyndication.com/simgad/9151868353653510961
cache-control
public, max-age=2592000
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 24 Sep 2021 14:46:41 GMT
6437499816428550661
tpc.googlesyndication.com/simgad/
Redirect Chain
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCP9abtJxABGAEyCHVZFgMEXZrd
  • https://tpc.googlesyndication.com/simgad/6437499816428550661
87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/6437499816428550661
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a29dad202727a8f89f56e508410baff0a8f3ca5d4905194d9215bd9e2b6ca5ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 25 Aug 2021 14:46:44 GMT
x-content-type-options
nosniff
age
85509
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
88984
x-xss-protection
0
last-modified
Tue, 24 Aug 2021 21:08:03 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Aug 2022 14:46:44 GMT

Redirect headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 09:07:47 GMT
x-content-type-options
nosniff
server
cafe
age
19445
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://tpc.googlesyndication.com/simgad/6437499816428550661
cache-control
public, max-age=2592000
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Sat, 25 Sep 2021 09:07:47 GMT
truncated
/ Frame CD6D 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05976c16ad88772de584dc03c9ce31c08ae34fd3bc8e7c8a4540d808f31187c4

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 8348 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv2l-QmR1d55MGhIu-lGLqVDqiRQJPK9I8cXdrq4TNlAxBC2d6m-EL3lQtTMz2FdH-dP4igJY0w4yVeZf_dDjh3pYzvYAtrMtJS0n-wP-YmHunuINz_vAA7KFu6Dwmdo-0XU2K43t4UbCRszfL4_IeCPVliuRjaGiBzmC4f6FY5jYfB4fhyFx5x2syFJwkrlN8ULojL8WjgGUw8W2RxVjHLTYD5m1chOfSygkbawjtqAUTt2HyAjzHciJNwRG6U4Zu5fwpY5Bo07CBfI6DYoUfy2sTXDgH8gWlhIiPZl44SVlnC8vc2L26xc3j8SkH_N5q2Iyk&sai=AMfl-YSNJoWhKUs6ZmCh7-44JAHQkDUxrd1ZoKn4qIx1gx75Kixw8JB0jhNcHXN98OCBM2-8K4YfU-fPOoifbF_bUZN_h1aebGDqYUcJ0gLJly7UbderMLaZXtxr8_RjVLJk&sig=Cg0ArKJSzHI3hYg6kIxlEAE&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 26 Aug 2021 14:31:52 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1E52 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssgbAQbyHW8ddfDElFnhs4UOKVbGF_VZ0dx30CaeuHbIu6fjltsK2vmX5QG4IhD_-C0bIsSkR8TZoF-LBfI_kK-fpUYWLAxrxciTXRK-1-i8HITEwd5yplZpBJMFhK2ab9TXYbDCP7foQQZAlDi3LZxPd0YH_Iy3cWNum_Pd2QYT7m35p98wF3bMFZx3K4bbLGjDzkgA1H40g29OSJnjEYEdJGeSCvtyQ67yjdLsf7vAXp4Cg87SVEHvbvAxXq0NNltyNX536qmnqETOrapw-lLjqWchQnwD0ovnmQgv9jDpm-JHPQYFlzxVqMu3i011ehiJSI8dhSzpTgFjjUnMQ&sai=AMfl-YR4fZqrlqrlFIDnAzlr2JvvQ9huiqrIDt-xW-9WuePIjLYUwT1rHIfe8KXMKwDk6GVBUe1HpGb3OCzh8ny2KjCFf8Od87NmPJiNJrfLSCCK3-JSATkJRpvCBmYI6IE&sig=Cg0ArKJSzMHgEmGq737yEAE&urlfix=1&adurl=
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 26 Aug 2021 14:31:52 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-54716522-2&cid=1697705571.1629988311&jid=459360115&gjid=261768585&_gid=1039007600.1629988311&_u=aHDAgUArQAQCAE~&z=1749787385
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 26 Aug 2021 14:31:52 GMT
content-type
text/plain
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.google-analytics.com/gtm/ 		102 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-TQ9PK73&t=gtm265&cid=1697705571.1629988311
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
04895d640204bc602ff558567e88b95a03c3f38affe533d13e838649c27517ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40708
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:52 GMT
collect
www.google-analytics.com/ 		35 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j93&a=875731673&t=pageview&_s=1&dl=https%3A%2F%2Fhelenair.com%2F&ul=en-us&de=UTF-8&dt=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDAgUArQAQCAE~&jid=459360115&gjid=261768585&cid=1697705571.1629988311&tid=UA-54716522-2&_gid=1039007600.1629988311&gtm=2wg8n0TDWDC2&cd1=desktop&cd2=helenair.com&cd3=editorial&cd4=homepage&cd6=homepage&cd14=Undefined&cd17=null&cd20=anonymous&cd23=&cg1=&cd21=Helena&cd22=flex-editorial&cd30=54&cd31=Fair&cd51=Helena%2FButte%20SBU&cd52=2&cd75=0&cd76=%20%20%20%20%20%20%20%20%20&cd79=&cd80=&cd81=No&cd82=&cd85=no&cd86=no&cd102=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F92.0.4515.159%20safari%2F537.36&cd103=Undefined&cd104=Undefined%2C%20Undefined&cd105=3&cd106=Page%20View&cd111=undefined&cd115=notset&cd116=No&cd117=No&cd89=1697705571.1629988311&z=547294170
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Aug 2021 15:23:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
83284
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
69 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-G2BL49024K&gtm=2oe8n0&_p=875731673&sr=1600x1200&_gaz=1&ul=en-us&cid=1697705571.1629988311&_s=1&dl=https%3A%2F%2Fhelenair.com%2F&dt=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&sid=1629988311&sct=1&seg=0&en=page_view&_fv=2&_ss=1&up.status=anonymous&up.subscription=No
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G2BL49024K&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-G2BL49024K&cid=1697705571.1629988311&gtm=2oe8n0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G2BL49024K&l=dataLayer&cx=c
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-G2BL49024K&cid=1697705571.1629988311&gtm=2oe8n0&aip=1&z=487963786
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
yy2
a.leetemplates.com/lee/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://a.leetemplates.com/lee/yy2
Protocol
H2
Server
34.102.205.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.205.102.34.bc.googleusercontent.com
Software
akka-http/10.1.12 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://helenair.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://helenair.com
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-max-age
5
server
akka-http/10.1.12
date
Thu, 26 Aug 2021 14:31:53 GMT
content-length
0
via
1.1 google
alt-svc
clear
yy2
a.leetemplates.com/lee/ 		2 B
335 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.leetemplates.com/lee/yy2
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/lee-snowplow/static/sp-gzip-2-17-3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.205.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.205.102.34.bc.googleusercontent.com
Software
akka-http/10.1.12 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
via
1.1 google
server
akka-http/10.1.12
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin
https://helenair.com
access-control-allow-credentials
true
content-type
text/plain; charset=UTF-8
alt-svc
clear
content-length
2
truncated
/ Frame 1E52 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc91e6a04d588a7d4f339752810fa2b72e6ec67d507fe911619d38fbf80b8ae2

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 1E52 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvq61C5wl5NLMF4xtJxDFCfkVTB0j1vEMFHcTKO1OnIbSmcaWNXjU1bTh4CwzqcmE_BOUlTRRHCMU33bNipXIUmw4rjDoyixNxxbjCinsPGLNpyBO0-PcNuV5tXBqtepnLRnpUIRQiq8MhDN-MFRcev3cTZoVINtCDpo_GaPqoVrihztDvlRHcbfVUS3266rzF16B12_1V90n9Vw6O_eYkf70vS9nhlg5vxmvA0OVrAHkChFN3QIa3Wi_7M8tS5Gc8jQFkdlSC4-ceagAApkX6DcdUvxDHKozsX4emXEYsF7dtrEi1u_b_N5QgPBkI-Esm0aw&sai=AMfl-YRS-smbDC-sXCYPze0VnSyJHOs2jLmB34EXdximx0As7Ucr4jzigpC3rFtd40c3PgcQHJ8pmaINglTmkPZ7J5xo0UqPyNaHHSCpp6acq1I2P8E8l9g4ZjeEjzxewj0&sig=Cg0ArKJSzPDTof2huOchEAE&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 26 Aug 2021 14:31:52 GMT
961211893969940
connect.facebook.net/signals/config/ 		310 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/961211893969940?v=2.9.45&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4a7db3ff3308d88ef807be269a72794f4e060cd11eaf6a2896afab31660254ac
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
90248
x-xss-protection
0
pragma
public
x-fb-debug
8rdrBrzHGHQxub2FjwojOv/P6R5Xy7qX8PydP1lvxnY0yVEkUgeinhRw1HPbabG6fO1GAOuDrIhlFvLLAdYO0A==
x-fb-trip-id
1718053925
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Thu, 26 Aug 2021 14:31:52 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=10345586&ns__t=1629988312533&ns_c=UTF-8&cv=3.5&c8=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&c7=https%3A%2F%2Fhelenair.com%2F&c9=
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1629988312533&ns_c=UTF-8&cv=3.5&c8=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&c7=https%3A%2F%2Fhelenair.com%2F&c9=
64 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1629988312533&ns_c=UTF-8&cv=3.5&c8=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&c7=https%3A%2F%2Fhelenair.com%2F&c9=
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.96.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-96-7.zrh50.r.cloudfront.net
Software
/
Resource Hash
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
via
1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
etag
W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache
Miss from cloudfront
content-type
image/gif; charset=utf-8
content-length
64
x-amz-cf-id
J4C5edGZPuCZz90bA7YUbFZ1dWmHdbN854Ikx1dGmlhyBRHm0Ed9yQ==

Redirect headers

date
Thu, 26 Aug 2021 14:31:52 GMT
via
1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1629988312533&ns_c=UTF-8&cv=3.5&c8=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&c7=https%3A%2F%2Fhelenair.com%2F&c9=
content-length
206
x-amz-cf-id
HVEa4n14Tigz0JN5uKgVqcOSylXtsFj23WyD3voHWe0COvlSG4Dbhg==
bl-7b120a5-7c01691a.js
tagan.adlightning.com/leeenterprises/ Frame 7226 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/bl-7b120a5-7c01691a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4dfecece4900e75ceb75f2cad93a0eac31ccaa12c4d882ed101942b0e912034

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 03:48:06 GMT
content-encoding
gzip
age
38627
x-cache
Hit from cloudfront
content-length
20873
x-amz-meta-git_commit
7b120a5
last-modified
Thu, 26 Aug 2021 03:00:09 GMT
server
AmazonS3
etag
"e519d273d4d59d3c2adeb4b4d0628a05"
x-amz-version-id
Dgy.RzsbCffkuNN4c0iz6A5ldhbtxyiH
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
fHJyAKx48jVeDDkNP5q_rd_Vwk5rBrnodLnKaXt4fK8Kx8CrDMgEdQ==
b-7b120a5-9b73d8fb.js
tagan.adlightning.com/leeenterprises/ Frame 7226 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-51.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 17:20:30 GMT
content-encoding
gzip
age
1977082
x-cache
Hit from cloudfront
content-length
28059
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 03 Aug 2021 17:19:43 GMT
server
AmazonS3
etag
"afbaa3aad41d7158588b073852555441"
x-amz-version-id
UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
9p_lj0tuecvYzVANdWAA675gDmiiDUGBVJmjA3QbMH0cmPlWufGH9Q==
8042387372650788568
tpc.googlesyndication.com/simgad/ Frame 7226 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/8042387372650788568
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a1351e8e44a29799f94b3c8e83310022985e38b823f2fbdc86a7ec871550abb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:51 GMT
x-content-type-options
nosniff
age
1
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22049
x-xss-protection
0
last-modified
Tue, 03 Aug 2021 18:19:22 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Aug 2022 14:31:51 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210823/r20110914/client/ Frame 7226 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210823/r20110914/client/window_focus_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:24:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
438
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 09 Sep 2021 14:24:34 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7226 		124 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1629718280506303"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38186
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:52 GMT
puff_ad
fundingchoicesmessages.google.com/f/AGSKWxWl6UbaMKRHRO8LbL-hHyLzz4Cbi0wVcuJ8K4gGNX_Hk60lzlr_gB1SIUwfVmebO0PLCxeWYmB1ukm20BSIsCK04PM2FXumU7N3gzxu8Jb6ss-rs-japzhdH8gdlXWQ5HPIg1-NfuEb6YgNzPBb0EHnfIk7b... 		54 B
643 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWl6UbaMKRHRO8LbL-hHyLzz4Cbi0wVcuJ8K4gGNX_Hk60lzlr_gB1SIUwfVmebO0PLCxeWYmB1ukm20BSIsCK04PM2FXumU7N3gzxu8Jb6ss-rs-japzhdH8gdlXWQ5HPIg1-NfuEb6YgNzPBb0EHnfIk7bsITQwvf7ZNRNKfA5OUzEu-6KN751keisEVQTtKF4MWgpIzmWw1hlrHI1aqOC35TmFMc7cUEIMG1EeIikg==/_/ads~adsize~/geobox.html/puff_ad?/mpuad./js_ads_
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8b73d385d4e55746335aba4086c9fc38bc7b386d96e06eafc20c8e2dbd6c04be
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-KSQFu+rmSMYTV0sQ2b0mcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-KSQFu+rmSMYTV0sQ2b0mcg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-KSQFu+rmSMYTV0sQ2b0mcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-KSQFu+rmSMYTV0sQ2b0mcg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
show_companion_ad.js
pagead2.googlesyndication.com/pagead/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_companion_ad.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a97b23cee3aaa6fd8309fb4cc6ee03708183a8b7435626071192ad881dc6af11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 13:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2806
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5957
x-xss-protection
0
server
cafe
etag
1902042311228533907
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 26 Aug 2021 14:45:06 GMT
AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
fundingchoicesmessages.google.com/el/ 		0
940 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.en_US.7BWk2rHu3CY.es5.O/d=1/rs=AJlcJMzsjSWJN01UXtCxF-EbhXb3opXwVg/m=detection
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-meIZMHEeHu8Ijq297fIg7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-meIZMHEeHu8Ijq297fIg7g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-meIZMHEeHu8Ijq297fIg7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-meIZMHEeHu8Ijq297fIg7g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
helenair.com.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/400/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/400/helenair.com.png?_dc=1
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e46bbca81676cec30cde85d511665c7c5b372f3850e37cd1d619b184cfee33f7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
5717400
last-modified
Wed, 25 Sep 2019 23:22:39 GMT
content-length
7944
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5d8bf6bf-1f08"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc42a9831cc42-ZRH
expires
Wed, 25 May 2022 06:55:00 GMT
14030686234687369370
tpc.googlesyndication.com/simgad/ 		546 KB
547 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/14030686234687369370?
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
420d760b3817a28f4b63a3720e9d8738eea92d7b22e4cc4fbbe2f228f967445f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 23 Aug 2021 12:46:40 GMT
x-content-type-options
nosniff
age
265513
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
559351
x-xss-protection
0
last-modified
Mon, 23 Aug 2021 12:37:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 23 Aug 2022 12:46:40 GMT
ga-audiences
www.google.com/ads/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-54716522-2&cid=1697705571.1629988311&jid=459360115&_u=aHDAgUArQAQCAE~&z=406636544
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-54716522-2&cid=1697705571.1629988311&jid=459360115&_u=aHDAgUArQAQCAE~&z=406636544
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
helenair.com/tncms/tracking/tncms-dmp/audience-extraction/ 		0
154 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://helenair.com/tncms/tracking/tncms-dmp/audience-extraction/?d=%7B%22name%22%3A%22client%22%2C%22value%22%3A6881%7D&i=1629988311203,
Requested by
Host: helenair.com
URL: https://helenair.com/shared-content/art/tncms/tracking.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode
no-cors
origin
https://helenair.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
_dc_gtm_UA-54716522-2=1; _gid=GA1.2.1967754152.1629988312; _ga_G2BL49024K=GS1.1.1629988311.1.0.1629988311.60; _ga=GA1.1.1697705571.1629988311; spses.74b6=*; spid.74b6=705b94cf-8615-416a-8423-5ee0de783704.1629988312.1.1629988312.1629988312.c836f911-47b8-4d34-9218-4ce265ab9c1a; __gads=ID=7c15ea38f6a41d25:T=1629988311:S=ALNI_MbBokgoZhetASxzTqIh97l-6wdd5g
content-length
0
:path
/tncms/tracking/tncms-dmp/audience-extraction/?d=%7B%22name%22%3A%22client%22%2C%22value%22%3A6881%7D&i=1629988311203,
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
text/plain;charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

real-hostname
helenair.com
x-vcache
MISS
age
0
date
Thu, 26 Aug 2021 14:31:52 GMT
content-type
application/octet-stream
cache-control
s-maxage=0, private, no-cache
accept-ranges
bytes
content-length
0
/
helenair.com/tncms/tracking/classifieds/featured/ 		0
154 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://helenair.com/tncms/tracking/classifieds/featured/?i=574863e0-fa67-520d-a9b6-736b459e6c56,
Requested by
Host: helenair.com
URL: https://helenair.com/shared-content/art/tncms/tracking.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode
no-cors
origin
https://helenair.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
_dc_gtm_UA-54716522-2=1; _gid=GA1.2.1967754152.1629988312; _ga_G2BL49024K=GS1.1.1629988311.1.0.1629988311.60; _ga=GA1.1.1697705571.1629988311; spses.74b6=*; spid.74b6=705b94cf-8615-416a-8423-5ee0de783704.1629988312.1.1629988312.1629988312.c836f911-47b8-4d34-9218-4ce265ab9c1a; __gads=ID=7c15ea38f6a41d25:T=1629988311:S=ALNI_MbBokgoZhetASxzTqIh97l-6wdd5g
content-length
0
:path
/tncms/tracking/classifieds/featured/?i=574863e0-fa67-520d-a9b6-736b459e6c56,
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
text/plain;charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

real-hostname
helenair.com
x-vcache
MISS
age
0
date
Thu, 26 Aug 2021 14:31:52 GMT
content-type
application/octet-stream
cache-control
s-maxage=0, private, no-cache
accept-ranges
bytes
content-length
0
/
helenair.com/tncms/tracking/business/block/ 		0
154 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://helenair.com/tncms/tracking/business/block/?i=db12bb72-8079-5db9-9c29-cae16ae78eb1,ed8e0351-5a44-5a83-945e-1ba92cd96975,01cb3e2e-22a7-50ae-8987-ccda646372c0,
Requested by
Host: helenair.com
URL: https://helenair.com/shared-content/art/tncms/tracking.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS
cms.chicago2.vip.townnews.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode
no-cors
origin
https://helenair.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
_dc_gtm_UA-54716522-2=1; _gid=GA1.2.1967754152.1629988312; _ga_G2BL49024K=GS1.1.1629988311.1.0.1629988311.60; _ga=GA1.1.1697705571.1629988311; spses.74b6=*; spid.74b6=705b94cf-8615-416a-8423-5ee0de783704.1629988312.1.1629988312.1629988312.c836f911-47b8-4d34-9218-4ce265ab9c1a; __gads=ID=7c15ea38f6a41d25:T=1629988311:S=ALNI_MbBokgoZhetASxzTqIh97l-6wdd5g
content-length
0
:path
/tncms/tracking/business/block/?i=db12bb72-8079-5db9-9c29-cae16ae78eb1,ed8e0351-5a44-5a83-945e-1ba92cd96975,01cb3e2e-22a7-50ae-8987-ccda646372c0,
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
text/plain;charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
helenair.com
referer
https://helenair.com/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

real-hostname
helenair.com
x-vcache
MISS
age
0
date
Thu, 26 Aug 2021 14:31:52 GMT
content-type
application/octet-stream
cache-control
s-maxage=0, private, no-cache
accept-ranges
bytes
content-length
0
/
dn1i8v75r669j.cloudfront.net/v/ 		67 B
343 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dn1i8v75r669j.cloudfront.net/v/?w=i99g3gee
Requested by
Host: d81mfvml8p5ml.cloudfront.net
URL: https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:6000:7:5031:dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0aae37caeb1c5064881f16534e735f299658ad15ebe527cb1969e75d9ceb1c40

