www.medicareadvantage.com Open in urlscan Pro
40.71.199.117 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://str.visionarygeek.eu/spute/nSNtMFb9Kvq2bdvnieLIZvj2FWYTUcQihyQHmyxZJjRO4vEAAU1Nb9bOQJaH3Wtf8Y1AyliIkbwbHvoQLMbtB2NvfR...
Effective URL:
https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&...
Submission: On February 06 via api (February 6th 2020, 10:56:19 pm UTC) from BE

Summary HTTP 105 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 49 IPs in 9 countries across 47 domains to perform 105 HTTP transactions. The main IP is 40.71.199.117, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.medicareadvantage.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on September 3rd 2019. Valid for: a year.

This is the only time www.medicareadvantage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	86.106.95.57 86.106.95.57	201117 (EBONE-NET-AS) (EBONE-NET-AS)
1	103.83.36.136 103.83.36.136	136171 (MEDHAHOST...) (MEDHAHOSTING-AS-AP Medha Hosting)
17	40.71.199.117 40.71.199.117	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.35.253.29 13.35.253.29	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
7	50.97.168.187 50.97.168.187	36351 (SOFTLAYER) (SOFTLAYER)
2	143.204.213.96 143.204.213.96	16509 (AMAZON-02) (AMAZON-02)
1	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2606:4700:20:... 2606:4700:20::681a:a13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2001:4860:480... 2001:4860:4802:38::15	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
3 4	2a00:1450:400... 2a00:1450:4001:816::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1 6	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
3	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
2	52.200.79.99 52.200.79.99	14618 (AMAZON-AES) (AMAZON-AES)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	34.253.126.105 34.253.126.105	16509 (AMAZON-02) (AMAZON-02)
5 5	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	46.228.164.13 46.228.164.13	56396 (TURN) (TURN)
1 1	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE)
3 3	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE)
3 4	185.33.223.200 185.33.223.200	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	52.59.74.203 52.59.74.203	16509 (AMAZON-02) (AMAZON-02)
1	3.122.14.108 3.122.14.108	16509 (AMAZON-02) (AMAZON-02)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	70.42.32.95 70.42.32.95	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.57.126.118 52.57.126.118	16509 (AMAZON-02) (AMAZON-02)
1	52.30.161.101 52.30.161.101	16509 (AMAZON-02) (AMAZON-02)
2	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
1	23.45.108.93 23.45.108.93	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	35.157.238.72 35.157.238.72	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:194::143a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.215.83.217 18.215.83.217	14618 (AMAZON-AES) (AMAZON-AES)
1	162.210.196.208 162.210.196.208	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC-01)
1	34.254.119.250 34.254.119.250	16509 (AMAZON-02) (AMAZON-02)
1 2	52.49.234.3 52.49.234.3	16509 (AMAZON-02) (AMAZON-02)
1	23.5.109.152 23.5.109.152	16625 (AKAMAI-AS) (AKAMAI-AS)
105	49

1 86.106.95.57 (United Kingdom) 1 redirects

ASN201117 (EBONE-NET-AS, GB)

str.visionarygeek.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.83.36.136 (Asheville, United States)

ASN136171 (MEDHAHOSTING-AS-AP Medha Hosting, IN)
PTR: 3fak.btuk.stream

www.yilopeet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 40.71.199.117 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.medicareadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.253.29 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-29.fra6.r.cloudfront.net

widget.trustpilot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:824::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 50.97.168.187 (Dallas, United States)

ASN36351 (SOFTLAYER, US)
PTR: bb.a8.6132.ip4.static.sl-reverse.com

api.trustedform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.213.96 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-213-96.fra53.r.cloudfront.net

solutions.invocacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:a13 (United States)

ASN13335 (CLOUDFLARENET, US)

loader.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
popup.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:38::15 (United States)

ASN15169 (GOOGLE, US)

fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9b (Brussels, Belgium) 3 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:816::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.2.151 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.194.58 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.200.79.99 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-79-99.compute-1.amazonaws.com

pnapi.invoca.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.126.105 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-126-105.eu-west-1.compute.amazonaws.com

customer.mediawallahscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:1::13 (France) 5 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.13 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::4000 (United Kingdom) 1 redirects