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:27:28 GMT
via
1.1 08c5e904e2f0226b2d9c1417f32b12f2.cloudfront.net (CloudFront)
age
265
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=300
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
1swXtLXliF_wpw-4jouGL1Gt7DHaJOS_702cSSpNMYgVlpT6D0WUYw==
6126d55c82ada.image.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/4/a8/4a8cab6b-8caa-5b3d-a423-9683ce11fb88/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/4/a8/4a8cab6b-8caa-5b3d-a423-9683ce11fb88/6126d55c82ada.image.jpg?crop=1764%2C992%2C0%2C90&resize=150%2C84&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1826ddf1c502a1d74f744d5054c76a8450058f4dcfbdee36181dab78f80fd5a0
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
cf-cache-status
HIT
age
20937
last-modified
Wed, 25 Aug 2021 23:42:21 GMT
strict-transport-security
max-age=604800
content-length
5485
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"86601608e1cbd882f844f7ae6dec1f0a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 25 Aug 2022 23:50:13 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc42ab846cc42-ZRH
cf-bgj
h2pri
6126d2020c6e8.preview.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/9/e8/9e858ac2-da3e-5ebc-a874-4b7309307826/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/9/e8/9e858ac2-da3e-5ebc-a874-4b7309307826/6126d2020c6e8.preview.jpg?crop=1763%2C992%2C0%2C91&resize=150%2C84&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
319fb3f4d89a19e0f859bb76ffb107b9c25d32852d50b3a0231df4a7aadf4105
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:52 GMT
cf-cache-status
HIT
age
20935
last-modified
Wed, 25 Aug 2021 23:28:03 GMT
strict-transport-security
max-age=604800
content-length
3548
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"7a353a90aa5204a4113c027859c8689e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 25 Aug 2022 23:34:34 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc42ab848cc42-ZRH
cf-bgj
h2pri
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pv&page=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&sec=homepage&pubname=Helena%20Independent%20Record&ptype=homepage&metered=0%7C3&cms=townnews%2Fblox&arttype=editorial&tv=js-3.0.136&tna=Mather&aid=v1&p=web&tz=Europe%2FBerlin&tzoff=-120&lang=en-US&cs=UTF-8&navt=link&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_nolocalstorage=1&f_es6=1&f_gears=2&tvltm=5&tvcfg=lee&tid=99cbdcd8-f5d0-424e-b0bf-b6dc2e2ea48f&pid=7ab8e645-97eb-4609-9bb0-b4f83d32a8a6&dtm=1629988313046&qnm=_matherq&visible=1&tabid=6e94bc8a-11cf-4be0-b233-336a53212c85&url=https%3A%2F%2Fhelenair.com%2F&vp=1600x1200&ds=1600x6616&tofa=1629988313&vid=1&lvidt=1629988313&duid=e87ab3c05c792c60&fp=3054514074&cid=ma1527&mrk=725149323&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTYyOTk4ODMwODQ5NSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIyNC41bWIiLCJoZWFwVCI6IjU2LjhtYiIsImZzdFBhaW50IjoiMjI1OSIsImZldGNoUyI6Ijc3NiIsImRvbWFpblMiOiI3NzciLCJkb21haW5FIjoiODYzIiwiY29ublMiOiI4NjMiLCJjb25uRSI6IjEwOTkiLCJzc2xTIjoiODc0IiwicmVxdVMiOiIxMDk5IiwicmVzcFMiOiIxMzIxIiwicmVzcEUiOiIxNDMwIiwiZG9tTG9hZCI6IjEzMjUiLCJkb21JbnRlciI6IjI2ODYiLCJkb21Mb2FkUyI6IjI2OTIiLCJkb21Mb2FkRSI6IjI3MDgifSwia2V5d29yZHMiOlsibmV3cyIsInNwb3J0cyIsIndlYXRoZXIiLCJjcmltZSIsInBvbGl0aWNzIiwibmF0dXJhbCByZXNvdXJjZXMiLCJlbnZpcm9ubWVudCIsImVkdWNhdGlvbiIsImhlbGVuYSIsIm1vbnRhbmEiLCJuc3ctdzllYmg3OXE4c3drNTRwNzA3Mmk4bDNqZTlvcXZpaGQ2Y2xucTlvNnpvZ2Q4azZ3MnpwMXpjZ2c5aXZ6dzUwLWJ6NjFiZ3lob3hqam9xZDFwMXFjZ2p6a3Bzd2M0eWtvdGx6dmsteHY2eG1lenZ5aWh2cXVvYjBqNGRjdzdkZnEiXX0
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.22.56.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-56-164.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 26 Aug 2021 14:31:53 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length
43
Content-Type
image/gif
view
securepubads.g.doubleclick.net/pcs/ Frame 5989 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsso5s-NcKI9utSMYTyS_LYXUBhBds6iR4zuE1npZlEMhI7eY-wmAdmug0XgOmBU_bgBMXYsdd34Q642nfFHd4hAD8RCQfp8qVnrGjkxmm_N2DA49J1rONf9OFhvTcHzIkdz7w5EuxaZUxTfm7Cpv3Q-V5EpX2zVKo233pdaNHS8suLRqsEkQBm3eKQGRQEGlTGCDnLhJWpvOdmwZqIxWuzFf4sCVmDzEd1SkU6KjVtZYo3FTIqqjN8yJ0LrBcgmyFmz0dUfQR2SgVuIoRHI1rUkX_f662RQ_YyVV1U4CMi01nP-_XOWyQSXVxwIQp0&sai=AMfl-YQ40tuOtOmgoQFLPIH-ExM3xqeDRsDlTHHSiDuTVUjyftgRcJDkQ1s4nRcjclI5c7Vzq5Ma_-yfwt6gSEGP89u638Q1BurddNQ1YH1LVfvE_6BXNvHGNzH0YGW16pU&sig=Cg0ArKJSzBeHZXlK0I-GEAE&adurl=
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 5989 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRLYfshCE8CIS5mulu9-Je40gmDNnKXt1voYOvorPMUBKbn4CScdVYu7D7YDe0MAoBGncfDtwqfpHrPjnjkbtdtn0sifLN4N2AxBjetOkeNZfLXZ7mnruaWZHEcV4Al7xpmdzlGMjX2dxk2LaDv69Ct0tG8u4btghcmXti5IJhUqZ8oQqhzm1yhafKHcvm_kko8i96reNCgo4Q5ClFHi8Etc0dCIq5L-Y0e7j0qn04Upf31wnq3T2o82cR5kbuujDL6iHCGnHyRnLbQ5NEgSGkUWG6w8T4KiQqP8DBltlMoRqqh3QdYjOHlcVDbmizrA&sai=AMfl-YTUTKOOK90DDvpIyqPyio1-txX11dy9mXB7DNY_h_usPx7-7XXTYSamNPLqnrqyqJxOShZYPZRhhJDYU8ErHLUr4S4uW3YNw6U91bBjJ-XrYEwU-jsqvYaQLOSzVLk&sig=Cg0ArKJSzNhDbhxwr1N9EAE&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 26 Aug 2021 14:31:53 GMT
truncated
/ Frame 5989 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f01ad85dd7212b78d8ae38081560d8ab2ccd5f91205402127da4170e0207d04c

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?tna=v2.0.1&aid=a-018v&wpn=lc-bundle&pu=https%3A%2F%2Fhelenair.com%2F&duid=ae0d61daaf1b--01fe1dznnaqx8m9mv80yd721vn&se=e30&dtstmp=1629988313530
  • https://rp4.liadm.com/j?tna=v2.0.1&aid=a-018v&wpn=lc-bundle&pu=https%3A%2F%2Fhelenair.com%2F&duid=ae0d61daaf1b--01fe1dznnaqx8m9mv80yd721vn&se=e30&dtstmp=1629988313530&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI...
45 B
601 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?tna=v2.0.1&aid=a-018v&wpn=lc-bundle&pu=https%3A%2F%2Fhelenair.com%2F&duid=ae0d61daaf1b--01fe1dznnaqx8m9mv80yd721vn&se=e30&dtstmp=1629988313530&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.2.140.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-2-140-242.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
a5c82326c9d20a9f40367c64f9320f3e5299be9e199f4d38e5d27c4446534482
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
x-pixel-event-id
06d3ee19-3710-48d2-91e6-cd6986e772f1
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
request-time
0
vary
Origin
content-length
45
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx/1.18.0
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json
access-control-allow-origin
null
access-control-allow-credentials
true
trace-id
280123d837026746

Redirect headers

date
Thu, 26 Aug 2021 14:31:53 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx/1.18.0
vary
Origin
location
https://rp4.liadm.com/j?tna=v2.0.1&aid=a-018v&wpn=lc-bundle&pu=https%3A%2F%2Fhelenair.com%2F&duid=ae0d61daaf1b--01fe1dznnaqx8m9mv80yd721vn&se=e30&dtstmp=1629988313530&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true
x-frame-options
DENY
access-control-allow-origin
https://helenair.com
x-xss-protection
1; mode=block
x-permitted-cross-domain-policies
master-only
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
6b99b7a3c674b868
request-time
1
content-length
0
x-content-type-options
nosniff
/
insight.adsrvr.org/track/pxl/ Frame E348 		70 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/pxl/?adv=nebsjkp&ct=0:21usqg2&fmt=3
Requested by
Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.108.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-108-170.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:53 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
a9JORiXIKr5BlZrkHcnnVW.js
sc.tynt.com/script/sc/ Frame CD6D 		937 B
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.tynt.com/script/sc/a9JORiXIKr5BlZrkHcnnVW.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.88.26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ce13be598edfd846efab78c26f472db47b5692ee7dee6ed73f54be5fcaef00f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
66189
status
200 OK
x-xss-protection
1; mode=block
x-request-id
9e94c83e-548f-4276-a98c-168468c540a3
x-runtime
0.003099
x-content-digest
63a1f5931dc8e6d569a3077f310191b94083d2b1
last-modified
Tue, 24 Aug 2021 14:03:59 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600, public, s-maxage=172800
cf-ray
684dc42fdd8723af-ZRH
x-rack-cache
fresh
expires
Tue, 24 Aug 2021 15:55:47 GMT
p
ic.tynt.com/b/ 		35 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1629988313545&dn=RCIV&iso=0&img=https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fhelenair.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Fdd05a3e4-c542-11ea-902b-2bfb56ae90ba.jpg&ct=helenair.com&t=HelenaIR.com%20-%20Helena%2C%20Montana%20daily%20news&cu=https%3A%2F%2Fhelenair.com%2F
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.110.33 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-110.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
last-modified
Fri, 16 Apr 2010 15:38:20 GMT
server
nginx/1.16.1
etag
"4bc8846c-23"
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID", CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
accept-ranges
bytes
content-type
image/gif
content-length
35
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
6126dcca4806e.image.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/5/10/51014dd9-7404-5cdc-aa5d-9dde0071f140/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/5/10/51014dd9-7404-5cdc-aa5d-9dde0071f140/6126dcca4806e.image.jpg?crop=1170%2C659%2C120%2C96&resize=225%2C127&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7522fb0c0582f187a3781998cbdfbebfbce00affc3525c0adc5b61f93eb6907e
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
20938
last-modified
Thu, 26 Aug 2021 00:14:02 GMT
cf-bgj
h2pri
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"2acf54c1698a73c8ae5013e474e04614"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
684dc42fdbf7cc42-ZRH
expires
Fri, 26 Aug 2022 00:33:55 GMT
612723a0a0657.preview.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/7/93/793aee75-1ed3-581b-9b8c-f0985fee1254/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/7/93/793aee75-1ed3-581b-9b8c-f0985fee1254/612723a0a0657.preview.jpg?crop=1810%2C1018%2C0%2C63&resize=540%2C304&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10355faca7f4402db468fad5d706563e5524dbf5b8f59873c0eab8f8f277589a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
vary
Accept-Encoding
cf-cache-status
HIT
cf-ray
684dc42fdbf8cc42-ZRH
last-modified
Thu, 26 Aug 2021 05:16:17 GMT
cf-bgj
h2pri
x-vcache
MISS
server
cloudflare
etag
"b1572e9c599d6e827ed9d67fe17b5332"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
expires
Fri, 26 Aug 2022 05:36:01 GMT
6126d0792fa3d.image.jpg
bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/b/44/b444a325-14af-52ef-9b4d-abb9e7f116d3/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bloximages.chicago2.vip.townnews.com/helenair.com/content/tncms/assets/v3/editorial/b/44/b444a325-14af-52ef-9b4d-abb9e7f116d3/6126d0792fa3d.image.jpg?crop=1763%2C992%2C0%2C92&resize=200%2C113&order=crop%2Cresize
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.131.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60e84234431070d0911c4304bc33225b0d8ab232afc2520eda897c9f76f94c8a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
vary
Accept-Encoding
cf-cache-status
HIT
last-modified
Wed, 25 Aug 2021 23:21:29 GMT
content-length
4767
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"d80f4e470cf23d2839a54f277b091277"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 25 Aug 2022 23:43:26 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
684dc42fdbf9cc42-ZRH
cf-bgj
h2pri
pr
aax-eu.amazon-adsystem.com/s/v3/ Frame 173D 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
867ce9601074a2da0e8e8f40f93bd19cf82492e30754a8fd56abb4405cae7e37

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&dcc=t

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:53 GMT
Content-Type
text/html;charset=ISO-8859-1
Content-Length
699
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
fundingchoicesmessages.google.com/el/ 		0
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.en_US.7BWk2rHu3CY.es5.O/d=1/rs=AJlcJMzsjSWJN01UXtCxF-EbhXb3opXwVg/m=detection
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-guV2hK5OFTcfSMpKt3PjLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-guV2hK5OFTcfSMpKt3PjLQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-guV2hK5OFTcfSMpKt3PjLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-guV2hK5OFTcfSMpKt3PjLQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
fundingchoicesmessages.google.com/el/ 		0
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.en_US.7BWk2rHu3CY.es5.O/d=1/rs=AJlcJMzsjSWJN01UXtCxF-EbhXb3opXwVg/m=detection
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-n7hFryWZ+qIK1FubTtO1Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-n7hFryWZ+qIK1FubTtO1Iw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorLoggingHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-n7hFryWZ+qIK1FubTtO1Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-n7hFryWZ+qIK1FubTtO1Iw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUYIYNcaT_CgOM3n1rtCAATF0UwZS2MxWL6knHcpFOSjyZ0pyEw0WcR2To2Ds_nWOSazLDE5HX9ldyAEyi5mXR7VrOfysGPGkikxwgM7nNL_amZNIExXlFiVS1ex_DKq6BG_VAUaZcjvsK26Cbunz8S5MxzUP5QImFhXUdmcYtQMhvCFdYAevplX2I=
fundingchoicesmessages.google.com/f/ 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUYIYNcaT_CgOM3n1rtCAATF0UwZS2MxWL6knHcpFOSjyZ0pyEw0WcR2To2Ds_nWOSazLDE5HX9ldyAEyi5mXR7VrOfysGPGkikxwgM7nNL_amZNIExXlFiVS1ex_DKq6BG_VAUaZcjvsK26Cbunz8S5MxzUP5QImFhXUdmcYtQMhvCFdYAevplX2I=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCwyLFsxNjI5OTg4MzEzLDkzMTAwMDAwMF0sbnVsbCxudWxsLG51bGwsWzEsWzcsNl1dLCJodHRwczovL2hlbGVuYWlyLmNvbS8iXQ
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2a4d9ad598d9d011645365cc7c3105f0bcbde2ea221abb324fdd6e78b6a08e14
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-o2r/ANKRKsdn6T7eN0iS4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-o2r/ANKRKsdn6T7eN0iS4g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-o2r/ANKRKsdn6T7eN0iS4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-o2r/ANKRKsdn6T7eN0iS4g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
fundingchoicesmessages.google.com/el/ 		0
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxU2RrRMv2bm2p3ku9HeAo77JUvSQFvS3LoTJp2qoXfk4KaQ7VCgQ2408NU0sD3n7EOZbs1SHLWJjkCT4UGYQqU3B6Uy9KxQuQxw3YuEFQFqFSp-jYbhfnojPFn7M-4X8VFpdRodek1h3zkYNPMJ6qgeU8EzRyWL91ZtmeyqN67kqD5gDxS7viux1b4=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingDetectionClientJs.en_US.7BWk2rHu3CY.es5.O/d=1/rs=AJlcJMzsjSWJN01UXtCxF-EbhXb3opXwVg/m=detection
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DiyAyge3KgFy8+JUqytgxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-DiyAyge3KgFy8+JUqytgxA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:53 GMT
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-DiyAyge3KgFy8+JUqytgxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-DiyAyge3KgFy8+JUqytgxA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 7226 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu_DtJ8TZc5Nmxyh7veaYplrWFmj1gLEUE2sDrQ6S8emipA5jt_6uxOrerZhv5L2SuzjL8JrKtoifr3INTwCSgfUuuYoDabXvGTf2GaG6LV8b863SdGHEOzZQTc4xDzeR5TKSKNqHqoge31xPYnpeb2yXB5huuMRGj0Ud1MTjnb2qQdTZGpycElK9J-VfUdRxHW4kqveR9YY3sxHffcVfN6vSxu6AaAGZw_vKlTTF2SKdAy-GKbhJ499OLRLVs9o0kUtOS7-D3OM-1sD5iSTpVPyJovbwKROkejMem1Va3ABLdrxGaJfUCFrQQNc68&sig=Cg0ArKJSzNYw1RtvKgwQEAE&adurl=
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
/
www.facebook.com/tr/ 		0
69 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryYfLBVyCNDzQLxo7g

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Thu, 26 Aug 2021 14:31:54 GMT
content-type
text/plain
access-control-allow-origin
https://helenair.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
/
www.facebook.com/tr/ 		44 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=961211893969940&ev=Domain&dl=https%3A%2F%2Fhelenair.com%2F&rl=&if=false&ts=1629988314148&cd[custom_param]=helenair.com&sw=1600&sh=1200&v=2.9.45&r=stable&ec=1&o=30&fbp=fb.1.1629988314142.1303569031&it=1629988312520&coo=false&exp=p1&rqm=GET
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Thu, 26 Aug 2021 14:31:54 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 7226 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssT-O4PGvBkrMMNQiCMFrZ5B2XwfqkPO5pGUPZlZFc50nmyP4YzLjAylkmAJrRtT0_dhqd4RSDKofZvhqQSi16xMPiJ7QfES9z39aG_yWrFzUQg2UmG5VXOOEh0yOHZE0Vv2_fNmv7G2snL_onXWmQvAee9Rm43uyqUUWXO8uHT_BWlQFkl7_AxIovUrFN6ysa9Hshjj0vOYGwpofgCQ1P0DJXgjwCJTu-cPSLCFK4lMr7vwsMZ5d_NwZGFuvEgrk7f0JMRtixdoL55Rs3IyiwDL7cxsyteK1cIFo_JQrddqMCJK55F2jWjat3DYdtu3A&sig=Cg0ArKJSzHnkPKvmf0NHEAE&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 26 Aug 2021 14:31:54 GMT
truncated
/ Frame 7226 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
33d41e6f980be3ec8e84830dcc478a41b5b9b47ed723b7f7e555f2d2058e59fc