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Switzerland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.22.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s18-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.223.200 (Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 308.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.74.203 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-74-203.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.14.108 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-14-108.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

cw.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.95 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.126.118 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-126-118.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.161.101 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-161-101.eu-west-1.compute.amazonaws.com

cm.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.110 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.108.93 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-108-93.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.238.72 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-238-72.eu-central-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:194::143a (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

ade.clmbtech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.215.83.217 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-83-217.compute-1.amazonaws.com

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.210.196.208 (Arlington, United States)

ASN30633 (LEASEWEB-USA-WDC-01, US)

sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.119.250 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-119-250.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.234.3 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-234-3.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.5.109.152 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-5-109-152.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	medicareadvantage.com www.medicareadvantage.com	529 KB
12	criteo.com 6 redirects sslwidget.criteo.com widget.us.criteo.com gum.criteo.com dis.criteo.com	7 KB
7	doubleclick.net 6 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	3 KB
7	trustedform.com api.trustedform.com	24 KB
6	fullstory.com fullstory.com rs.fullstory.com	191 KB
5	facebook.net connect.facebook.net	262 KB
5	gstatic.com fonts.gstatic.com	50 KB
5	google-analytics.com 1 redirects www.google-analytics.com	42 KB
4	adnxs.com 3 redirects secure.adnxs.com	4 KB
4	facebook.com www.facebook.com	665 B
4	google.de www.google.de	437 B
4	google.com 3 redirects www.google.com	649 B
3	yahoo.com 1 redirects ads.yahoo.com sp.analytics.yahoo.com ups.analytics.yahoo.com	2 KB
3	wisepops.com loader.wisepops.com popup.wisepops.com app.wisepops.com	87 KB
3	bing.com bat.bing.com	8 KB
3	googleapis.com ajax.googleapis.com fonts.googleapis.com	7 KB
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	360yield.com 1 redirects ad.360yield.com	844 B
2	smartadserver.com rtb-csync.smartadserver.com	1 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1001 B
2	openx.net 1 redirects us-u.openx.net	503 B
2	casalemedia.com 1 redirects r.casalemedia.com	2 KB
2	outbrain.com 1 redirects sync.outbrain.com	792 B
2	advertising.com 2 redirects pixel.advertising.com	702 B
2	tapad.com 1 redirects pixel.tapad.com	953 B
2	invoca.net pnapi.invoca.net	1 KB
2	invocacdn.com solutions.invocacdn.com	34 KB
2	googletagmanager.com www.googletagmanager.com	65 KB
2	trustpilot.com widget.trustpilot.com	7 KB
1	bluekai.com tags.bluekai.com	765 B
1	krxd.net beacon.krxd.net	337 B
1	aralego.com sync.aralego.com	509 B
1	kargo.com crb.kargo.com	505 B
1	clmbtech.com ade.clmbtech.com	239 B
1	teads.tv criteo-sync.teads.tv	286 B
1	revcontent.com cm.revcontent.com	335 B
1	media.net contextual.media.net	49 B
1	pubmatic.com simage2.pubmatic.com	993 B
1	addthis.com cw.addthis.com	426 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	rlcdn.com idsync.rlcdn.com	433 B
1	turn.com 1 redirects d.turn.com	514 B
1	mediawallahscript.com customer.mediawallahscript.com	367 B
1	criteo.net static.criteo.net	10 KB
1	googleadservices.com www.googleadservices.com	10 KB
1	yilopeet.com www.yilopeet.com	572 B
1	visionarygeek.eu 1 redirects str.visionarygeek.eu	368 B
105	47

	Domain	Requested by
17	www.medicareadvantage.com	www.yilopeet.com www.medicareadvantage.com
7	api.trustedform.com	www.medicareadvantage.com api.trustedform.com
5	dis.criteo.com
5	gum.criteo.com	5 redirects
5	connect.facebook.net	www.yilopeet.com connect.facebook.net
5	fonts.gstatic.com	www.medicareadvantage.com
5	www.google-analytics.com	1 redirects www.medicareadvantage.com www.google-analytics.com
4	secure.adnxs.com	3 redirects
4	www.facebook.com	www.medicareadvantage.com
4	www.google.de	www.medicareadvantage.com
4	www.google.com	3 redirects www.medicareadvantage.com
3	cm.g.doubleclick.net	3 redirects
3	rs.fullstory.com	fullstory.com
3	stats.g.doubleclick.net	3 redirects
3	fullstory.com	www.yilopeet.com fullstory.com
3	bat.bing.com	www.yilopeet.com www.medicareadvantage.com
2	dpm.demdex.net	1 redirects
2	ad.360yield.com	1 redirects
2	rtb-csync.smartadserver.com
2	x.bidswitch.net	1 redirects
2	us-u.openx.net	1 redirects
2	r.casalemedia.com	1 redirects
2	sync.outbrain.com	1 redirects
2	pixel.advertising.com	2 redirects
2	pixel.tapad.com	1 redirects
2	pnapi.invoca.net	solutions.invocacdn.com
2	solutions.invocacdn.com	www.yilopeet.com solutions.invocacdn.com
2	www.googletagmanager.com	www.medicareadvantage.com www.googletagmanager.com
2	fonts.googleapis.com	www.medicareadvantage.com ajax.googleapis.com
2	widget.trustpilot.com	www.medicareadvantage.com widget.trustpilot.com
1	tags.bluekai.com
1	beacon.krxd.net
1	sync.aralego.com
1	crb.kargo.com
1	ade.clmbtech.com
1	criteo-sync.teads.tv
1	cm.revcontent.com
1	contextual.media.net
1	simage2.pubmatic.com
1	cw.addthis.com
1	pixel.rubiconproject.com
1	ups.analytics.yahoo.com
1	idsync.rlcdn.com
1	sp.analytics.yahoo.com
1	ads.yahoo.com	1 redirects
1	d.turn.com	1 redirects
1	customer.mediawallahscript.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	app.wisepops.com	loader.wisepops.com
1	popup.wisepops.com	loader.wisepops.com
1	widget.us.criteo.com	www.medicareadvantage.com
1	sslwidget.criteo.com	1 redirects
1	static.criteo.net	www.googletagmanager.com
1	loader.wisepops.com	www.yilopeet.com
1	www.googleadservices.com	www.googletagmanager.com
1	ajax.googleapis.com	www.medicareadvantage.com
1	www.yilopeet.com
1	str.visionarygeek.eu	1 redirects
105	58

This site contains links to these domains. Also see Links.

Domain
www.bbb.org
www.facebook.com
www.medicare.gov

Subject Issuer	Validity	Valid
www.yilopeet.com Let's Encrypt Authority X3	`2020-01-26` - `2020-04-25`	3 months	crt.sh
medicareadvantage.com Sectigo RSA Organization Validation Secure Server CA	`2019-09-03` - `2020-12-22`	a year	crt.sh
*.trustpilot.com Amazon	`2019-05-29` - `2020-06-29`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.trustedform.com Go Daddy Secure Certificate Authority - G2	`2019-01-04` - `2020-03-05`	a year	crt.sh
invocacdn.com Amazon	`2020-01-21` - `2021-02-21`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-01-16` - `2020-04-15`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-07-30` - `2020-07-29`	a year	crt.sh
*.criteo.net DigiCert ECC Secure Server CA	`2019-12-03` - `2021-04-06`	a year	crt.sh
*.fullstory.com COMODO RSA Domain Validation Secure Server CA	`2017-12-27` - `2021-03-26`	3 years	crt.sh
www.google.de GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.us.criteo.com DigiCert ECC Secure Server CA	`2019-06-12` - `2020-06-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.invoca.net Go Daddy Secure Certificate Authority - G2	`2018-08-08` - `2020-10-30`	2 years	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2019-11-02` - `2020-11-06`	a year	crt.sh
*.mediawallahscript.com Amazon	`2019-06-18` - `2020-07-18`	a year	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2019-12-05` - `2021-04-08`	a year	crt.sh
*.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-10-06` - `2020-04-03`	6 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-10-30` - `2020-04-27`	6 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2018-12-30` - `2020-03-30`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2019-04-17` - `2020-05-04`	a year	crt.sh
revcontent.com Amazon	`2019-09-19` - `2020-10-19`	a year	crt.sh
*.smartadserver.com Thawte RSA CA 2018	`2018-09-07` - `2020-02-17`	a year	crt.sh
teads.tv Let's Encrypt Authority X3	`2020-01-08` - `2020-04-07`	3 months	crt.sh
*.360yield.com Amazon	`2019-09-24` - `2020-10-24`	a year	crt.sh
static.clmbtech.com GeoTrust RSA CA 2018	`2019-02-08` - `2020-05-09`	a year	crt.sh
kargo.com Amazon	`2019-12-09` - `2021-01-09`	a year	crt.sh
*.aralego.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-23` - `2021-11-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
beacon.krxd.net DigiCert SHA2 Secure Server CA	`2020-01-30` - `2021-01-30`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh