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
v2
de.tynt.com/deb/ 		599 B
1021 B 		Script
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/v2?id=a9JORiXIKr5BlZrkHcnnVW&dn=RCIV&cc=1&r=
Requested by
Host: cdn.tynt.com
URL: https://cdn.tynt.com/rciv.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.184 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip184.208-100-17.static.steadfastdns.net
Software
/
Resource Hash
182c6b4ab83edade3773c1156503fe916ad788acc6930bb18fc094e9c754e1f1

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-type
application/javascript
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length
599
expires
Sat, 26 Jul 1997 05:00:00 GMT
AGSKWxUTwVDiEOyXgxtfnDfbQTUIPFHJxWoPs5Ti_gfSIgwYfll0BBwssbU7Hr29yZFjueA2VQZRymbkjTwc3Of7mm_f8XopWQ1ZOT31oHZ0ajE277qrSDluR_X79N23BvMRsP975TJUsxyXab2EMgJBSeZ2KQOBO0Ar0oZAAOXONziONJrJRrXX9oRUd9U=
fundingchoicesmessages.google.com/el/ 		0
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUTwVDiEOyXgxtfnDfbQTUIPFHJxWoPs5Ti_gfSIgwYfll0BBwssbU7Hr29yZFjueA2VQZRymbkjTwc3Of7mm_f8XopWQ1ZOT31oHZ0ajE277qrSDluR_X79N23BvMRsP975TJUsxyXab2EMgJBSeZ2KQOBO0Ar0oZAAOXONziONJrJRrXX9oRUd9U=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.en_US.Vdklvb6YI50.es5.O/d=1/rs=AJlcJMwgsnPNbSDz5tSFyT4UT1LT1C5Y2w/m=cookie_refresh
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-D1970qC9BO9ECOxy4Zg4yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-D1970qC9BO9ECOxy4Zg4yg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-D1970qC9BO9ECOxy4Zg4yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-D1970qC9BO9ECOxy4Zg4yg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUTwVDiEOyXgxtfnDfbQTUIPFHJxWoPs5Ti_gfSIgwYfll0BBwssbU7Hr29yZFjueA2VQZRymbkjTwc3Of7mm_f8XopWQ1ZOT31oHZ0ajE277qrSDluR_X79N23BvMRsP975TJUsxyXab2EMgJBSeZ2KQOBO0Ar0oZAAOXONziONJrJRrXX9oRUd9U=
fundingchoicesmessages.google.com/el/ 		0
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUTwVDiEOyXgxtfnDfbQTUIPFHJxWoPs5Ti_gfSIgwYfll0BBwssbU7Hr29yZFjueA2VQZRymbkjTwc3Of7mm_f8XopWQ1ZOT31oHZ0ajE277qrSDluR_X79N23BvMRsP975TJUsxyXab2EMgJBSeZ2KQOBO0Ar0oZAAOXONziONJrJRrXX9oRUd9U=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.en_US.Vdklvb6YI50.es5.O/d=1/rs=AJlcJMwgsnPNbSDz5tSFyT4UT1LT1C5Y2w/m=cookie_refresh
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Ejr8XJJqhoBNZtPerjoKZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-Ejr8XJJqhoBNZtPerjoKZg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorLoggingHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-Ejr8XJJqhoBNZtPerjoKZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-Ejr8XJJqhoBNZtPerjoKZg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUTwVDiEOyXgxtfnDfbQTUIPFHJxWoPs5Ti_gfSIgwYfll0BBwssbU7Hr29yZFjueA2VQZRymbkjTwc3Of7mm_f8XopWQ1ZOT31oHZ0ajE277qrSDluR_X79N23BvMRsP975TJUsxyXab2EMgJBSeZ2KQOBO0Ar0oZAAOXONziONJrJRrXX9oRUd9U=
fundingchoicesmessages.google.com/el/ 		0
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUTwVDiEOyXgxtfnDfbQTUIPFHJxWoPs5Ti_gfSIgwYfll0BBwssbU7Hr29yZFjueA2VQZRymbkjTwc3Of7mm_f8XopWQ1ZOT31oHZ0ajE277qrSDluR_X79N23BvMRsP975TJUsxyXab2EMgJBSeZ2KQOBO0Ar0oZAAOXONziONJrJRrXX9oRUd9U=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.en_US.Vdklvb6YI50.es5.O/d=1/rs=AJlcJMwgsnPNbSDz5tSFyT4UT1LT1C5Y2w/m=cookie_refresh
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ReNNNfw9gRp2zsxx22A0qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-ReNNNfw9gRp2zsxx22A0qg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorLoggingHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type
text/html; charset=utf-8
access-control-allow-origin
https://helenair.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-security-policy
script-src 'report-sample' 'nonce-ReNNNfw9gRp2zsxx22A0qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-ReNNNfw9gRp2zsxx22A0qg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
sic.js
cdn-sic.33across.com/1/javascripts/ Frame CD6D 		399 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-sic.33across.com/1/javascripts/sic.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.39.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Love
Resource Hash
6e5061a91ef054bf919b9e356d75f54d07c2977cb42c7cb114cb2b2ced4201e2

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 19 May 2021 15:33:12 GMT
server
cloudflare
age
70693
x-powered-by
Love
etag
W/"60a52fb8-63c33"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=3600
cf-ray
684dc4354a9601fc-ZRH
expires
Thu, 26 Aug 2021 15:31:54 GMT
v2
de.tynt.com/deb/ 		4 B
258 B 		Script
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/v2?m=xch&id=a9JORiXIKr5BlZrkHcnnVW&dn=RCIV&cc=1&r=
Requested by
Host: cdn.tynt.com
URL: https://cdn.tynt.com/rciv.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.184 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip184.208-100-17.static.steadfastdns.net
Software
/
Resource Hash
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-type
application/javascript
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length
4
expires
Sat, 26 Jul 1997 05:00:00 GMT
um
cs.emxdgt.com/ Frame 173D 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dbrealtime.com%26id%3D%24UID
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-length
0
content-type
text/html
amzns2s
rtb.gumgum.com/usync/ Frame D33A 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4691e4ae7863a83fe7679a9cb4ec3c2eff53480c06a7ad64d7e44944b0507317

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-type
text/html;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
set-cookie
vst=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28; Domain=.gumgum.com; Expires=Fri, 26-Aug-2022 14:31:54 GMT; Path=/; Secure; SameSite=None
etag
W/"097a3b94343c7be0d76a71ad084a11247"
timing-allow-origin
*
content-encoding
gzip
Cookie set usermatch
ssum-sec.casalemedia.com/ Frame 43E1
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ab3720ec9df0ab25fbf008182775d93067a9147967bedb6df501e9696adb4821

Request headers

Host
ssum-sec.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
CMID=YSel2hT0vvFEUfTkIZie4AAA; CMPS=3204
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
230|241|45|39|152|221|47|195
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1763
Expires
Thu, 26 Aug 2021 14:31:54 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Connection
keep-alive
Set-Cookie
CMID=YSel2hT0vvFEUfTkIZie4AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 26 Aug 2022 14:31:54 GMT CMPS=3204;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 24 Nov 2021 14:31:54 GMT CMPRO=1135;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 24 Nov 2021 14:31:54 GMT CMST=YSel2mEnpdoA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 27 Aug 2021 14:31:54 GMT CMRUM3=c36127a5da05a00&2f6127a5da05a0&e66127a5da2760&986127a5da05a00&f16127a5da05a0&276127a5da0b40&2d6127a5da05a0&dd6127a5da2760;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 26 Aug 2022 14:31:54 GMT

Redirect headers

Server
Apache
Content-Length
333
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Thu, 26 Aug 2021 14:31:54 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Connection
keep-alive
Set-Cookie
CMID=YSel2hT0vvFEUfTkIZie4AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 26 Aug 2022 14:31:54 GMT CMPS=3204;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 24 Nov 2021 14:31:54 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7E9F 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=26592
expires
Thu, 26 Aug 2021 21:55:06 GMT
date
Thu, 26 Aug 2021 14:31:54 GMT
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 1CFD 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 23 Feb 2021 20:47:52 GMT
ETag
"402b0-119-5bc0708346e00"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 26 Aug 2021 14:31:54 GMT
Connection
keep-alive
Vary
Accept-Encoding
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 73BE
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58252/sync?redir=true
  • https://ups.analytics.yahoo.com/ups/58252/sync?redir=true&verify=true
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=vmg.com&id=y-khG01d11l2PgOyeRG5907Km8wW28VrI-&
43 B
344 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=vmg.com&id=y-khG01d11l2PgOyeRG5907Km8wW28VrI-&
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent

Redirect headers

Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Length
0
Strict-Transport-Security
max-age=31536000
Set-Cookie
IDSYNC=18y4~201q;Version=1;Domain=.analytics.yahoo.com;Path=/;Max-Age=31622400;Expires=Sat, 27-Aug-2022 14:31:54 GMT;Secure;SameSite=None A3=d=AQABBNqlJ2ECELh870-XS5OiXVQeIHDb1oYFEgEBAQH3KGExYQAAAAAA_eMAAA&S=AQAAAikgsHZsQ9CExdl3p2LWgg8; Expires=Fri, 26 Aug 2022 20:31:54 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly B=8dlmre1gif9eq&b=3&s=st; Expires=Fri, 26 Aug 2022 20:31:54 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=vmg.com&id=y-khG01d11l2PgOyeRG5907Km8wW28VrI-&
Age
0
Connection
keep-alive
Server
ATS/7.1.2.138
cm
u.openx.net/w/1.0/ Frame AAA8
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BO...
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3...
628 B
725 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.214.0 /
Resource Hash
9931497f370a73b6188d5ae34a2163272df3014c73b0624a3b5abca1b9ece025

Request headers

:method
GET
:authority
u.openx.net
:scheme
https
:path
/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=75f301ad-28ed-031b-2e66-bea605adc402|1629988314
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=75f301ad-28ed-031b-2e66-bea605adc402|1629988314; Version=1; Expires=Fri, 26-Aug-2022 14:31:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1629988314|gen0vNiygu; Version=1; Expires=Fri, 10-Sep-2021 14:31:54 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.214.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 26 Aug 2021 14:31:54 GMT
content-type
text/html
content-length
393
content-encoding
gzip
via
1.1 google
alt-svc
clear

Redirect headers

set-cookie
i=75f301ad-28ed-031b-2e66-bea605adc402|1629988314; Version=1; Expires=Fri, 26-Aug-2022 14:31:54 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.214.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
date
Thu, 26 Aug 2021 14:31:54 GMT
content-length
0
via
1.1 google
alt-svc
clear
ecm3
aax-eu.amazon-adsystem.com/s/ Frame AB33
Redirect Chain
  • https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=districtm
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Ddistrictm
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=districtm
43 B
344 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=districtm
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent

Redirect headers

Server
nginx/1.17.9
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=districtm
AN-X-Request-Uuid
460b09eb-9941-41b5-bb42-87052f605952
Set-Cookie
uuid2=6469976588687039299; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 24-Nov-2021 14:31:54 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 803B
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=2
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7504678566492325672&gdpr=1&gdpr_consent=
43 B
344 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7504678566492325672&gdpr=1&gdpr_consent=
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent

Redirect headers

date
Thu, 26 Aug 2021 14:31:53 GMT
content-length
0
location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smart.com&id=7504678566492325672&gdpr=1&gdpr_consent=
set-cookie
pid=7504678566492325672; expires=Mon, 26 Sep 2022 14:30:54 GMT; domain=smartadserver.com; path=/; samesite=None; secure; samesite=none
ecm3
aax-eu.amazon-adsystem.com/s/ Frame DA8A
Redirect Chain
  • https://ib.adnxs.com/getuid?https://aax-eu.amazon-adsystem.com/s/ecm3?id=$UID&ex=appnexus.com
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=appnexus.com
43 B
344 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=appnexus.com
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent

Redirect headers

Server
nginx/1.17.9
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?id=6469976588687039299&ex=appnexus.com
AN-X-Request-Uuid
9010fd6d-9797-421e-a016-aa036b11f6b2
Set-Cookie
uuid2=6469976588687039299; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 24-Nov-2021 14:31:54 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
Cookie set amazon
ap.lijit.com/beacon/ Frame 326F
Redirect Chain
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com
  • https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
11d254c94f92396246b111a890252b11b894c898da5fa976a1d5e9b004460ac8

Request headers

Host
ap.lijit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ljt_reader=21eb0c06a12d935daa1e22e9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
nginx
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Vary
Accept-Encoding
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie
ljtrtbexp=eJyrVrIwVrIyNDM2NLQ0tzQ00VGyMEXlmxoYGKKKGJmB%2BQYGxoamIL6lAbJ8LQC6dRCu;Path=/;Domain=.lijit.com;Expires=Fri, 26-Aug-2022 14:31:54 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=21eb0c06a12d935daa1e22e9;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
Content-Encoding
gzip
X-Sovrn-Pod
ad_ap7ams1

Redirect headers

Server
nginx
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Length
0
Set-Cookie
ljt_reader=21eb0c06a12d935daa1e22e9;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap7ams1
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 8657
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1496628670360972022
43 B
344 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1496628670360972022
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Vary
User-Agent

Redirect headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-length
0
location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=1496628670360972022
set-cookie
tluid=1496628670360972022; Max-Age=7776000; Expires=Wed, 24 Nov 2021 14:31:54 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
i99g3gee_content_config_1627585676199.js
dkpklk99llpj0.cloudfront.net/ 		845 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dkpklk99llpj0.cloudfront.net/i99g3gee_content_config_1627585676199.js
Requested by
Host: d81mfvml8p5ml.cloudfront.net
URL: https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:fa00:e:98bf:5f00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0c564ab82eab3ab608280194eefcee40765ab7872e8ed349e806e3c3170c4631

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 29 Jul 2021 19:12:01 GMT
via
1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
last-modified
Thu, 29 Jul 2021 19:07:57 GMT
server
AmazonS3
age
2402394
etag
"139043e0f27d6df6fda9a9005cd5c871"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
845
x-amz-cf-id
NuU_L6hFRg4zNG69-MTYHCuquZBwg-U7ckTbw3N74ImvxB47okA17Q==
i99g3gee_1606137453919.js
dkpklk99llpj0.cloudfront.net/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Requested by
Host: d81mfvml8p5ml.cloudfront.net
URL: https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:fa00:e:98bf:5f00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
19ee3ded1fe83e848e9b5cb0831689460e07c7d3d867fc692c84dc1106086293

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 24 Jul 2021 12:51:13 GMT
content-encoding
gzip
last-modified
Mon, 23 Nov 2020 13:17:46 GMT
server
AmazonS3
age
2857242
etag
W/"c1157a2d0ff0aa862fb2fbffb06ab4d1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
3hKxRBRswdwy2RqNmg3CFFCSTg1N0OgMhlwrBOkQodbv6L-rHeEB7g==
activeview
pagead2.googlesyndication.com/pcs/ Frame 5989 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvi684qtknyzolfCAhujcLMN-oibaWuiuJ3sVZ2QEi7fhSE1PDaV9Hu_VcD1e8zTbqCBb8NIMtOJeJ3HnOsE1O5CjVOfoAdwG9nUrmfgfqPlRZ0Y8Tg&sig=Cg0ArKJSzKuWZgh356dyEAE&id=lidar2&mcvt=1000&p=0,0,250,300&asp=959,120,1209,420&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210823&bin=7&avms=nio&bs=1600,1200&mc=0.96&app=0&itpl=3&adk=4230052061&rs=4&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1629988311693&rpt=1830&isd=0&lsd=0&r=v&speed=1
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame 1CFD 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e2c33e0a58aa29c3cffdf4703371dd02dabd096e70c7076359d64f8cd90f0975

Request headers

Referer
https://eus.rubiconproject.com/usync.html?p=a9eu&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Aug 2021 22:28:27 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=53083
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9358
Expires
Fri, 27 Aug 2021 05:16:37 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame 43E1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESELmOSYzAHIRsFiMobyYit0o&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESELmOSYzAHIRsFiMobyYit0o&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Thu, 26 Aug 2021 14:31:54 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESELmOSYzAHIRsFiMobyYit0o&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 43E1
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB&dcc=t
43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.178.82 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
EBR4P4K0XBFRCGYK3558
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
K23T3ZY7HZTBCQ14XM1S
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 43E1
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YSel2hT0vvFEUfTkIZie4AAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFhGMC4g7U2sU-NPN8qfIqg&google_cver=1
43 B
1001 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFhGMC4g7U2sU-NPN8qfIqg&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 26 Aug 2021 14:31:54 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFhGMC4g7U2sU-NPN8qfIqg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 43E1 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 43E1
Redirect Chain
  • https://sync.extend.tv/r.gif?exchange=index
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=3cc0dcd0-ed3a-4c60-9216-b143f248e3d3
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=3cc0dcd0-ed3a-4c60-9216-b143f248e3d3
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 26 Aug 2021 14:31:55 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=utf-8
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=3cc0dcd0-ed3a-4c60-9216-b143f248e3d3
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
132
Expires
Tue, 29 May 1984 15:00:00 GMT
tpid=YSel2hT0vvFEUfTkIZie4AAA%261135
bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/ Frame 43E1
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YSel2hT0vvFEUfTkIZie4AAA%261135?gdpr_consent=&us_privacy=&gdpr=
  • https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YSel2hT0vvFEUfTkIZie4AAA%261135?gdpr_consent=&us_privacy=&gdpr=
49 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YSel2hT0vvFEUfTkIZie4AAA%261135?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.12.138
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YSel2hT0vvFEUfTkIZie4AAA%261135?gdpr_consent=&us_privacy=&gdpr=
cache-control
no-cache
x-server
10.45.25.45
content-length
0
expires
0
crum
dsum-sec.casalemedia.com/ Frame 43E1
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8BVGvvpI1Mjgq65
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8BVGvvpI1Mjgq65
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 26 Aug 2021 14:31:55 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Server
PingMatch/v2.0.30-669-g517f080#rel-ec2-master i-0a7db81dcab2c4dcf@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8BVGvvpI1Mjgq65
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 43E1
Redirect Chain
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f77db959-0952-4cea-b6c0-7955ef13ead4
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f77db959-0952-4cea-b6c0-7955ef13ead4
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 26 Aug 2021 14:31:55 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f77db959-0952-4cea-b6c0-7955ef13ead4
date
Thu, 26 Aug 2021 14:31:54 GMT
server
Apache-Coyote/1.1
content-length
0
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 43E1 		43 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=index.com&id=YSel2hT0vvFEUfTkIZie4AAABG8AAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame CD6D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu0lAGwgRtWCi0Ac-JRQMGQES8q7U41i5HK809caNSPTRY1Yot802RzNAlKeSXLfeTshaupOwpRE6rCOWK7da3dp1TQolxv3PWQd3evdkOiZ1ILPvUkNIQZvsqpTdDrdHOcfO-s-vyLQfgOBerHdoWAr3VqxgpmihNkwaOqRqRLolTR48tJN7fyzDRivYJWDvhA0nIvtvMeXMUeIDaoZhWx1gHvp717CFL1yGjC7tTfZWTqUl4aPWnq6QdHMPfaRN-9ltw4G8VpMwyMj6mTvTKwv1zh5HMcVCR5r_HEN2Y-pGylMcF_Vkb3jH7UFEVDAA&sai=AMfl-YTG3yc4yui3_KvEa4fD8wdlu4GCxWlxwKW2qDnTjART24dqP6KImkQC7kvLhCoANv7j5xpa0XAVN8Ya9_Fl78EPIPMb7UWOrqSKxipqIq6H1QQUCVAlFOqV6BiG3HY&sig=Cg0ArKJSzH-3uSU_f0EgEAE&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Thu, 26 Aug 2021 14:31:54 GMT
/
www.facebook.com/tr/ 		0
18 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryuKBA4rFWo8M0eYHj