This page contains 4 frames:

Primary Page: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Frame ID: C71913186CDC32AA7B29FD13DFA5025E
Requests: 74 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/539ad60defb9600b94d7df2c/index.html?templateId=539ad60defb9600b94d7df2c&businessunitId=5cb78f39fe9c960001425562
Frame ID: 9CB79BEF380EF13C3B365F82455C0CDF
Requests: 1 HTTP requests in this frame

Frame: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2926&partner_device_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Frame ID: 5C05FCBBC76F74352135039F40042F97
Requests: 31 HTTP requests in this frame

Frame: https://fullstory.com/s/fs.js
Frame ID: 1D857E9708FA01D770B6D2110984B3CF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://str.visionarygeek.eu/spute/nSNtMFb9Kvq2bdvnieLIZvj2FWYTUcQihyQHmyxZJjRO4vEAAU1Nb9bOQJaH3Wtf8Y1Ayl... HTTP 302
https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3... Page URL
https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
script /googleapis\.com\/.+webfont/i

Page Statistics

105
Requests

100 %
HTTPS

33 %
IPv6

47
Domains

58
Subdomains

49
IPs

9
Countries

1348 kB
Transfer

3621 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bbb.org/us/nj/fort-lee/profile/insurance/tz-insurance-solutions-llc-0221-90120720

Search URL Search Domain Scan URL

URL: https://www.facebook.com/medicareadvantagecom/
Title: Follow us on Facebook

Search URL Search Domain Scan URL

URL: http://www.medicare.gov/
Title: www.medicare.gov

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://str.visionarygeek.eu/spute/nSNtMFb9Kvq2bdvnieLIZvj2FWYTUcQihyQHmyxZJjRO4vEAAU1Nb9bOQJaH3Wtf8Y1AyliIkbwbHvoQLMbtB2NvfR1gS0b7mfrGM28WC1_crutHE1RhHrFXok3Zx14hn62dUHiVHFcVWUPPgkyXqQZy6WK1MM5foTU_YMiTqI4_hpbLUUE0NhdtMF HTTP 302
https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/ Page URL
https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://str.visionarygeek.eu/spute/nSNtMFb9Kvq2bdvnieLIZvj2FWYTUcQihyQHmyxZJjRO4vEAAU1Nb9bOQJaH3Wtf8Y1AyliIkbwbHvoQLMbtB2NvfR1gS0b7mfrGM28WC1_crutHE1RhHrFXok3Zx14hn62dUHiVHFcVWUPPgkyXqQZy6WK1MM5foTU_YMiTqI4_hpbLUUE0NhdtMF HTTP 302
https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/

Request Chain 40

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j80&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&gjid=339308244&_gid=1484854204.1581029760&_u=aGDAgEADQ~&z=1656320933 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&_v=j80&z=1656320933 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&_v=j80&z=1656320933&slf_rd=1&random=2088724806

Request Chain 41

https://www.google-analytics.com/r/collect?v=1&_v=j80&a=1573584473&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&dr=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&ul=en-us&de=UTF-8&dt=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Set%20http%20referrer&ea=www.yilopeet.com&_u=aGDAAEADQ~&jid=218573815&gjid=570736283&cid=704377576.1581029760&tid=UA-66468741-1&_gid=1484854204.1581029760&_r=1&gtm=2wg1t0KX4TVG&cd12=www.yilopeet.com&z=1440944803 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_gid=1484854204.1581029760&gjid=570736283&_v=j80&z=1440944803 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_v=j80&z=1440944803 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_v=j80&z=1440944803&slf_rd=1&random=146271419