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Thu, 26 Aug 2021 14:31:54 GMT
content-type
text/plain
access-control-allow-origin
https://helenair.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-length
0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
sic.css
cdn-sic.33across.com/1/stylesheets/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn-sic.33across.com/1/stylesheets/sic.css
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.39.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Love
Resource Hash
4c821f2d169369324022057e9948ed8f9d45794d18b6c8c3fbbba900bb65158c

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 19 May 2021 15:33:12 GMT
server
cloudflare
age
70692
x-powered-by
Love
etag
W/"60a52fb8-1c90"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=3600
cf-ray
684dc4371cc001fc-ZRH
expires
Thu, 26 Aug 2021 15:31:54 GMT
ast.js
acdn.adnxs.com/ast/ Frame AF85 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ast/ast.js
Requested by
Host: cdn-sic.33across.com
URL: https://cdn-sic.33across.com/1/javascripts/sic.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash
bca2ccdd5846d54ff24d04393a9d6ce0b5d60a91814e7bd2755b03059ed98c2e

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 26 Aug 2021 14:31:54 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Jun 2021 12:48:02 GMT
Server
nginx/1.13.10
ETag
"60d47f02-1604d"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Length
31278
Expires
Fri, 27 Aug 2021 14:31:56 GMT
apstag.js
c.amazon-adsystem.com/aax2/ Frame 5099 		127 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: cdn-sic.33across.com
URL: https://cdn-sic.33across.com/1/javascripts/sic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-90-44.zrh50.r.cloudfront.net
Software
Server /
Resource Hash
1465ea73b9db4601cda29c323ea3eea1fc28337bd2c5193154c9ecbd7bf38bbb

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id
iCBj9h3R_OzDH4Og0Gd_eqIrtWDOxSOx
content-encoding
gzip
etag
708a268139e52bdfbe59398b3e766151
age
146
x-cache
Hit from cloudfront
server
Server
x-amz-rid
18D04GRND806HDNBHG5T
date
Thu, 26 Aug 2021 14:29:28 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 aa001e3127bb5bd7bbc48bc4fef44b79.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
OgE061A6_3q5c-y9gwzTlw6rpwF7dnYeHYPqF3jE2MjeZ98chLPnPw==
authorize
sic.33across.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sic.33across.com/authorize?usPrivacy=&version=3.17.0&agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F92.0.4515.159%20Safari%2F537.36&product=inview&userId=&sessionId=&publisherURL=https%3A%2F%2Fhelenair.com%2F&referrerURL=&publisherId=a9JORiXIKr5BlZrkHcnnVW&publisher=lee728.net&maxTouchPoints=0&navigatorPropsCount=58&viewportWidth=1600&viewportHeight=1200&screenWidth=1600&screenHeight=1200&screenAvailHeight=1200&devicePixelRatio=1&scrollX=0&scrollY=0&pageVisibility=visible&pageWidth=1600&pageHeight=6867&_=1629988314720&callback=_tynt_jp.a845yxjy6
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.110.23 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-110.static.steadfastdns.net
Software
/ Love
Resource Hash
778d4c6c6da7b5f3c6736b1d8c46ee163c3a0345ead90363f8200aa8a487b3d8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-powered-by
Love
etag
W/"645-RX7Gz5tX+BWqBHxQ1Wci1QecoYA"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
access-control-allow-origin
*
access-control-allow-credentials
true
content-type
text/javascript; charset=utf-8
access-control-allow-headers
X-Requested-With, Authorization
/
am.freshrelevance.com/tpc/ Frame 8E36 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://am.freshrelevance.com/tpc/
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.224.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-224-238.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f6cc7162855e9a8502df88a40eb0417c332398b7f9541ade0537dcb4f1974a6d

Request headers

:method
GET
:authority
am.freshrelevance.com
:scheme
https
:path
/tpc/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-length
4662
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, must-revalidate
/
c8.dycdn.net/i99g3gee/s/Temporary-Stop-Reminder/ 		114 B
440 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c8.dycdn.net/i99g3gee/s/Temporary-Stop-Reminder/?k=huymc65&format=full&user_state=anonymous&d=0ye1f0ygz1&url=https%3A%2F%2Fhelenair.com%2F&sbr=helenair&curr=USD&lang=en
Requested by
Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8200:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d3ac1ce74d996fd1d5eb2f34feae5f87a3afa267474dc38308bf28a2f2462b9a

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
via
1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length
114
x-amz-cf-id
6wfnhp4XtqU_sAjf_6YXUeSX1IZMWIBibZQ9SwkRSC7ndYnMVj_YIw==
/
c8.dycdn.net/i99g3gee/s/Recently-Cancelled-90-Days-Ago/ 		121 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c8.dycdn.net/i99g3gee/s/Recently-Cancelled-90-Days-Ago/?k=huymc65&format=full&user_state=anonymous&d=0ye1f0ygz1&url=https%3A%2F%2Fhelenair.com%2F&sbr=helenair&curr=USD&lang=en
Requested by
Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8200:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
3e4515f504b3f855b5fa765e6201f1adc54882fdea7717665d5f86252937c40d

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
via
1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length
121
x-amz-cf-id
WZFH2b0bOQ1TLueGKm7DNDWJiQrsvQAwLa12U3WZzZ00biqGAf385A==
/
c8.dycdn.net/i99g3gee/s/New-Subscribers-Who-Are-Not-Digitally-Activated-Yet/ 		142 B
466 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c8.dycdn.net/i99g3gee/s/New-Subscribers-Who-Are-Not-Digitally-Activated-Yet/?k=huymc65&format=full&user_state=anonymous&d=0ye1f0ygz1&url=https%3A%2F%2Fhelenair.com%2F&sbr=helenair&curr=USD&lang=en
Requested by
Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8200:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c7dd5e1772037fc42030a3f4102640364b8cc6ad696c549fa95f3d7f13041cb0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
via
1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length
142
x-amz-cf-id
DafEn0JbU1RN-6cXApGl1s01De_O6I0iuZkzs-hzGNwO3Kgy0izisw==
/
c8.dycdn.net/i99g3gee/s/Update-account-to-EZ-Pay/ 		115 B
439 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c8.dycdn.net/i99g3gee/s/Update-account-to-EZ-Pay/?k=huymc65&format=full&user_state=anonymous&d=0ye1f0ygz1&url=https%3A%2F%2Fhelenair.com%2F&sbr=helenair&curr=USD&lang=en
Requested by
Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8200:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
28c34bd50c348323ceb8c44c6cbf5d3b5efdfcfa54b7fe00cbb7f5d0ea708bbf

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
via
1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length
115
x-amz-cf-id
wj1e5E5vkAILseQ1oZyq5smvCfYoflI7Tra2s4ErnU8Jv6rUou9Axg==
/
c8.dycdn.net/i99g3gee/s/Registered-Not-Subscribed-Special-Offer/ 		130 B
455 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c8.dycdn.net/i99g3gee/s/Registered-Not-Subscribed-Special-Offer/?k=huymc65&format=full&user_state=anonymous&d=0ye1f0ygz1&url=https%3A%2F%2Fhelenair.com%2F&sbr=helenair&curr=USD&lang=en
Requested by
Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8200:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f216ada54fdf038b59f1a7ce80cc58cec13915002dacab7cfea2add06d3b420d

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
via
1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length
130
x-amz-cf-id
Ad7uox_PaxvCveNVaHDcpbsCcOXZgO4mbtzTbxQ2b58IvfweShRJpg==
baker
sli.helenair.com/ 		19 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sli.helenair.com/baker?dtstmp=1629988314778
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.209 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:58 GMT
Cache-Control
max-age=0, no-cache, no-store
Expires
Thu, 26 Aug 2021 14:31:58 GMT
Connection
keep-alive
Content-Length
19
Content-Type
image/gif
PugMaster
image6.pubmatic.com/AdServer/ Frame 7E9F 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=56874387&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
54d528eb0b994d71ca7be6ee8846c1eb60345d246d7c7f0752d82f1edea366a8

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame AAA8 		43 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=openx.com&id=fe894289-9dc0-8716-b4be-f4d909b93c1f
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame AAA8
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Bhp_vVEeKesdT3npCE5gvAgdKbodSn3sBhhJO5Sp
43 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Bhp_vVEeKesdT3npCE5gvAgdKbodSn3sBhhJO5Sp
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.214.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
via
1.1 google
server
OXGW/16.214.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=Bhp_vVEeKesdT3npCE5gvAgdKbodSn3sBhhJO5Sp
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame AAA8
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3440908619926827973
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3440908619926827973
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.214.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
via
1.1 google
server
OXGW/16.214.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3440908619926827973
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame AAA8 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=a65f3ef4-816a-3cec-74b0-764e618af7ff&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame AAA8 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OGEzMGVkM2UtNDgxZC02MjQ4LTYxNTAtMmNmN2FiNjgzOTlm
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame AAA8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEl4DTiiVqTPwD-1hWFP00I&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEl4DTiiVqTPwD-1hWFP00I&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.214.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
via
1.1 google
server
OXGW/16.214.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEl4DTiiVqTPwD-1hWFP00I&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=6469976588687039299
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=6469976588687039299
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
a45210df-5447-4954-aa4a-a72f88b81602
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=6469976588687039299
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28&gdpr=&gdpr_consent=&us_privacy=
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28&gdpr=&gdpr_consent=&us_privacy=
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgumgum2
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=fc1922e2-a634-498b-bfe5-dc5ce691b4bf&ssp=gumgum2
  • https://rtb.gumgum.com/usersync?b=bsw&i=08135572-aa40-48fb-8726-21a0d5e9a7f5
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=08135572-aa40-48fb-8726-21a0d5e9a7f5
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:58 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
//rtb.gumgum.com/usersync?b=bsw&i=08135572-aa40-48fb-8726-21a0d5e9a7f5
date
Thu, 26 Aug 2021 14:31:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-251701a4-84d1-41b9-73e5-4bea35666456$ip$185.156.175.109
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-251701a4-84d1-41b9-73e5-4bea35666456$ip$185.156.175.109
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-251701a4-84d1-41b9-73e5-4bea35666456$ip$185.156.175.109
Date
Thu, 26 Aug 2021 14:31:55 GMT
Connection
keep-alive
Content-Length
124
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28&gdpr=&gdpr_consent=&us_privacy=
  • https://rtb.gumgum.com/usersync?b=zem&i=
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&i=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=zem&i=
Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
67
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=303675170
  • https://sync.1rx.io/usersync/tradedesk/559a9994-f96e-4863-a231-6b63328e87eb
  • https://sync.targeting.unrulymedia.com/csync/RX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=RX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:56 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=rhy&i=RX-097a29df-2289-4dff-9aaa-fe1bd6908de0-003
date
Thu, 26 Aug 2021 14:31:56 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX097a29df22894dff9aaafe1bd6908de0003
content-type
text/html
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=cCtRjrNbSPUx&ev=1&pid=558355
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=cCtRjrNbSPUx&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-US
location
https://rtb.gumgum.com/usersync?b=pln&i=cCtRjrNbSPUx&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-7f97bf85b7-r4r6q
expires
-1
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28avLUhVG12D7j0x2_gdFv50_dFYusNkjxq9hOB6lazaW60xY9hyJd5UK9NwQ-Kva_%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28avLUhVG12D7j0x2_gdFv50_dFYusNkjxq9hOB6lazaW60xY9hyJd5UK9NwQ-Kva_%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28avLUhVG12D7j0x2_gdFv50_dFYusNkjxq9hOB6lazaW60xY9hyJd5UK9NwQ-Kva_%29
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28avLUhVG12D7j0x2_gdFv50_dFYusNkjxq9hOB6lazaW60xY9hyJd5UK9NwQ-Kva_%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28avLUhVG12D7j0x2_gdFv50_dFYusNkjxq9hOB6lazaW60xY9hyJd5UK9NwQ-Kva_%29
Date
Thu, 26 Aug 2021 14:31:55 GMT
Connection
close
X-TraceId
2f5fb35186d1c946d065f267c2bc4940
Content-Length
0
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=51629a84-a97f-04ba-13cb-66a3a9daf6b9
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=51629a84-a97f-04ba-13cb-66a3a9daf6b9
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-encoding
gzip
server
OXGW/16.214.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=51629a84-a97f-04ba-13cb-66a3a9daf6b9
content-type
image/gif
alt-svc
clear
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-jMPg7NxE2pcCtEom0slZNOowuWWEnXFzJdYJ~A
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-jMPg7NxE2pcCtEom0slZNOowuWWEnXFzJdYJ~A
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Thu, 26 Aug 2021 14:31:54 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-jMPg7NxE2pcCtEom0slZNOowuWWEnXFzJdYJ~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3...
  • https://rtb.gumgum.com/usersync?b=vnt&i=5ce4fc80-067a-11ec-912e-c52e54b009cf
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=5ce4fc80-067a-11ec-912e-c52e54b009cf
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=5ce4fc80-067a-11ec-912e-c52e54b009cf
Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
5ce4fc81-067a-11ec-912e-c52e54b009cf
services
sync.technoratimedia.com/ Frame D33A 		0
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
193.122.174.27 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
657049918
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame D33A 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:57 GMT
content-length
0
server
a
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://rtb.gumgum.com/usersync?b=idi&i=320eeae3-0651-4b58-9f91-a08a68f43270
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=idi&i=320eeae3-0651-4b58-9f91-a08a68f43270
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:56 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=idi&i=320eeae3-0651-4b58-9f91-a08a68f43270
date
Thu, 26 Aug 2021 14:31:56 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
rtb.gumgum.com/ Frame D33A
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15
  • https://rtb.gumgum.com/usersync?b=sad&i=7504678566492325672&gdpr=1&gdpr_consent=
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sad&i=7504678566492325672&gdpr=1&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=sad&i=7504678566492325672&gdpr=1&gdpr_consent=
date
Thu, 26 Aug 2021 14:31:55 GMT
content-length
0
ecm3
aax-eu.amazon-adsystem.com/s/ Frame D33A 		43 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=gg.com&id=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:56 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6E72 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=&gdprConsent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KCCH=YES
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=26592
expires
Thu, 26 Aug 2021 21:55:06 GMT
date
Thu, 26 Aug 2021 14:31:54 GMT
vary
Accept-Encoding
usersync
rtb.gumgum.com/ Frame 64EE
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent=
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=559a9994-f96e-4863-a231-6b63328e87eb&t=1632580314
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=559a9994-f96e-4863-a231-6b63328e87eb&t=1632580314
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=ttd&i=559a9994-f96e-4863-a231-6b63328e87eb&t=1632580314
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Thu, 26 Aug 2021 14:31:54 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=559a9994-f96e-4863-a231-6b63328e87eb&t=1632580314
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
set-cookie
TDID=559a9994-f96e-4863-a231-6b63328e87eb; domain=.adsrvr.org; expires=Fri, 26-Aug-2022 14:31:54 GMT; path=/; secure; SameSite=None TDCPM=CAEYBSABKAIyCwjK58a8n6r0ORAFOAE.; domain=.adsrvr.org; expires=Fri, 26-Aug-2022 14:31:54 GMT; path=/; secure; SameSite=None
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame 3FC1
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://rtb.gumgum.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 23 Feb 2021 20:47:52 GMT
ETag
"402b0-119-5bc0708346e00"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 26 Aug 2021 14:31:55 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=gumgum
Date
Thu, 26 Aug 2021 14:31:54 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
usersync
rtb.gumgum.com/ Frame E3AE
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=cb516127-a5db-4400-a1b7-af54ad46b3e9&gdpr=&gdpr_consent=
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=cb516127-a5db-4400-a1b7-af54ad46b3e9&gdpr=&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=mmh&i=cb516127-a5db-4400-a1b7-af54ad46b3e9&gdpr=&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Thu, 26 Aug 2021 14:31:55 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Server
MT3 3865 cc0e612 master cdg-pixel-x25
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie
uuid=cb516127-a5db-4400-a1b7-af54ad46b3e9; domain=.mathtag.com; path=/; expires=Fri, 23-Sep-2022 14:31:55 GMT; SameSite=None; Secure
location
https://rtb.gumgum.com/usersync?b=mmh&i=cb516127-a5db-4400-a1b7-af54ad46b3e9&gdpr=&gdpr_consent=
Expires
Thu, 26 Aug 2021 14:31:54 GMT
URnmbSKM
sync-tm.everesttech.net/ct/upi/pid/ Frame DCE3
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YSel3gAEJLmr1QA4
85 B
160 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YSel3gAEJLmr1QA4
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

:method
GET
:authority
sync-tm.everesttech.net
:scheme
https
:path
/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YSel3gAEJLmr1QA4
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

content-type
image/png
server
Jetty(9.4.35.v20201120)
accept-ranges
bytes
date
Thu, 26 Aug 2021 14:31:58 GMT
via
1.1 varnish
age
1314
x-served-by
cache-fra19151-FRA
x-cache
HIT
x-cache-hits
3960
x-timer
S1629988318.173937,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
85

Redirect headers

p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin
*
set-cookie
everest_g_v2=g_surferid~YSel3gAEJLmr1QA4; Path=/; Domain=.everesttech.net; Expires=Fri, 26-Aug-2022 14:31:58 GMT; Max-Age=31536000;SameSite=None;Secure
location
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=&gdpr_consent=&_test=YSel3gAEJLmr1QA4
server
Jetty(9.4.35.v20201120)
accept-ranges
bytes
date
Thu, 26 Aug 2021 14:31:58 GMT
via
1.1 varnish
x-served-by
cache-fra19151-FRA
x-cache
MISS
x-cache-hits
0
x-timer
S1629988318.035626,VS0,VE94
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame 0661 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9jM2Y0ZDQ4Ni05ZDEwLTQ3NTMtYjBlZS1jYWExNWUwYjVmMjg=&gdpr=&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

:method
GET
:authority
cm.g.doubleclick.net
:scheme
https
:path
/pixel?google_nid=gumgum_dbm&google_hm=ZV9jM2Y0ZDQ4Ni05ZDEwLTQ3NTMtYjBlZS1jYWExNWUwYjVmMjg=&gdpr=&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmeEdF9m77VyMdUcadf7-tNLqEyQAEyrzhDs2UEpjhZH6roNHSe-le5mVgckBk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

content-type
image/png
date
Thu, 26 Aug 2021 14:31:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
ssc-cms.33across.com/ps/ Frame D08A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.175 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip175.208-100-17.static.steadfastdns.net
Software
33XP004 /
Resource Hash

Request headers

:method
GET
:authority
ssc-cms.33across.com
:scheme
https
:path
/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

x-33x-status
2020008
server
33XP004
date
Thu, 26 Aug 2021 14:31:58 GMT
um
cs.emxdgt.com/ Frame EB79 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
cs.emxdgt.com
:scheme
https
:path
/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

content-type
text/html
date
Thu, 26 Aug 2021 14:31:54 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 7E73
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YSel3sCo5tEAACuDEowAAAAA
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YSel3sCo5tEAACuDEowAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=sus&i=YSel3sCo5tEAACuDEowAAAAA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Thu, 26 Aug 2021 14:31:58 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YSel3sCo5tEAACuDEowAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Set-Cookie
SOC=YSel3sCo5tEAACuDEowAAAAA; path=/; expires=Sat, 26-Aug-23 14:31:58 GMT; domain=socdm.com; secure; SameSite=None
X-SO-Ads-Time
4
X-SO-HostName
a-ad40149.dc2p.scaleout.jp
X-SO-LB-Hostname
a-tgng40013.dc2p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":27,"gdpr":false,"ipv4":"185.156.175.109","key":"YSel3sCo5tEAACuDEowAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40149"}
X-SO-Key
YSel3sCo5tEAACuDEowAAAAA
X-SO-IP
185.156.175.109
X-SO-Cluster-ID
27
X-SO-Upstream-ID
a-ad40149
usersync
rtb.gumgum.com/ Frame 5299
Redirect Chain
  • https://p.rfihub.com/cm?pub=42796&in=1
  • https://rtb.gumgum.com/usersync?b=zet&i=875739029348658870
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=zet&i=875739029348658870
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=zet&i=875739029348658870
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
vst=e_c3f4d486-9d10-4753-b0ee-caa15e0b5f28
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Thu, 26 Aug 2021 14:31:55 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie
eud=H4sIAAAAAAAAAFslxmtoZmRpaWFhbGhqYmEBAIzQIM0QAAAA; Path=/; Domain=.rfihub.com; Expires=Tue, 20 Sep 2022 14:31:55 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSsjA3NTe2NDCyNDaxMDO1sDA3EOIz1DVx8rEo8rT0ddFNiZLiNTQzsrS0sDA2NDWxsAAAJUe9ejMAAAA; Path=/; Domain=.rfihub.com; Expires=Tue, 20 Sep 2022 14:31:55 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSsjA3NTe2NDCyNDaxMDO1sDA3EOIz1DVx8rEo8rT0ddFNiQIAesB4-yQAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location
https://rtb.gumgum.com/usersync?b=zet&i=875739029348658870
Content-Length
0
Server
Jetty(9.3.29.v20201019)
usersync
rtb.gumgum.com/ Frame 51FC
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=i0xcylF5upgdqC9Gutga&pi=gumgum&tc=1
35 B
237 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=i0xcylF5upgdqC9Gutga&pi=gumgum&tc=1
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dgg.com%26id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method
GET
:authority
rtb.gumgum.com
:scheme
https
:path
/usersync?b=rth&i=i0xcylF5upgdqC9Gutga&pi=gumgum&tc=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://rtb.gumgum.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://rtb.gumgum.com/

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Thu, 26 Aug 2021 14:31:58 GMT Thu, 26 Aug 2021 14:31:58 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=i0xcylF5upgdqC9Gutga&pi=gumgum&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 326F 		43 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=21eb0c06a12d935daa1e22e9&ex=sovrn.com&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:54 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 326F
Redirect Chain
  • https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=21eb0c06a12d935daa1e22e9/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=5001&3pid=84cc8719a3bb9ed4788bb63aca1b10ed&gdpr=0&gdpr_consent=
43 B
868 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=5001&3pid=84cc8719a3bb9ed4788bb63aca1b10ed&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:57 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://ce.lijit.com/merge?pid=5001&3pid=84cc8719a3bb9ed4788bb63aca1b10ed&gdpr=0&gdpr_consent=
cache-control
no-cache
x-server
10.45.0.88
content-length
0
expires
0
merge
ce.lijit.com/ Frame 326F
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=83&3pid=KST0YHZ1-28-M6HT&gdpr=0
  • https://ce.lijit.com/merge?pid=83&3pid=KST0YHZ1-28-M6HT&gdpr=0&dnr=1
0
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=83&3pid=KST0YHZ1-28-M6HT&gdpr=0&dnr=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:57 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:57 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ce.lijit.com/merge?pid=83&3pid=KST0YHZ1-28-M6HT&gdpr=0&dnr=1
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
merge
ce.lijit.com/ Frame 326F
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=fmx
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=1871597497736426398&expires=30&ssp=fmx
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1871597497736426398&expires=30&ssp=fmx
  • https://ce.lijit.com/merge?pid=26&3pid=08135572-aa40-48fb-8726-21a0d5e9a7f5
  • https://ce.lijit.com/merge?pid=26&3pid=08135572-aa40-48fb-8726-21a0d5e9a7f5&dnr=1
0
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=26&3pid=08135572-aa40-48fb-8726-21a0d5e9a7f5&dnr=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:57 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:57 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ce.lijit.com/merge?pid=26&3pid=08135572-aa40-48fb-8726-21a0d5e9a7f5&dnr=1
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
merge
ce.lijit.com/ Frame 326F
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1
  • https://ce.lijit.com/merge?pid=85&3pid=AACdkk7CT0wAAEch-lgGkw&gdpr=0
  • https://ce.lijit.com/merge?pid=85&3pid=AACdkk7CT0wAAEch-lgGkw&gdpr=0&dnr=1
0
433 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AACdkk7CT0wAAEch-lgGkw&gdpr=0&dnr=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:58 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:58 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ce.lijit.com/merge?pid=85&3pid=AACdkk7CT0wAAEch-lgGkw&gdpr=0&dnr=1
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
merge
ce.lijit.com/ Frame 326F
Redirect Chain
  • https://jadserve.postrelease.com/suid/101957?ntv_r=https://ce.lijit.com/merge?pid=90&3pid=NTV_USER_ID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=90&3pid=4a01d80c-a366-451a-9566-9ff040ebbaa8&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=90&3pid=4a01d80c-a366-451a-9566-9ff040ebbaa8&gdpr=0&gdpr_consent=&dnr=1
0
433 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=90&3pid=4a01d80c-a366-451a-9566-9ff040ebbaa8&gdpr=0&gdpr_consent=&dnr=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:58 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:58 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ce.lijit.com/merge?pid=90&3pid=4a01d80c-a366-451a-9566-9ff040ebbaa8&gdpr=0&gdpr_consent=&dnr=1
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
6469976588687039299
map.go.affec.tv/map/an/
Redirect Chain
  • https://map.go.affec.tv/map/3a/?pid=CmUMLmEnpdmPg84HBNuIAg%3D%3D&us_privacy=&ts=1629988314628.1
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D6127a5dcaf16e1000123a592%26chc%3Dtt%26floc%3D%26redirect_url%3D
  • https://map.go.affec.tv/map/an/6469976588687039299?ch=6127a5dcaf16e1000123a592&chc=tt&floc=&redirect_url=
0
683 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://map.go.affec.tv/map/an/6469976588687039299?ch=6127a5dcaf16e1000123a592&chc=tt&floc=&redirect_url=
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.51.180.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-46-51-180-149.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 26 Aug 2021 14:31:56 GMT
Content-Encoding
gzip
Connection
keep-alive
Vary
Accept-Encoding
Content-Type
text/html

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:56 GMT
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
bb8b1f97-1950-4808-aea3-3e9f7e3f4e80
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://map.go.affec.tv/map/an/6469976588687039299?ch=6127a5dcaf16e1000123a592&chc=tt&floc=&redirect_url=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 5099 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-90-44.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 06:51:15 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
27640
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Sat, 21 Aug 2021 01:59:01 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
96XhsjGsBxsrm3kyucJOVw9g9hT2d.yB
via
1.1 110750d14d1d900cd5c76d0ac872f5dd.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
ZRH50-C1
content-type
application/javascript
x-amz-cf-id
SGtaTECYypEm6YbtUTBXASwsSxaMjYCAyrePWxwXPu823FcMX9oBkg==
khaos.jpg
token.rubiconproject.com/ Frame 1CFD 		284 B
934 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
284
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/jpg
match
c1.adform.net/serving/cookie/ Frame B9C8 		35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?party=14&cid=4998AC55-27EB-4D0E-B2B6-0ECE94430F02
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
c1.adform.net
:scheme
https
:path
/serving/cookie/match?party=14&cid=4998AC55-27EB-4D0E-B2B6-0ECE94430F02
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
C=1; uid=3440908619926827973
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
uid=3440908619926827973; expires=Mon, 25 Oct 2021 14:31:55 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 447C
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6741320886335607183
42 B
210 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6741320886335607183
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6741320886335607183
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=4998AC55-27EB-4D0E-B2B6-0ECE94430F02; chkChromeAb67Sec=1; DPSync3=1631145600%3A201_197_219%7C1630022400%3A174; SyncRTB3=1632528000%3A203%7C1630540800%3A223_2_15%7C1631145600%3A13_54_21_3_71_166_234_56_7_8_55_161_22_81%7C1630800000%3A63%7C1631232000%3A35
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 26 Aug 2021 14:31:55 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_336=5844-6741320886335607183; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 25-Sep-2021 14:31:55 GMT; path=/ PugT=1629988315; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 25-Sep-2021 14:31:55 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 24-Nov-2021 14:31:55 GMT; path=/
x-lat
lhrpug013:0:509
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6741320886335607183
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame 3E83 		43 B
360 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method
GET
:authority
dis.criteo.com
:scheme
https
:path
/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

cache-control
no-cache
pragma
no-cache
content-type
image/gif
expires
Thu, 26 Aug 2021 00:00:00 GMT
server
Microsoft-IIS/10.0
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1092
x-powered-by
ASP.NET
date
Thu, 26 Aug 2021 14:31:58 GMT
content-length
43
Pug
simage2.pubmatic.com/AdServer/ Frame C2AB
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7000746522974484632
42 B
367 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7000746522974484632
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7000746522974484632
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KRTBCOOKIE_218=22978-YSel3gAEJFur1gA4&KRTB&23194-YSel3gAEJFur1gA4&KRTB&23209-YSel3gAEJFur1gA4&KRTB&23244-YSel3gAEJFur1gA4; PugT=1629988318; PUBMDCID=3
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 26 Aug 2021 14:31:59 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_1101=23040-7000746522974484632; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 25-Sep-2021 14:31:59 GMT; path=/ PugT=1629988319; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 25-Sep-2021 14:31:59 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 24-Nov-2021 14:31:59 GMT; path=/
x-lat
lhrpug017:0:383
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Thu, 26 Aug 2021 14:31:59 GMT
Transfer-Encoding
chunked
Connection
keep-alive
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie
UserID1=7000746522974484632; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7000746522974484632
Pug
image2.pubmatic.com/AdServer/ Frame 2C75
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=
42 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KRTBCOOKIE_218=22978-YSel3gAEJFur1gA4&KRTB&23194-YSel3gAEJFur1gA4&KRTB&23209-YSel3gAEJFur1gA4&KRTB&23244-YSel3gAEJFur1gA4; PugT=1629988318; PUBMDCID=3
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 26 Aug 2021 14:31:58 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 24-Nov-2021 14:31:58 GMT; path=/
x-lat
lhrpug004:0:539
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Thu, 26 Aug 2021 14:31:58 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
/
csync.loopme.me/ Frame F95B 		85 B
152 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.55.6.210 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.210.6.55.162.clients.your-server.de
Software
_ /
Resource Hash
e482a48fef03d183029fa2edf995fc8e9ce023f18649fd1d9149958e977068a1

Request headers

:method
GET
:authority
csync.loopme.me
:scheme
https
:path
/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

content-length
85
content-type
text/plain
date
Thu, 26 Aug 2021 14:31:59 GMT
server
_
Cookie set ecm3
aax-eu.amazon-adsystem.com/s/ Frame 13A2 		43 B
585 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=4998AC55-27EB-4D0E-B2B6-0ECE94430F02&ex=pubmatic.com
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host
aax-eu.amazon-adsystem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ad-id=A9cm891GJESPlsHRJMAVyCA|t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

Server
Server
Date
Thu, 26 Aug 2021 14:31:56 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie
ad-id=A9cm891GJESPlsHRJMAVyCA; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 14:31:56 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary
User-Agent
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7E9F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SZisVSfrTQ6ytg7OlEMPAg%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=26591
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Thu, 26 Aug 2021 21:55:06 GMT

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=827e6127-a5db-4e00-8334-28c2837e24ba
0
158 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=827e6127-a5db-4e00-8334-28c2837e24ba
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
MT3 3865 cc0e612 master cdg-pixel-x31
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=827e6127-a5db-4e00-8334-28c2837e24ba
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 26 Aug 2021 14:31:54 GMT
mw
mwzeom.zeotap.com/ Frame 7E9F
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=4998AC55-27EB-4D0E-B2B6-0ECE94430F02
  • https://spl.zeotap.com/?zdid=1332&zcluid=e47ff3338586b23b
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169c81101f67&zclui...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169c81101f67&zclu...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEFN9MYbgJULDfQb5l0d5KyU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169...
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEFN9MYbgJULDfQb5l0d5KyU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169c81101f67&zcluid=e47ff3338586b23b&zdid=1332
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
684dc44f4c132c32-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:58 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEFN9MYbgJULDfQb5l0d5KyU&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da1c49ff-7462-43f9-7be9-8c25ad004a6e&reqId=1c5e0ff9-52cc-4419-4f8a-169c81101f67&zcluid=e47ff3338586b23b&zdid=1332
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
469
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3440908619926827973
42 B
544 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3440908619926827973
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug010:0:384
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3440908619926827973
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74036127-a5db-4a00-9908-9f0fe4ea4c3c&gdpr=0&gdpr_consent=
42 B
340 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74036127-a5db-4a00-9908-9f0fe4ea4c3c&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug009:0:499
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
MT3 3865 cc0e612 master cdg-pixel-x30
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:74036127-a5db-4a00-9908-9f0fe4ea4c3c&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 26 Aug 2021 14:31:54 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=559a9994-f96e-4863-a231-6b63328e87eb
42 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=559a9994-f96e-4863-a231-6b63328e87eb
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug008:0:390
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=559a9994-f96e-4863-a231-6b63328e87eb
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
image2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESELNuZspTz4CJmE7Ojk1BRvQ&google_cver=1
42 B
284 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESELNuZspTz4CJmE7Ojk1BRvQ&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug010:0:599
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESELNuZspTz4CJmE7Ojk1BRvQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6469976588687039299&gdpr=0&gdpr_consent=
42 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6469976588687039299&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug009:0:414
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
b333e939-dabe-4c3e-978d-2abf79ddc725
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6469976588687039299&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=zsA9wpnEa5TVlTuWwJQiw8DHa8XVkD-TzsLGFPRx
42 B
583 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=zsA9wpnEa5TVlTuWwJQiw8DHa8XVkD-TzsLGFPRx
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug007:0:707
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=zsA9wpnEa5TVlTuWwJQiw8DHa8XVkD-TzsLGFPRx
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4998AC55-27EB-4D0E-B2B6-0ECE94430F02&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zv6gyF5E2uUqpO0wlNFSB56ovi15YyQ-~A&gdpr=0&gdpr_consent=
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zv6gyF5E2uUqpO0wlNFSB56ovi15YyQ-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:54 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
ATS/7.1.2.138
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zv6gyF5E2uUqpO0wlNFSB56ovi15YyQ-~A&gdpr=0&gdpr_consent=
Connection
keep-alive
Content-Length
0
4998AC55-27EB-4D0E-B2B6-0ECE94430F02
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 7E9F 		43 B
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/4998AC55-27EB-4D0E-B2B6-0ECE94430F02?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
  • https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
  • https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=90e5c509-33a6-4865-93b3-12f59c1793e5&ssp=pubmatic
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=29&expires=30&user_id=90e5c509-33a6-4865-93b3-12f59c1793e5&ssp=pubmatic
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2616d2ec-2e0c-4dbf-abc8-4ce379e9f51c&gdpr=&gdpr_consent=&gdpr_pd=
1 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2616d2ec-2e0c-4dbf-abc8-4ce379e9f51c&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:59 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug003:0:390
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2616d2ec-2e0c-4dbf-abc8-4ce379e9f51c&gdpr=&gdpr_consent=&gdpr_pd=
date
Thu, 26 Aug 2021 14:31:59 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7201022083141325463&gdpr=0&gdpr_consent=&us_privacy=
1 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7201022083141325463&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug007:0:591
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7201022083141325463&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSel3gAEJFur1gA4&gdpr=0&gdpr_consent=&_test=YSel3gAEJFur1gA4
1 B
390 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSel3gAEJFur1gA4&gdpr=0&gdpr_consent=&_test=YSel3gAEJFur1gA4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug004:0:400
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:58 GMT
via
1.1 varnish
server
Varnish
x-timer
S1629988318.153362,VS0,VE0
x-served-by
cache-fra19151-FRA
x-cache
HIT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSel3gAEJFur1gA4&gdpr=0&gdpr_consent=&_test=YSel3gAEJFur1gA4
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
current
pubmatic-match.dotomi.com/match/bounce/ Frame 7E9F 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=4998AC55-27EB-4D0E-B2B6-0ECE94430F02&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:7981b92d-a656-4c94-a895-855ab1aaf1c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:7981b92d-a656-4c94-a895-855ab1aaf1c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:32:01 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug010:0:340
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:7981b92d-a656-4c94-a895-855ab1aaf1c0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Thu, 26 Aug 2021 14:32:01 GMT
Server
Apache/2.4.41 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Pug
image2.pubmatic.com/AdServer/ Frame 7E9F
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d6ee87f1-8ed5-42d1-8354-5be663477875-6127a5dc-4348&gdpr=0&gdpr_consent=
42 B
388 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d6ee87f1-8ed5-42d1-8354-5be663477875-6127a5dc-4348&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:56 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug011:0:407
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:56 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d6ee87f1-8ed5-42d1-8354-5be663477875-6127a5dc-4348&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
pubmatic
um.simpli.fi/ Frame 7E9F 		43 B
611 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS
b7.80.fd9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Wed, 25 Aug 2021 14:31:58 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 7226 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3iV_4Ggw9QLLjZ7FiVVWsU7KdAlC6xNSWU3z9p_aL9gIn8mXnvrAlOyMsOLx6KWDbnjDsxRnu21FapqGHO3q05zKeNHtGqxAce0hs5TyzHTYHMO2d&sig=Cg0ArKJSzDH1E1PpRyHoEAE&id=lidar2&mcvt=1199&p=0,0,250,300&asp=307,1180,557,1480&mtos=1199,1199,1199,1199,1199&tos=1199,0,0,0,0&v=20210823&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=435523245&rs=4&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1629988312555&rpt=1702&isd=0&lsd=0&r=v&speed=1
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 1CFD
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=a9eu
  • https://aax-eu.amazon-adsystem.com/s/ecm3?id=KST0YH8W-15-2WQ9&ex=d-rubiconproject.com&status=ok
43 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KST0YH8W-15-2WQ9&ex=d-rubiconproject.com&status=ok
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:56 GMT
Server
Server
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?id=KST0YH8W-15-2WQ9&ex=d-rubiconproject.com&status=ok
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Expires
0
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame D64B 		71 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn-sic.33across.com
URL: https://cdn-sic.33across.com/1/javascripts/sic.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
893ad605de01155b4c1c2590782f6de53f33f4ced3bb0895e182b02ba96ca4bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"969 / 139 of 1000 / last-modified: 1629976524"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25250
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:55 GMT
prebid
ib.adnxs.com/ut/v3/ Frame AF85 		19 B
853 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/ast/ast.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:55 GMT
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
c63133f8-c4f5-4b94-a5a6-c4c99e1672ea
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://helenair.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame AF85 		163 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/ast/ast.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
a64f09c80bed2347df9f2ef789b03c84b69d6b9cf56e2a376a52561b57511825
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:56 GMT
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
e8db63c7-f817-4eff-b7d3-7284c71cd4ee
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://helenair.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
163
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame AF85 		159 B
994 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/ast/ast.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
3cf855b286a289807fcde35dcccb168869b3abfe3cd1dba316e637f2fb350e32
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:31:56 GMT
X-Proxy-Origin
185.156.175.109; 185.156.175.109; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
98960ca4-35fd-4369-a209-d804e7146c48
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://helenair.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
159
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
exchange
ssc.33across.com/api/ 		88 B
364 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/exchange
Requested by
Host: cdn-sic.33across.com
URL: https://cdn-sic.33across.com/1/javascripts/sic.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.110.23 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-110.static.steadfastdns.net
Software
/ 33Across
Resource Hash
a9760d16505688f9080fa5f9d9b28cbfec60424b64dc7d8411c307a804d15e5a

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://helenair.com
access-control-allow-credentials
true
usync.js
eus.rubiconproject.com/ Frame 3FC1 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
6a70744d3a386f977bc0c80bd180f2c4b2ce4a997684fe95dc6647bb82e0771a