Request Chain 44

https://sslwidget.criteo.com/event?a=34878&v=5.5.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.yilopeet.com&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=medicareadvantage.com&dtycbr=50946 HTTP 302
https://widget.us.criteo.com/event?a=34878&v=5.5.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.yilopeet.com&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=medicareadvantage.com&dtycbr=50946

Request Chain 68

https://pixel.tapad.com/idsync/ex/receive?partner_id=2926&partner_device_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2926&partner_device_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f

Request Chain 70

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D HTTP 302
https://gum.criteo.com/sync?s=1&c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/WHN36MO_QAY-1HJ38VrZ24MwTuBUl9qh/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2382330507186218235

Request Chain 71

https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1 HTTP 302
https://dis.criteo.com/dis/rtb/rightmedia/cookiematch.aspx?xid=E0

Request Chain 74

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_cm&google_hm=FZwIPRr6hEyzqpPhkVYsbw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_cm=&google_hm=FZwIPRr6hEyzqpPhkVYsbw&google_tc= HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_gid=CAESENWJiI2pT0UhPIv8haWN3A4&google_cver=1&google_ula=913071,0

Request Chain 75

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D95287%26redir%3Dhttps%253A%252F%252Fsecure.adnxs.com%252Fgetuid%253Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fappnexus%252Fcookiematch.aspx%253Fappnxsid%253D%2524UID HTTP 302
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3932742012551617658

Request Chain 76

https://pixel.advertising.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1&apid=UPd8aeb76d-4933-11ea-85b5-0664db8ae1ec

Request Chain 79

https://sync.outbrain.com/cookie-sync?p=criteo&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f HTTP 302
https://sync.outbrain.com/cookie-sync?p=criteo&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&rdrctExp=true

Request Chain 80

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&C=1

Request Chain 81

https://us-u.openx.net/w/1.0/sd?id=537072953&val=3d089c15-fa1a-4c84-b3aa-93e191562c6f&c=us HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072953&val=3d089c15-fa1a-4c84-b3aa-93e191562c6f&c=us

Request Chain 84

https://x.bidswitch.net/sync?dsp_id=46&user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&expires=30

Request Chain 88

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f

Request Chain 93

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j80&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&gjid=959917919&_gid=1484854204.1581029760&_u=aHDAgEADQ~&z=1962142247 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&_v=j80&z=1962142247 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&_v=j80&z=1962142247&slf_rd=1&random=3620710802

Request Chain 96

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=mOImmNNDAM15Elq0Bp15cN3JmJiYV4CK

Request Chain 97

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=FZwIPRr6hEyzqpPhkVYsbw HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Request Chain 98

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=-KjvyUw0q4Pu5mjQw_oZpdnaiXO0C30C HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=-KjvyUw0q4Pu5mjQw_oZpdnaiXO0C30C

Request Chain 101

https://gum.criteo.com/sync?c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40 HTTP 302
https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=dzNQ5qGdMnmJrqfkxopBQUs_a_UK1eui

105 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set / Show response
www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/
Redirect Chain

http://str.visionarygeek.eu/spute/nSNtMFb9Kvq2bdvnieLIZvj2FWYTUcQihyQHmyxZJjRO4vEAAU1Nb9bOQJaH3Wtf8Y1AyliIkbwbHvoQLMbtB2NvfR1gS0b7mfrGM28WC1_crutHE1RhHrFXok3Zx14hn62dUHiVHFcVWUPPgkyXqQZy6WK1MM5foTU...
https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/

268 B
572 B

587ms
246ms

Document
text/html

103.83.36.136
MEDHAHOSTING-AS-A...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.83.36.136 Asheville, United States, ASN136171 (MEDHAHOSTING-AS-AP Medha Hosting, IN),
Reverse DNS: 3fak.btuk.stream
Software: Apache /
Resource Hash: 793dca8eef48396ca1952e380b0d4beba15d51622db3942c2f34ef608d4c5eec