Request headers

Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 26 Aug 2021 14:31:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Aug 2021 22:28:27 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=53068
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9356
Expires
Fri, 27 Aug 2021 05:16:27 GMT
get
am.freshrelevance.com/ 		1 B
97 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://am.freshrelevance.com/get?data=%7B%22type%22%3A%22heartbeat%22%2C%22data%22%3A%7B%22c%22%3A%220ye1f0ygz1%22%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F92.0.4515.159%20Safari%2F537.36%22%2C%22w%22%3A%22i99g3gee%22%7D%7D
Requested by
Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.224.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-224-238.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 26 Aug 2021 14:32:02 GMT
content-type
text/plain; charset=utf-8
token
token.rubiconproject.com/ Frame 1CFD 		0
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/token?pid=25470
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 1CFD
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4db76127-a5db-4e00-9848-36e30db0ae50
42 B
711 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4db76127-a5db-4e00-9848-36e30db0ae50
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

Date
Thu, 26 Aug 2021 14:31:55 GMT
Server
MT3 3865 cc0e612 master cdg-pixel-x26
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=4db76127-a5db-4e00-9848-36e30db0ae50
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 26 Aug 2021 14:31:54 GMT
rubicon
match.adsrvr.org/track/cmf/ Frame 1CFD 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
tap.php
pixel.rubiconproject.com/ Frame 1CFD
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YSel3gAD3TI-hgBg
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSel3gAD3TI-hgBg&_test=YSel3gAD3TI-hgBg
42 B
691 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSel3gAD3TI-hgBg&_test=YSel3gAD3TI-hgBg
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:58 GMT
via
1.1 varnish
server
Varnish
x-timer
S1629988318.150123,VS0,VE0
x-served-by
cache-fra19151-FRA
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSel3gAD3TI-hgBg&_test=YSel3gAD3TI-hgBg
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
709414.gif
id.rlcdn.com/ Frame 1CFD 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
via
1.1 google
alt-svc
clear
content-length
0
tap.php
pixel.rubiconproject.com/ Frame 1CFD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHhoDdno7tlROaOUDazPJBU&google_cver=1
42 B
711 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHhoDdno7tlROaOUDazPJBU&google_cver=1
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHhoDdno7tlROaOUDazPJBU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1CFD
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
token
token.rubiconproject.com/ Frame 1CFD 		0
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/token?pid=26594
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pubads_impl_2021082301.js
securepubads.g.doubleclick.net/gpt/ Frame D64B 		331 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
8d37f23647537d48ee4f0c05b8acdf093cb828fe3c5703653aedfdd5f88cde2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 23 Aug 2021 08:38:25 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118555
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:55 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame CD6D 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuV1v9sf_3WQCmPfVZtK0uuaF5FsPrJjVLdKxS6eMgAj89tCd9UprHvyXm7IAXq70UCM08kwyQ_9-Rk4setVoqKKnFhA5aKmkyinT4jlvHo8dTTlEF1&sig=Cg0ArKJSzBMlD5CBSYeREAE&id=lidar2&mcvt=1000&p=0,0,1,1&asp=1,800,2,801&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210823&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=3804360403&rs=4&met=ce&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1629988311418&rpt=3261&isd=0&lsd=0&r=v&speed=1
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 7E9F 		0
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156657&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:56 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
integrator.js
adservice.google.ch/adsid/ Frame D64B 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ch/adsid/integrator.js?domain=helenair.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame D64B 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=helenair.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame D64B 		57 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4451654709554332&correlator=1467844208917873&output=ldjh&impl=fif&eid=31061422%2C31062359%2C31062361%2C44748553%2C31062297&vrg=2021082301&ptt=17&sc=1&sfv=1-0-38&ecs=20210826&iu_parts=32867010%2CA_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=c%3D10%26r%3D110%26d%3Dlee728.net%26g%3Da9JORiXIKr5BlZrkHcnnVW%26gd%3Da9JORiXIKr5BlZrkHcnnVW%253Adesktop%26cc%3D0%26pf%3D35%26gm%3D57%26gf%3D38%26ag1%3D12%26ag2%3D14%26ag3%3D69%26ivt%3D25%26iva%3D80%26ivb%3D69%26ivc%3D61%26ivd%3D19%26ive%3D4%26ivp%3D94%26osr%3D98%26pre%3Dapnx%253Ae102%2Cttx%253At%26pre_sz%3Dapnx%253A0x0%2Cttx%253A0x0%26tier%3Dapnx%253A0%2Cttx%253A0%26hb%3D0&cookie_enabled=1&cdm=helenair.com&bc=31&abxe=1&lmt=1629988317&dt=1629988317587&dlt=1629988315519&idt=138&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=150&oid=3&adxs=1598&adys=62&adks=657788913&ucis=kxsgdo2d35dx&ifi=1&ifk=2481880077&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&nhd=1&url=https%3A%2F%2Fhelenair.com%2F&top=https%3A%2F%2Fhelenair.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=284x134&msz=284x0&ga_vid=505460555.1629988318&ga_sid=1629988318&ga_hid=548136990&ga_fc=false&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
cc74be52523bbf26f30d26ba655706225c65bdec51f3c6df4d122aa10c696d0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14179
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://helenair.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FE27 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html?n=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Thu, 26 Aug 2021 14:31:57 GMT
expires
Fri, 26 Aug 2022 14:31:57 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012108170213000/ Frame B635 		188 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
62213
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55333
x-xss-protection
0
server
sffe
date
Wed, 25 Aug 2021 21:15:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"55ff93a1040e5c38"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Aug 2022 21:15:05 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012108170213000/v0/ Frame B635 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012108170213000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63122
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4999
x-xss-protection
0
server
sffe
date
Wed, 25 Aug 2021 20:59:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6b551ff8c0a78d7e"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Aug 2022 20:59:56 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012108170213000/v0/ Frame B635 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012108170213000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63122
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28538
x-xss-protection
0
server
sffe
date
Wed, 25 Aug 2021 20:59:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"523ca413d5eb4bb0"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Aug 2022 20:59:56 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012108170213000/v0/ Frame B635 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012108170213000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63122
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1653
x-xss-protection
0
server
sffe
date
Wed, 25 Aug 2021 20:59:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a4d9605fb26cf0ce"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Aug 2022 20:59:56 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012108170213000/v0/ Frame B635 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012108170213000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63122
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12821
x-xss-protection
0
server
sffe
date
Wed, 25 Aug 2021 20:59:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"bd81b3ba02634f28"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Aug 2022 20:59:56 GMT
css
fonts.googleapis.com/ Frame B635 		4 KB
617 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 26 Aug 2021 13:53:13 GMT
server
ESF
date
Thu, 26 Aug 2021 14:31:58 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 26 Aug 2021 14:31:58 GMT
css
fonts.googleapis.com/ Frame B635 		4 KB
617 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 26 Aug 2021 14:05:46 GMT
server
ESF
date
Thu, 26 Aug 2021 14:31:58 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 26 Aug 2021 14:31:58 GMT
truncated
/ Frame B635 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a8bf75f9c9220c3b689184f6bb40f875c7e241306abf46ccaa374fc153a1fa67

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
10101561403794759199
s0.2mdn.net/simgad/ Frame B635 		734 KB
734 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/10101561403794759199
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
077da4bdd86f727ec21a8f9a7debeec4fa9fa18da37d7e67fcec058d98a5dcc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 11:19:08 GMT
x-content-type-options
nosniff
age
11570
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
751543
x-xss-protection
0
last-modified
Fri, 02 Jul 2021 22:55:15 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Aug 2022 11:19:08 GMT
11197846874590778021
s0.2mdn.net/simgad/ Frame B635 		203 KB
204 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/11197846874590778021
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
318b8dfa1ea500dc3c786a253d60063590afe029fb90b84c703b0f903917f223
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 04:55:30 GMT
x-content-type-options
nosniff
age
34588
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
207998
x-xss-protection
0
last-modified
Fri, 02 Jul 2021 22:55:17 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Aug 2022 04:55:30 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame B635 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AarXTyznityViPZUwsibhPrfRHMHTBVGFaSBHogE-q7HB-gfoUlOiM2XHhwA9TKkoUtgrjwO-1DrOjTh-58h6bHZ4PW5LtWrBqdxKhGO5-D3ufhvq_DSLz88mlWMyFR-XfN3hT_AM6aL7FRgR297o2kjfqcw&dbm_d=AKAmf-D_xSucqKvkxJpBXs08oupkrSGTzxNSTjqwhWRhS_5sAvZfzstM99ZiKMIACfq0i3HYbcx80YJy2ULwXIP-Q1-FKUjzPguhb76UPPkipNsT9iDidNUmW9LDUuXCa0PHjicnAGsgGx7UgLr4kaVU74f7hGLedGd7UB5PfkQ63B3zXCtITeW997pY5sba6R3AeoaxX8jMmmGCKNKyzSRjMz1jocX3TELlC3lOME81VDF-dc5H0H-wS659yqqFeLUgu6hKAKtcpr2h0jA7fTHW2iANvUPD9JXfRCUfLVMgOeX-7t6DsVa-rmQOEhqRnpezKkeMg9_ERoxaQWe4w68HCvqmhZktFr-A5KNMRyRrF4a-KzGZlqVn8jYBZh3mupRoaGiYpQsZ_fax-djLrdf2pO2QqP6Lc35jiJ0_8Tk9Sq2bnspQEu6P6jt-Yo2WsyIEbx6OKKYxWByMA9UF7I3u-z4xcsA4szaS-tjI9Yc7uHe3l7crptO7i9RJKQHfASiqSEBQpr3-Lo4gANqrXZ_BCZA7SNL6uOn6oT7GLWdHenM8Dblu1P7aQ-JG8B5VkKaO_T9Pt8qD-zRc4Rgxaf5BKvxBz3CzO3B-jCAbNsn1afs-tH4-RFg_yg4KwDTnLx47jcCrfiUEs6ma7kLYUommv0cOOF-8Gnlg-9bZ0yqOkWoMz9FYfFo196x3Hl_jASkVXDSirxL9-tnP2xktOw4TKLIcJXLj-6bMcS4lHGVe0Fa1Mfp1i6wR6LW96dlb38q_hnJ9_f5mAJ6FekID8qEYAbw2GCNnkJptB0nAWNe7bBHtcQN6Ie7-YmW3e8EEybQKIg8qJ1l7Rwu9vGCTXvvBdF36FW56vHGHPw81yDJiBe1DbuR7uuFU5_zDHRRhXO6t-ZFfb3MshuJehaK5e6go7748sUFCQD9TpNzMjjzaCfha-Q9h2otG8swryskVu_v3MW5r5h5CwxLRKLgGGvchShBewJEj8fiyR57DP1YJoPP5YlkbSeogAzi9awuqScRtgPjYqpBa9h7lHTZKTC85zTE8UZd3GBqMkNbjZn-b_hM-ug3c3lAqKOkLoDL6FPjljJOpBc0YklRX7bBASLjKVgEBMF9xb2wvQoS_CU1vCpswbJQ-ah8JX8_Cav7fCbeLdfXX_AR826-kHsgwiq2gCkAb76jD-CGoqso057x280V_WhzR_FuZdXeX55QVl3b1Dg5SKgyif46jzLnXjA2y9sDffmvhbjsa9Gd_8-GJa9NYtitsISvI-lFkJt2h6EZAFfgwDl94T5PCVVlaS3rWQgoYEgEcm7j6D9jPKytC5Fgrp9k3SQS6LxX4ts2B88wjFRhLNoTle7lnNQ28ciipfKdCXHagdKkaTzePvDDPXBNpNTt_03e70ZAMg2UugpKD9habMK13Ope9YnwWdASaCnEwxeanxMCX3Wj1DzWtdya73cd-GT2sg5MRWavvoXa9ngKCvEnoHVV0bk00xgIww3rzWN_eA-z6-WIi9h5h3eXC7Z3WDPWSxMlClDAnYx_39Nv-i4vjRTIWTLlof6en8fNiWB2CLxo0TjvavGsA9sEtM18_WbgvVijVPeAXDG4k3s3wUORp51tTlK_3h_JnMoSsLkpkj5AEG-IrBwR_AQFc7IT0Hy6ou3mLaWhWmhRJbjBYQjX_VlCzI4OLtEj_x2rZ-b4VWxMQOTbAhrydLckL-mbhZwksD1V4n0fQCJhmcnT5XGyt26xi399ibVLoknGbvHfLM1vkg-vxmySgniMDeKuU-3klBdJLNtUuOyeYymIV-s7e9Ml23NuDaSnkXeMj6hiR7XyGlJL1XI8H-uzajerImqt_2a8BfxW99fG7aPxDe8ZfsaiaXa65MSYqS4xjLlQCj1FEU066jXeS2fXFaObfGUCtLJXkPVgsmodt4K8nvQ_EW8i5LSj2iDIkieKmaE8VQ_9Dg7EkbaJg-ndmN2TlfTQxqSrZu0jLq51LfsgR7Oo_W6WXucat3jxk0ZV4J6j0fEuxQriNdp1hSKCQ57Ogq716kF2kcZ64EK7GP7dA3WV3f4HC1pm4fyVgVywLTMuAHSKvWCPWahmJHSrwlc_Bs0-itgVthp2dvgEw1gOqA5qpaVoeEf4FJxkvnKe3RBj5ueKrdnKNUSX9WsSTB5sgWIFRD34TlHDIiqGCN9e03oowfvullrXTkTq3Giu_7kqN1rFpwCJcTR1JSFsoniCl2SR-xQL7_xG9B06BotbPAf7WxAER2DZ2yoK1rFt4VovJgk5MmuWYd3EhsGI8C7dXIVgWV2asa1av6cziTjEcg6jA6e4u37hyhpXqvQ-faMrY4TZ_okuUXi5q1YVdcSwwaxv-JvNQ1g1l20LW-v4RKFPCWZbVa8_NWuVaulv2XpLoYG_bCD7DsEInOW9va0HsPhZP_GwXtGkiIbC7i8Nzf4sy6ANvCfKtrvoZRyFPCpajOa9QxsGlYqzfwz_zpu3GKIWtGETRWj8IYPLpCZyQeQLID5vBxlrUERDz3k0Nq4DQgK_XhWBKDwSnuCoRFH_g8wjs1H0z4OObvrCQuGYZI2fuER5GlKh6pnibThulg2F18jIjLM2PoFNmQ6jIoBFwWIAiNaRnLvBp24w7SpoEsRyIwot-qhe0-KIgQ1vDE6Yfh_C5zJbqNPtWIBb5VPi5IHQuh9jDKz6Am_aWNnb9rNmH-RRMcApLn2vYbuVUzM1yp9BroxzudBC8-uUkcX7M8wNMjZiffwioyi_1m1OT02POgvICqAf3-HaHP5abntnfmwSOue-72gtHQO5NGn2nDzROZZXzlg_ULjMaogMQjOu1hXBAQlIlJagKAM6Jo2GJm9SLphbqXVsd0cmZhvAdyoBE2yxjb7vklbkp2Wagc5MyTF13X91sxNAdm0oOoMgFTWm55_eGGIy1MJUsWeAvT1M__Naa1CWqBPyngvP4FZLffHdZftdntKN22ykZko4IG3j4HyS3CziqrgkMlPsY5eREl1CCSBZNupfswqrNHHgoz6SdkGh_M32FvjIdo4VzX9U9rsPFxR6QI5829A_tO0cZwh_5IBpPwDQs-u9QafSd&cid=CAASEuRoUVFhFEA6mkowmavRnW_Ggw
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame B635 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CmUb_3aUnYei8JuTI7_UPlbKgwAfxl9iFZPSVhe_qDYeom8yIChABIJLrzSJg9ZXOgeAEoAHF5qjaAsgBBqkCZSx-LiJTsj6oAwHIAwqqBNwBT9B0rKIP3jyi90KsFo9Id4cGwAP_BAWXvS4aFVPe-teBfdWjZ0_OXfjBy2wQ6eOCGtyuc4evnwM7TYL0AN1DUTVZurPHPVq_gpepHdpBqFQdkH8ZTCl7XIkGc3FXKc8ehzodplz9dWpWFBmf-YXu2zrUemIOuOnkcpT7_zqdvAYF2Ey4urzvAqIYDcFsF82K5rodBkKA8aRI6IngcuhmhC66QQyLIIm4SZdeavy_ylcLkwPCVCIBIh-aH6StvblBfruVpa1gWskZ1_3eVN308BFkwwXWWRtJswG4lcAEidXc9MoD4AQDiAXItKC5NJIFBggDEAUYAZIFBggbEAEYAZIFCwgiEAIYAUj_lJMBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAejmdelAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwHyBwoQrbEyGJ3cja8B0ggHCIBhEAEYHfIIG2FkeC1zdWJzeW4tNzU0MDM2OTQ4OTUxOTc2N4AKA8gLAbATjPuoDMgTkJbf3QPQEwDYEw2IFAHYFAHQFQGAFwGyFx4KHAgAEhRwdWItOTU1NzA4OTUxMDQwNTQyMhianBk&sigh=sixEUnYJKyA&cid=CAQSOwCNIrLM4H054UzyOcrNjEyqNwLIlVEuTE95No3yCq8I6h7J3_QGi5jlXzbASQqHmcnf3LdM0Ui24HDo&template_id=509&vt=10
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B635 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 25 Aug 2021 15:34:33 GMT
x-content-type-options
nosniff
server
cafe
age
82645
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Thu, 26 Aug 2021 15:34:33 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B635 		295 B
423 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 12:37:33 GMT
x-content-type-options
nosniff
server
cafe
age
6865
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 27 Aug 2021 12:37:33 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame D64B 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021082301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71b13b55be1a33a82a31ea37491719614e76960c34a7f13bf200bcb7474babee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:31:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8600
x-xss-protection
0
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame B635 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://helenair.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 04:09:29 GMT
x-content-type-options
nosniff
age
37349
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Aug 2022 04:09:29 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame B635 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://helenair.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 24 Aug 2021 17:17:27 GMT
x-content-type-options
nosniff
age
162871
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:39 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Aug 2022 17:17:27 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D64B 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082301.js?31062359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:31:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:31:58 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame B635
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

date
Thu, 26 Aug 2021 14:31:58 GMT
x-content-type-options
nosniff
server
safe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
246
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 21D9 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5029
date
Thu, 26 Aug 2021 14:04:29 GMT
expires
Fri, 26 Aug 2022 14:04:29 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1649
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame C514 		783 B
782 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b10974a3a0a13984be42682394096446718a889cb6ab9a1fe74dac0c25917c43
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-iyXtmXEnI0VDL9CKsmtFBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

expires
Thu, 26 Aug 2021 14:31:58 GMT
date
Thu, 26 Aug 2021 14:31:58 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-iyXtmXEnI0VDL9CKsmtFBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js
pagead2.googlesyndication.com/bg/ Frame 21D9 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50378aa9304561a118da2a16b43b3f978f6b1e79776748ddd28ec794a4a3e2d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 12:51:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
6039
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13427
x-xss-protection
0
last-modified
Mon, 16 Aug 2021 15:08:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 26 Aug 2022 12:51:19 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame D64B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021082301&jk=4451654709554332&bg=!d3SldDDNAAYXVutgF1Y7ACkAdvg8Wjkf3D8voeh6yjcW1286hAEy6_eGGmaJ7QlD_xGWdtUsKvWYigIAAACIUgAAAA5oAQcKAPLBtkgNWjY6BmeOd3RGkQ2SlkhIpeBbXyLv0S2mRrpbn4MQHqhtZff4Od0ZYcIEZ9ObmicEe8A-N-MC70A_can9isIGMndeet67V3rw5qsNVzDBgIpIUDbYJ3NH0rQWBJp3D_roUCTz3bNstHD8AAlOIFxxHaDVcdICC98ji1V4Xd8Mvbwy0j9SNu9EueUL4PUXa3KXDJFcT3Ro_EVXjtBkibWa_ZkQTG_NAA4wNTnBhQ84h0xQyajUQgz4ysKkJKE4cWZwNfjINRV8kyqOgSA5WZRCRcPO8YL0G8zefrt9LBSYRIBkT_Nn6-LEna0pQVp54ZkCic4MX_xMLlKVqUfwiJaH9uIIEAGQc3FWGuV2057qVs0OysWRLhJMQj-5fOg5M3ae6fUgg8W7LzbwH8hwGJ4v5sNPBTvSklNltFg8Xa7lMcNfF0qqWll6_BlHUmcA_fyfPWyAGNBvZMzmQju6JOYfZVJl94BTWNdsnKfF6sBF9SiS1LPe04wnxWKytpGhgKc3ljmHtLIh4t0uFREx-3RLv8Zv14cPKYhPK7azfuXP6bvGTA5rVIWQxYQnba8iQHBrSHAkd17UFvVf993tb4xmZCaaA0G5H7jqQhvl-0-hxAxlTodOPE4AE_9mdkuHeUGE2UkHBB-7i6fw7XgguKrRUtS7YOsjwC-vboyzB1sTGaK3xGpaTmGFJ_9wwvZvZ5oDw3DnhPIOeXeCQ88u9nEYGEb6VMYxFR8jpZXM0sIp-BPtlOUcbnl4u-10Wyiw4h2jC5Tw3QKDCgFR46ZXSrk4yAJu2tNfJHZA6s6uhit1-dYTBaODphHCb_2W9gb_HPQzuQGo8QFBxQXc7O2auryXeyzBKe4clpQX2s9oenqWLdSN9D766wOUAA_WxkZVpvH5jaRET2zAEq9dQ7FtCXeqb7J3CY98t1lhQn79npD2BQo1L05Rglaub-d-pNfYVigQsJVLVo8MM3vi6wi8-dzCoQPnnf8FylwHtczLZRZRwHxeyFxZHqBeCcGcrVrLancbov7-yjzr-uh-IDc5ottU3RfTQPTyyXhXbQ11YH9XxMRlUJDDsMY5gie9Hlk-p74PoxYy127EhQwpcgDwcDqsYVTFMl0NJU0cgHCQiwqWwiuCuhHgAGnWlfM0m6mGxQc9ZDhTYcV8mNaR3LJAOquuUbg2d-NkypBogas
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers
khaos.jpg
token.rubiconproject.com/ Frame 3FC1 		284 B
921 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
284
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/jpg
usersync
rtb.gumgum.com/ Frame 3FC1
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum
  • https://rtb.gumgum.com/usersync?b=mag&i=KST0YKRT-M-BI71
35 B
237 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=mag&i=KST0YKRT-M-BI71
Requested by
Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_pm-db5_rbd_n-emx_n-vmg_ox-db5_dm_smrt_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:59 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://rtb.gumgum.com/usersync?b=mag&i=KST0YKRT-M-BI71
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Expires
0
activeview
pagead2.googlesyndication.com/pcs/ Frame B635 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsurJKakCryYjnxHEYQuoPBHHTe1pA5QeTjOeqcqkT3E-mFj3OgSBP9IMyuwEKs8uYC5JMhZE1tSkSv5RMDkrNQkYqP-aW_MMAr_EVcip_YkTTAixYByGSRBWPs&sai=AMfl-YQS6z-4oshAhAKEVjE9iTOZHaKHOhxe-khh0ydTOrtN6Il1G0IMtwmOhPJdR64q0WAxyzTVm34x2usYAafwND-656OSoT_f-84bnPLzO12ytgBpOB0gg6hqD2U&sig=Cg0ArKJSzDLht7aiuJxZEAE&cid=CAASEuRoUVFhFEA6mkowmavRnW_Ggw&id=ampim&o=436,1200&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1026&mtos=0,0,1026,1026,1026&tos=0,0,1026,0,0&tfs=582&tls=1608&g=90.1562511920929&h=100&tt=1608&r=v&avms=ampa&adk=657788913
Requested by
Host: helenair.com
URL: https://helenair.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:31:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rt=ifr
bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Sit... Frame 831F
Redirect Chain
  • https://bcp.crwdcntrl.net/5/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20...
  • https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Tot...
950 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
adbc4d53b3b5573379b106b917e0bfd207826c6f695c637cbf697b4cdde42566

Request headers

:method
GET
:authority
bcp.crwdcntrl.net
:scheme
https
:path
/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
_cc_cc=ctst
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

date
Thu, 26 Aug 2021 14:32:02 GMT
content-type
text/html;charset=utf-8
content-length
950
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control
no-cache
pragma
no-cache
expires
0
x-server
10.45.11.191
set-cookie
_cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Mon, 23-May-2022 14:05:00 GMT;SameSite=None;Secure _cc_id=84cc8719a3bb9ed4788bb63aca1b10ed;Path=/;Domain=crwdcntrl.net;Expires=Mon, 23-May-2022 14:05:00 GMT;SameSite=None;Secure _cc_cc="ACZ4XmNQsDBJTrYwN7RMNE5KskxNMTG3sEhKMjNOTE40TDI0SE1hAIJE9aWPfvz%2F%2F58fxAED%2BabFE%2BUY35ky%2FGdkZJj3qQ%2FO3rfmjSxM%2FOdEhJqeBQjx80v2cMPUvLz%2FVgDGPrB9Jtycy1MR6ls%2FToCLz9iH0Hu95xDcnE8n38LtPb5pCgsTxG17tMAu%2FPvZElWgc%2FJJLVSRZ4vnoGk6d%2FQQM6qa3fsuC6CKfGi4jyZyGMOcOeufcqPqercE3a6zJ9VRlVxefpuFEer6nedu8sPYq08hxD92PYKrefANIX5i8Vl2mPrLBxDiAOj8q8c%3D";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Mon, 23-May-2022 14:05:00 GMT;Max-Age=23328000;SameSite=None;Secure _cc_aud="ABR4XmNgYGBIVF%2F6CEhBADsDA9cMEJNx3SwwpTUbQoF5zBq7wLwN4mBq3XwgCQAbDgiI";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Mon, 23-May-2022 14:05:00 GMT;Max-Age=23328000;SameSite=None;Secure
access-control-allow-origin
*
server
Jetty(9.4.38.v20210224)

Redirect headers

date
Thu, 26 Aug 2021 14:32:02 GMT
content-length
0
location
https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control
no-cache
pragma
no-cache
expires
0
x-server
10.45.27.125
set-cookie
_cc_cc=ctst;Path=/;Domain=crwdcntrl.net;SameSite=None;Secure
server
Jetty(9.4.38.v20210224)
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021082501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021082501.js?31062395
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5d8c781203fbf32384f024b1d0d7fd0ecfaebddb421d51cd6e762d9ce0d971ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:32:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8539
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 14:32:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
expires
Thu, 26 Aug 2021 14:32:02 GMT
utsync.ashx
ml314.com/ Frame 831F 		43 B
422 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/utsync.ashx?eid=50146&et=0&fp=84cc8719a3bb9ed4788bb63aca1b10ed&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.138.90 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-138-90.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 26 Aug 2021 14:32:01 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0,Fri, 27 Aug 2021 10:32:02 GMT
5907
tags.bluekai.com/site/ Frame 831F 		62 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/5907?limit=0&id=14262744c902efbabbb027ffa9acaec0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 26 Aug 2021 14:32:02 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
Content-Type
image/gif
tpid=6173105f-63fb-4236-bee8-73cca50216f8
bcp.crwdcntrl.net/map/ct=y/c=10620/tp=TRAD/ Frame 831F
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0
  • https://bcp.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=6173105f-63fb-4236-bee8-73cca50216f8
  • https://bcp.crwdcntrl.net/map/ct=y/c=10620/tp=TRAD/tpid=6173105f-63fb-4236-bee8-73cca50216f8
49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=10620/tp=TRAD/tpid=6173105f-63fb-4236-bee8-73cca50216f8
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:32:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.4.127
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:32:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://bcp.crwdcntrl.net/map/ct=y/c=10620/tp=TRAD/tpid=6173105f-63fb-4236-bee8-73cca50216f8
cache-control
no-cache
x-server
10.45.17.233
content-length
0
expires
0
382416.gif
idsync.rlcdn.com/ Frame 831F 		42 B
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/382416.gif?partner_uid=84cc8719a3bb9ed4788bb63aca1b10ed&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 26 Aug 2021 14:32:02 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42
insync
thrtle.com/ Frame 831F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thrtle.com/insync?vxii_pid=10014&vxii_pdid=84cc8719a3bb9ed4788bb63aca1b10ed
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.74.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-74-246.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers
tpid=afbbb992-e738-4274-9acc-eca8a36e161a-6127a5e2-4348
sync.crwdcntrl.net/map/c=1389/tp=STSC/ Frame 831F
Redirect Chain
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?cookieQ=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
  • https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=afbbb992-e738-4274-9acc-eca8a36e161a-6127a5e2-4348
49 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=afbbb992-e738-4274-9acc-eca8a36e161a-6127a5e2-4348
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=569415509/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20helenair%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22news%2C%20sports%2C%20weather%2C%20crime%2C%20politics%2C%20natural%20resources%2C%20environment%2C%20education%2C%20helena%2C%20montana%2C%20nsw-w9ebh79q8swk54p7072i8l3je9oqvihd6clnq9o6zogd8k6w2zp1zcgg9ivzw50-bz61bgyhoxjjoqd1p1qcgjzkpswc4ykotlzvk-xv6xmezvyihvquob0j4dcw7dfq%22%7D/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:32:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.12.138
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 26 Aug 2021 14:32:01 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=afbbb992-e738-4274-9acc-eca8a36e161a-6127a5e2-4348
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame A9E6 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5029
date
Thu, 26 Aug 2021 14:04:29 GMT
expires
Fri, 26 Aug 2022 14:04:29 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1653
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame BE65 		783 B
763 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6ab99354f391d145957681d2ce8b324a5604f124feff9c7650b9cf6185bf236d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Ysj/k3XZyDl82ta3chPIZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://helenair.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://helenair.com/

Response headers

expires
Thu, 26 Aug 2021 14:32:02 GMT
date
Thu, 26 Aug 2021 14:32:02 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-Ysj/k3XZyDl82ta3chPIZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js
pagead2.googlesyndication.com/bg/ Frame A9E6 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UDeKqTBFYaEY2ioWtDs_l49rHnl3Z0jd0o7HlKSj4tA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50378aa9304561a118da2a16b43b3f978f6b1e79776748ddd28ec794a4a3e2d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 26 Aug 2021 12:51:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
6043
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13427
x-xss-protection
0
last-modified
Mon, 16 Aug 2021 15:08:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 26 Aug 2022 12:51:19 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021082501&jk=3991345993864993&bg=!yMuly4_NAAYXVutgF1Y7ACkAdvg8Wh_uEbVOXZHsDprOcnbYhj-N32IFLbjn1xF_RiUWqC0YhWopwgIAAADTUgAAAAloAQcKARIsIV5VnEhtm9YXnLZhDmkJppA-sNeifxj3OmFn4TU0aOfqQnf6EUFmagBRgdP6XK8JSc0r-h-l0se2nL1o_X1m23RbM-9w3xWeI1LQHvFNMMSt97TJks8opUpnqwT9HTUq527fkguPq3V9CijyDdKg3nQ5-g7HerAR9G-uqd3QX5elpiZD0OsaKCOFjKJMLtzECEEYAxq0W4uJRu2RJiJ0-1YI-HxsmsugtO4K3aGBTVnN57BwtL90OPs4a_UNiRZJ0rK1gQS8u-3y1lj0p90B95yGdz-6gxo5GlLkvNpN1ezA1cpL9XlNvFonqwqel-O0MBYlI1FPYVWUZcJVScWW0pPQBxAueWhetep3bPj24KGZmQJ54NFv5trqTJOQOHk7o8e9v9smYpXzqaZJ6u9d4LO8kEF-Yt8wuyzysu-sE_vZ3-F5jmLjYI_FIzJVXwFsVZcjLf7KkyL4NNy7HMQ0FMrhDmIggEmqJWf2Z4MFOXNXVaIKhZrcLZ_AlywS79tnMaQXhpaveB8T5fNgK5593dfYglbFoVkhwsCiayO-4o-zJ2q0fpyDskl4mI1gc9-4u5uqUWEfKaSAx1y3o7zUlSxTDyaQ7lIGFepPuiNdfS9cO51tf1VNUxR0R5uQonGoQxCeSt36VBF9Ylj50Fa_e9FlwD0jApUNPWfP6_TnhsLykJRb5TqZ9IhFcWjUVen-QL20uHylINaed-h_upuPqnv4q8KcjRVbLeEsyIYNdhHSvAtkf0zAbEiGhSBs1R284Y9r1iDIZ04IYeO4-717fnmMVGTCMDTmWXZwurG3NIuDDX6fuZ0xbQrP4tHCt2KNcRLz8nZtFU5ROCKM74kt-BySg13bgP-0dfrJQvuBPDWA3rU8RTYtqCmq3SNe0D2GyHL6pklsQ1l3cqpCk3K96FW6Cx6s7hUegcFhxGpZ6ZXNn9ZclHDUAgGeDCj9NWfpprqmTk2l37TB2ru485_mYhMiqPQ6y_lUZCtEDCKwwltpkAJctyHQG6MsHiaqO3UHaNupIJtkIlOCEtlXhS2sOMB6lgRdS9Q3y8eX4DuwWJPc8LcCVTwg318IyakqM-dZ9VbcLSDf8wD57RsAC82U3FD6BQw8AcjI15I_vuRsyDhmJQft-W_BLXgvNdAwjG1hgoDNbf3uu-60450_v1tqlvKCWS1ZO60QJNqPWMi8CPHqzV0l7uGm2Cxtt-IQ
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pe&tv=js-3.0.136&tna=Mather&aid=v1&p=web&tz=Europe%2FBerlin&tzoff=-120&lang=en-US&cs=UTF-8&navt=link&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_nolocalstorage=1&f_es6=1&f_gears=2&tvltm=5&tvcfg=lee&f_privb=0&tid=88e7a9e0-81a5-4cc0-8a0b-fb525e98f720&pid=7ab8e645-97eb-4609-9bb0-b4f83d32a8a6&dtm=1629988323038&qnm=_matherq&visible=1&tabid=6e94bc8a-11cf-4be0-b233-336a53212c85&url=https%3A%2F%2Fhelenair.com%2F&vp=1600x1200&ds=1600x7118&tofa=1629988323&vid=1&lvidt=1629988323&duid=58895cc940baa473&fp=3054514074&cid=ma1527&mrk=725149323&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTYyOTk4ODMwODQ5NSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIyNC41bWIiLCJoZWFwVCI6IjU2LjhtYiIsImZzdFBhaW50IjoiMjI1OSIsImZldGNoUyI6Ijc3NiIsImRvbWFpblMiOiI3NzciLCJkb21haW5FIjoiODYzIiwiY29ublMiOiI4NjMiLCJjb25uRSI6IjEwOTkiLCJzc2xTIjoiODc0IiwicmVxdVMiOiIxMDk5IiwicmVzcFMiOiIxMzIxIiwicmVzcEUiOiIxNDMwIiwiZG9tTG9hZCI6IjEzMjUiLCJkb21JbnRlciI6IjI2ODYiLCJkb21Mb2FkUyI6IjI2OTIiLCJkb21Mb2FkRSI6IjI3MDgiLCJkb21DbXBsdCI6IjEzNDc3IiwibG9hZFMiOiIxMzQ3NyIsImxvYWRFIjoiMTM1MjQifX0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.22.56.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-56-164.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Referer
https://helenair.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 26 Aug 2021 14:32:03 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length
43
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

177 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dataLayer object| _cc6894 object| LOTCC boolean| LEE_DS function| $ function| jQuery object| TNCMS function| originalLeave function| objectFitImages function| Cookies object| picturefillCFG function| picturefill object| lazySizesConfig object| lazySizes function| onYouTubeIframeAPIReady object| __tnt object| obj object| eb.platform object| o function| __d3lUW8vwsKlB__ function| lee_getSubServ boolean| lee_srvlist object| lee_isal object| googletag object| APS_dfp_ads object| apstag object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups function| TNStats_Tracker object| TNTracker function| jsonFeed function| addUspapiFrame function| optOutMsgHandler function| __uspapi object| usPrivacyCookie object| gamoo object| otCcpaOptOut function| dnsfeed object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| ggeac object| google_js_reporting_queue object| otStubData boolean| apstagLOADED object| _402 function| _402_Show object| googleToken object| googleIMState function| processGoogleTokenSync object| default_ContributorServingLoaderClientJs object| googlefc function| __Y9uNstf385Zx__ object| __fcInternalApiManager object| Yjc2NWZkNWMwMDJiOGVjbG9hZGVyX2pz string| Yjc2NWZkNWMwMDJiOGVjY2FjaGVkX2pz string| __fcInvoked string| __fcexpdef boolean| __fcInternalApiPostMessageReady boolean| creativeVendorLibraryLoaded object| __otccpaooLocation object| gaplugins object| webmonitoring object| paidtasksshim object| default_ContributorTargetingClientJs function| __906a641ff040__ function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| gaGlobal object| gaData object| default_ContributorServingDetectionClientJs function| __45zy51t9ik3m__ object| Optanon object| OneTrust undefined| falcon_sub_name undefined| lee_clus undefined| lee_ulli undefined| lee_ulld_iso8601 undefined| lee_glus undefined| lee_glusIE undefined| sub_last_login_iso8601 string| realbitz_cid string| realbitz_location string| realbitz_iframe object| H7b2hI2 function| H7b2hI3 object| xop function| messagingCallback function| processGoogleToken number| google_unique_id object| firebase object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| tncms_siteaud function| postscribe object| google_tag_manager_external object| _snowplow_trackers object| GlobalSnowplowNamespace function| snowplow function| fbq function| _fbq object| _comscore boolean| $sNavScroll object| card_carousel_1767463 object| xGL3QJ function| xGL3QK object| xblacklist object| JGJ3lM2 function| JGJ3lM3 function| xblocker object| Snowplow object| audiences function| udm_ object| ns_p object| COMSCORE object| $FR_LAB object| LI object| __li__evt_bus object| liQ object| _mather object| _matherq object| tid object| _33Across object| google_optimize boolean| 24c882a4-2349-4ccc-8c96-f36acea58b0e number| google_srt function| googleCompanionsServicePresent function| googleGetCompanionAdSlots function| googleSetCompanionAdContents function| google_companion_error undefined| dl object| default_ContributorServingCookieRefreshClientJs function| __8v31i8woen1z__ function| $TM_VR function| $TM_CC object| _tynt_jp number| Zb object| $TB function| nrlskOnEvent number| _tynt_gpt_iframe_id object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| GoogleGcLKhOms object| google_image_requests

2 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUlQH0f8CgZxiGc4xBU-v6RE6S5QhbT8rLbMaFqQ-tTDA9BjhZCUkMihDayZ
.pubmatic.com/ Name: PUBMDCID
Value: 3

13 Console Messages

Source Level URL
Text
console-api log URL: https://bloximages.chicago2.vip.townnews.com/helenair.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.440cdcae2c3272df39c09befc9eb3dd6.js(Line 1)
Message:
Google Survey: script loaded
console-api error URL: https://c.amazon-adsystem.com/aax2/apstag.js(Line 2)
Message:
TypeError: Cannot read property 'getItem' of null
console-api error URL: https://c.amazon-adsystem.com/aax2/apstag.js(Line 2)
Message:
TypeError: Cannot read property 'getItem' of null
console-api warning URL: https://helenair.com/shared-content/art/tncms/tracking.js(Line 1)
Message:
Removing tncms tracking: business/block/01cb3e2e-22a7-50ae-8987-ccda646372c0
console-api warning URL: https://helenair.com/shared-content/art/tncms/tracking.js(Line 1)
Message:
Removing tncms tracking: business/block/ed8e0351-5a44-5a83-945e-1ba92cd96975
console-api warning URL: https://helenair.com/shared-content/art/tncms/tracking.js(Line 1)
Message:
Removing tncms tracking: business/block/db12bb72-8079-5db9-9c29-cae16ae78eb1
console-api log URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js(Line 96)
Message:
received a request for uspapi
console-api log URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js(Line 96)
Message:
received a request for uspapi
console-api info URL: https://acdn.adnxs.com/ast/ast.js(Line 1)
Message:
AST library loaded: 0.40.0
console-api log URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js(Line 96)
Message:
received a request for uspapi
console-api log URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js(Line 96)
Message:
received a request for uspapi
console-api info URL: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs(Line 6)
Message:
Powered by AMP ⚡ HTML – Version 2108170213000 https://helenair.com/
console-api log URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js(Line 96)
Message:
received a request for uspapi

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8d7f56b2fe421daf0190c9b90c552157.safeframe.googlesyndication.com
a.leetemplates.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.crwdcntrl.net
ad.turn.com
ads.avct.cloud
ads.pubmatic.com
adservice.google.ch
adservice.google.com
adservice.google.de
am.freshrelevance.com
ampcid.google.com
ampcid.google.de
analytics.google.com
ap.lijit.com
b-code.liadm.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
bloximages.chicago2.vip.townnews.com
c.amazon-adsystem.com
c1.adform.net
c8.dycdn.net
cdn-sic.33across.com
cdn.ampproject.org
cdn.cookielaw.org
cdn.tynt.com
cdnjs.cloudflare.com
ce.lijit.com
click1.email.lee.net
cm.g.doubleclick.net
connect.facebook.net
contributor.google.com
creativecdn.com
cs.emxdgt.com
csync.loopme.me
d1eoo1tco6rr5e.cloudfront.net
d5p.de17a.com
d81mfvml8p5ml.cloudfront.net
de.tynt.com
dis.criteo.com
dkpklk99llpj0.cloudfront.net
dn1i8v75r669j.cloudfront.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e1a02641eac1d1930f1a0f726f313224.safeframe.googlesyndication.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
geolocation.onetrust.com
googleads.g.doubleclick.net
helenair.com
ib.adnxs.com
ic.tynt.com
id.rlcdn.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
insight.adsrvr.org
jadserve.postrelease.com
js.matheranalytics.com
map.go.affec.tv
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
ml314.com
mwzeom.zeotap.com
nep.advangelists.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
r.scoota.co
rp.liadm.com
rp4.liadm.com
rtb.gumgum.com
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
sc.tynt.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
sic.33across.com
simage2.pubmatic.com
simage4.pubmatic.com
sli.helenair.com
spl.zeotap.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
storage.googleapis.com
survey.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.extend.tv
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tagan.adlightning.com
tags.bluekai.com
tags.crwdcntrl.net
tg.socdm.com
thrtle.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.i.matheranalytics.com
x.bidswitch.net
104.111.215.191
104.16.39.14
104.16.88.26
104.18.131.43
107.178.250.234
13.224.90.44
13.224.94.202
13.224.96.5
13.224.96.7
13.225.87.51
13.248.242.197
13.248.245.213
142.250.185.162
142.250.186.98
151.101.14.49
159.253.128.183
159.65.197.210
162.55.6.210
169.197.150.8
172.217.18.98
178.250.2.151
18.156.0.31
18.158.226.176
18.195.155.181
185.184.8.65
185.29.134.248
185.33.220.243
185.33.221.11
185.64.189.114
185.64.190.78
185.64.190.80
185.64.190.81
185.86.138.119
192.104.182.209
193.0.160.128
193.122.174.27
198.148.27.140
2.16.186.209
2.18.232.130
2.18.233.180
2.18.234.21
2001:678:cb4:bbbb::11
202.241.208.56
208.100.17.175
208.100.17.184
209.54.178.82
213.155.156.167
213.19.147.45
216.52.2.39
23.37.42.132
2600:1f18:730:b120:5b38:df27:617f:9396
2600:9000:20eb:3e00:8:8845:1500:93a1
2600:9000:20eb:5600:2:36a1:2f40:21
2600:9000:20eb:8200:16:f02f:46c0:93a1
2600:9000:20eb:fa00:e:98bf:5f00:21
2600:9000:2190:6000:7:5031:dc0:21
2606:4700:10::6814:b844
2606:4700:10::6816:1857
2606:4700::6810:125e
2606:4700::6810:9440
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1288:110:c305::8000
2a00:1450:4001:800::200e
2a00:1450:4001:801::2002
2a00:1450:4001:801::2008
2a00:1450:4001:802::2010
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:80e::2011
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:813::2003
2a00:1450:4001:813::2006
2a00:1450:4001:813::200e
2a00:1450:4001:828::2002
2a00:1450:4001:829::2008
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2001
2a00:1450:4001:830::200e
2a00:1450:4001:831::2001
2a00:1450:400c:c06::9b
2a00:1450:400c:c0a::9c
2a02:fa8:8806:12::1370
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.217.216.1
3.66.103.148
34.102.205.239
34.197.167.170
34.254.108.170
35.156.217.79
35.244.159.8
35.244.174.68
37.157.6.252
46.51.180.149
51.222.80.231
52.17.151.21
52.18.224.238
52.2.140.242
52.203.60.58
52.208.138.90
52.22.56.164
52.30.92.119
52.72.74.246
52.95.116.38
54.171.74.241
54.194.104.251
54.194.226.253
54.205.198.81
54.209.16.83
66.155.71.149
67.202.110.23
67.202.110.33
69.173.144.139
70.42.32.63
72.251.249.9
74.214.203.11
85.114.159.93
0280ff19fe11ee011a065d97ef884976f5495b979735ec9bcbc64edc4584a9f9
04895d640204bc602ff558567e88b95a03c3f38affe533d13e838649c27517ff
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
05976c16ad88772de584dc03c9ce31c08ae34fd3bc8e7c8a4540d808f31187c4
059bc42513157b8af9033f063157dffd7a9a1c6bbc9e4f2b3bc75d52be38863d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
077da4bdd86f727ec21a8f9a7debeec4fa9fa18da37d7e67fcec058d98a5dcc0
0785141e6461918363176bb595c118997a66d51af8338db5999308cd593cfebd
0aae37caeb1c5064881f16534e735f299658ad15ebe527cb1969e75d9ceb1c40
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd4bf1ae6486cfafef2d68fa19256bf5f9e2c5ec095a974e57722ef1696164c
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c564ab82eab3ab608280194eefcee40765ab7872e8ed349e806e3c3170c4631
0e45f3b0dad8aa0528790a6dd6dd2831bb8547129bd1320c10fd120118f44616
0f43f4ee69c1e53622d634119250c9ecc2b189983c3e9dcf6bca4c59523b2b4e
10355faca7f4402db468fad5d706563e5524dbf5b8f59873c0eab8f8f277589a
10ab566c9fb0560fc9b7690af2b2a06cb4ce5af583a6e9796d1ece57c702c5e8
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11d254c94f92396246b111a890252b11b894c898da5fa976a1d5e9b004460ac8
1396b4de00482f4808baefce87ab7b9cb9059f7b9cc4d6fcef9770ee8f7c1c68
1465ea73b9db4601cda29c323ea3eea1fc28337bd2c5193154c9ecbd7bf38bbb
15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625
165f2224fdb220f295f4c441bad7dfc35fd9ef57cb56af722285137944f598a7
17168638051807ecfd255466abf630f13d7e4d0bb1778ff3d07c7e4306d47fff
1757667d3c2c68250df460d25347d52074edb4345faf2ee208da5fef1329a30b
1786d43f606e88572a2ac843d78f1be0a042a2c6811a4ba62b85fba61ef46edc
1826ddf1c502a1d74f744d5054c76a8450058f4dcfbdee36181dab78f80fd5a0
182c6b4ab83edade3773c1156503fe916ad788acc6930bb18fc094e9c754e1f1
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18d2b7197419b8adf795a97ed23cb9fe30658495d508783644e0df6a5cbdbeb0
18eadbed616a1c6d3afcf2750befa4c653869688479efbfdb0020c7c836d718b
19ee3ded1fe83e848e9b5cb0831689460e07c7d3d867fc692c84dc1106086293
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
1d584af3d0a8ad98207995400856e5e8c608551e080e252ed413e82c19ffd04f
1ddd466f2537ff1e7c620b9f5d3c50229baa530655c61abbdc412cf7b6c7fd5e
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
2012d0c179af652ff2333e802fc096ec743f36514e47201e29e7ec1a26ed0b9c
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
243fd09deaa5cba44ae685d3c62db15e621067e76b94f09ac74e6274a33d6c45
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28c34bd50c348323ceb8c44c6cbf5d3b5efdfcfa54b7fe00cbb7f5d0ea708bbf
29d41dd050cda909b114b1aaa7a77f72fbe6bb0d42a4639d044afff7c02c602f
2a4d9ad598d9d011645365cc7c3105f0bcbde2ea221abb324fdd6e78b6a08e14
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435
2dc00e6c10812518e5f101fdeef7624851e0431b4931d80e64470b576800f041
2dddeffdd7426663d94d31aef8ddfe4b2e39d4a0304168ca6acb4795f433d247
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2ff30298cb08600b21e18d99439aab14c6616c4436c5183aeeb1b47f68994448
318b8dfa1ea500dc3c786a253d60063590afe029fb90b84c703b0f903917f223
319fb3f4d89a19e0f859bb76ffb107b9c25d32852d50b3a0231df4a7aadf4105
321fb426ca5f214a70f2faf9f9ded0e9332a1d134c0279983cb821d50c94b7f2
33d41e6f980be3ec8e84830dcc478a41b5b9b47ed723b7f7e555f2d2058e59fc
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
39b3f4ea7da5be033ccad2fbabd47e7fc1aeb7ef44651b4c1e08a216aabbef8d
3c9a2d086d47148ae23b40fb16fa13a5bd578e40aa7ee5acabd1ad9d3c958ecf
3cf855b286a289807fcde35dcccb168869b3abfe3cd1dba316e637f2fb350e32
3e4515f504b3f855b5fa765e6201f1adc54882fdea7717665d5f86252937c40d
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
420d760b3817a28f4b63a3720e9d8738eea92d7b22e4cc4fbbe2f228f967445f
4691e4ae7863a83fe7679a9cb4ec3c2eff53480c06a7ad64d7e44944b0507317
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4a5a3fbb570e2fb0305390a410128e5abd9b173f209c82566885aebafd6ff4e3
4a7db3ff3308d88ef807be269a72794f4e060cd11eaf6a2896afab31660254ac
4b0224fae2e405a8bc4d63456b01fcd8d31f19ef9ad06af143a34c7b39dc7fe8
4c821f2d169369324022057e9948ed8f9d45794d18b6c8c3fbbba900bb65158c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e5f4917fcbf9bd8784a026015ec9bd4a53ba94dda9236429102896b81daa700
4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
50378aa9304561a118da2a16b43b3f978f6b1e79776748ddd28ec794a4a3e2d0
54d528eb0b994d71ca7be6ee8846c1eb60345d246d7c7f0752d82f1edea366a8
5a2f10e09cd6e81eb686dbca9e6056ed485e87d3869bac347455547c294cb036
5ba48222d5ae6066f894806e15f6d6d18a7634f6de6f6dec31df4c4853a29012
5cd66459aa15b4ecd19335032593163d728cb4f9b2db0ac0deb907936ab580d4
5ce13be598edfd846efab78c26f472db47b5692ee7dee6ed73f54be5fcaef00f
5d8c781203fbf32384f024b1d0d7fd0ecfaebddb421d51cd6e762d9ce0d971ba
5e5d9cd3b17fd047222e0cf1a3387e5f98041c108908938edf9bd745ce6e7c30
60e84234431070d0911c4304bc33225b0d8ab232afc2520eda897c9f76f94c8a
68b8dcfdc69521111731a7c8091cb4886638343ee50752911b52e88fe87a9483
6a70744d3a386f977bc0c80bd180f2c4b2ce4a997684fe95dc6647bb82e0771a
6aacc52873a6948e2c72e879491c0dc78d66893a9da8f7b89f919ef5a5bfdbac
6ab99354f391d145957681d2ce8b324a5604f124feff9c7650b9cf6185bf236d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bcbd407315629962e522137179b674eb1f06e73a7d68847d9c20b009182fb02
6d8b76cb673b3af30f99448de96d4bfa03546c4e7808ce9c6ccaa9777efc90ac
6e5061a91ef054bf919b9e356d75f54d07c2977cb42c7cb114cb2b2ced4201e2
7169b20ff9116852953e326ad3776ac06c0f14a5a21a3e07f3fb8b5c46418a61
71b13b55be1a33a82a31ea37491719614e76960c34a7f13bf200bcb7474babee
722c7ab4681dd36bc27477089b5977dfaed2ca5f035d15e5ec30d7eb72d4a20c
723b190bd7d2a6c13c282a309cdbb34466016b01b9fb3b007ecb20d8dc2bf366
7522fb0c0582f187a3781998cbdfbebfbce00affc3525c0adc5b61f93eb6907e
75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0
778d4c6c6da7b5f3c6736b1d8c46ee163c3a0345ead90363f8200aa8a487b3d8
7b905c61f09034c9105890220ab9e41587342adb7aa5a69f2cce72792bff2049
7d6bc5ccc0d04e6ccfbecd2bd5775b3604995e5196b4e08c179d0885e7e94925
7ed3dec353a1d177e660a5ebd744150d06bd7eae1d37b6453233a46b4d2a341b
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81b7af26b74252d07703011bffcfde89c858f09fb8dd8f24713a61564fd06218
827bc7a88b36b8c61707052ef37d8b41d800ee4302eaf464e1f869b798031370
82ced36c2772bf72b7e1e3b66510b2bfe031605be7de58e44b8887d9d814bf62
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8416f8febc369c76d3fc82e78d0c49c84bf1dd1904b73cee557fccdbbb5b9005
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
867ce9601074a2da0e8e8f40f93bd19cf82492e30754a8fd56abb4405cae7e37
893ad605de01155b4c1c2590782f6de53f33f4ced3bb0895e182b02ba96ca4bf
8b73d385d4e55746335aba4086c9fc38bc7b386d96e06eafc20c8e2dbd6c04be
8d37f23647537d48ee4f0c05b8acdf093cb828fe3c5703653aedfdd5f88cde2d
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235
9684b98d3f0145a9252aecec6b30b937a05c6db86e72d19ded16a23d9a2c7f77
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9931497f370a73b6188d5ae34a2163272df3014c73b0624a3b5abca1b9ece025
99d9db36685f4473105170acb756d375a1bf6aa18a5f9453964ca7cae9083830
a1351e8e44a29799f94b3c8e83310022985e38b823f2fbdc86a7ec871550abb3
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a29dad202727a8f89f56e508410baff0a8f3ca5d4905194d9215bd9e2b6ca5ad
a37e78100d484338c2a2fc7c643da6e713b32ac9882a0fd115ead24b3e61ac83
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5c82326c9d20a9f40367c64f9320f3e5299be9e199f4d38e5d27c4446534482
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a64f09c80bed2347df9f2ef789b03c84b69d6b9cf56e2a376a52561b57511825
a6eee83f6b80c0e1ea2da03e9c526dae896f5617d6bde939053699e91c9d5058
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a84ef2b0185b4cc40d7ae7116311b6b8a1ec8f4c9b09948c123fd652e887762b
a8bf75f9c9220c3b689184f6bb40f875c7e241306abf46ccaa374fc153a1fa67
a9760d16505688f9080fa5f9d9b28cbfec60424b64dc7d8411c307a804d15e5a
a97b23cee3aaa6fd8309fb4cc6ee03708183a8b7435626071192ad881dc6af11
ab3720ec9df0ab25fbf008182775d93067a9147967bedb6df501e9696adb4821
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
acb4ca36dc176ee8ed53b2f2e35b790124db29dde45ad8da201e69be9f642cc0
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ad2de503b302c2e4db22fc86cfe1f6e62a880e7e014574fbbb8e8551bd2ac671
adbc4d53b3b5573379b106b917e0bfd207826c6f695c637cbf697b4cdde42566
b10974a3a0a13984be42682394096446718a889cb6ab9a1fe74dac0c25917c43
b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2bedb8d9b818971c16b394180d1decd7e9993d6d6bcc0656637fa4a2e0ef191
b47f209ec42adefdc4478377971469aaa38a5d3976fd7a4d899cfb3d9fbc26b2
b4dfecece4900e75ceb75f2cad93a0eac31ccaa12c4d882ed101942b0e912034
b53a8679f64261d270c8e531fe1e2b8e463f3592155dcf4c2dbc5deeab2f3b63
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b7472515853b3544b603dbd5f4bb0d4f5a498e184680e8a12ac068be657b854c
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bb5ce01b20484f41ca2f7bfcf6c603f197ed3422418b62eff31c6f68a654303d
bb74cc8e45d1408e44d42285d7c37a61cb1e79b7b700349757649e38a2e94350
bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938
bc91e6a04d588a7d4f339752810fa2b72e6ec67d507fe911619d38fbf80b8ae2
bca2ccdd5846d54ff24d04393a9d6ce0b5d60a91814e7bd2755b03059ed98c2e
bd036ad86754ea25ac1107a2c362aa7ccef6726614534b5e49723b6765caad91
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f
c79456b94ef17205d2e7ce09158c3c97e909feb47209e69b0590d7951759849c
c7dd5e1772037fc42030a3f4102640364b8cc6ad696c549fa95f3d7f13041cb0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb7e2c1f7122238eda04ed3cd8a75e9b4bfa787c2fb2a2b695736c3e0309b5b3
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc74be52523bbf26f30d26ba655706225c65bdec51f3c6df4d122aa10c696d0c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d3ac1ce74d996fd1d5eb2f34feae5f87a3afa267474dc38308bf28a2f2462b9a
d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f
d5340b5fc3790009ac910a68646074c8de500c26d5cb885eeaf889cbfe7ae940
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d940a34f56c7163f85bfe3ccd1467f9cab0b03ae7493c26193a9821c689b8dc9
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb
da46bc766028c67f94e34c39ecf0c36513fd5ffffe1e126ce09908ebcd671eb6
ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c
dfeb7783a538aaf85df056bf149c808937dccdb3e3af5714d6fba017054e2f94
e2c33e0a58aa29c3cffdf4703371dd02dabd096e70c7076359d64f8cd90f0975
e31c42447e764b1195ff393437950867800ce2465dd3724c95640f4f5b34487c
e37b589b15c35555fee3cc6ca69dc10391533290a33520f335015a90d846d48a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46bbca81676cec30cde85d511665c7c5b372f3850e37cd1d619b184cfee33f7
e482a48fef03d183029fa2edf995fc8e9ce023f18649fd1d9149958e977068a1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01ad85dd7212b78d8ae38081560d8ab2ccd5f91205402127da4170e0207d04c
f216ada54fdf038b59f1a7ce80cc58cec13915002dacab7cfea2add06d3b420d
f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3
f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c
f6cc7162855e9a8502df88a40eb0417c332398b7f9541ade0537dcb4f1974a6d
f85b23a2b7db5c7a66a29c99e5649a9447a91edcbf9b3881b0bda48dedd82c95
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe5d23d415187d71dfa026db8852418f98513ef7f7a1c3e1321bc95d6d6a0f5f
fe83bf4d90f17ac9ecb4808ffe059d64d79d5cf6752859c37a8113584e959c2a
ffa8814637fab7a454e06a6403a650615c04044d4f881b04ffdfcdc1395d98da