Request headers

Host: www.yilopeet.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 06 Feb 2020 22:55:59 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 268
Server: Apache
Set-Cookie: uid4660=528015601-20200206175559-44d3def81b7f81f69bf8adb622ccebdf-; domain=yilopeet.com; expires=Sat, 07-Mar-2020 22:55:59 GMT; path=/; SameSite=None; Secure

Redirect headers

Server: nginx
Date: Thu, 06 Feb 2020 22:55:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Origin: *
location: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/

GET
H2 200 Primary Request / Show response
www.medicareadvantage.com/ 38 KB
14 KB 313ms
124ms Document
text/html 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916

Requested by

Host: www.yilopeet.com
URL: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

09136ace9c9bb4df0b56a34b27ec470fda6ae057a3160f176c791bd05219c788

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

:method: GET
:authority: www.medicareadvantage.com
:scheme: https
:path: /?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/

Response headers

status: 200
cache-control: private
content-length: 13460
content-type: text/html; charset=utf-8
content-encoding: br
vary: Accept-Encoding
set-cookie: ASP.NET_SessionId=3aw5srj3tc5xilctiy40zq5t; path=/; HttpOnly; SameSite=Lax ASP.NET_SessionId=3aw5srj3tc5xilctiy40zq5t; path=/; HttpOnly; SameSite=Lax __RequestVerificationToken=pntOqvpBXLTp6wXAh5y0zOPBYjUYKGWpwn5_Pn5pA01zdHGbzTY_Jxy7Y8RxpbabE_6gnAr0926yEhuRW3SK5n-9GsF8YW9yo04hVDgBUYk1; path=/; HttpOnly ARRAffinity=75ce112a088adede3d2a2eaa4b9273f9eea76541a198d6a5d467f064a6324249;Path=/;HttpOnly;Domain=www.medicareadvantage.com
x-frame-options: SAMEORIGIN SAMEORIGIN
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320
access-control-expose-headers: Request-Context
date: Thu, 06 Feb 2020 22:55:59 GMT

GET
H2 200 open-sans-condensed-v12-latin-700.woff2
www.medicareadvantage.com/fonts/ 16 KB
16 KB 172ms
171ms Font
application/x-font-woff2 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.medicareadvantage.com/fonts/open-sans-condensed-v12-latin-700.woff2

Requested by

Host: www.medicareadvantage.com
URL: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2e3d279ce7882d2b0bb2e9147db63968eb26f0e926ba3d4ba37901cf3847fcad

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com

Response headers

date: Thu, 06 Feb 2020 22:55:59 GMT
last-modified: Thu, 26 Sep 2019 16:50:46 GMT
etag: "077c88a8a74d51:0"
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff2
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1209600
accept-ranges: bytes
content-length: 15892
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 bundle.css
www.medicareadvantage.com/Content/css/ 365 KB
48 KB 92ms
92ms Stylesheet
text/css 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.medicareadvantage.com/Content/css/bundle.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f35fa941ec6364fc02ba2ef295da8ab672a24e0ccf8afcb53787e3eafca8126a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:55:59 GMT
content-encoding: gzip
last-modified: Thu, 26 Sep 2019 16:50:42 GMT
x-frame-options: SAMEORIGIN
etag: "01d66888a74d51:0"
vary: Accept-Encoding
content-type: text/css
status: 200
access-control-expose-headers: Request-Context
cache-control: private,max-age=604800
accept-ranges: bytes
content-length: 49283
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 tp.widget.bootstrap.min.js Show response
widget.trustpilot.com/bootstrap/v5/ 20 KB
7 KB 97ms
30ms Script
application/x-javascript 13.35.253.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Requested by: Host: www.medicareadvantage.com
URL: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-29.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5d9371e0c41f5f47e50429fdb0aeecca88b5f31c047093468614211ce03e5d90

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 15:19:02 GMT
content-encoding: gzip
age: 27420
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
content-length: 6493
last-modified: Wed, 22 Jan 2020 10:29:21 GMT
server: AmazonS3
etag: "cc8c66d103e872eaaae4c3628bf0ac0c"
content-type: application/x-javascript
via: 1.1 7ed7afde326861e358c3c83359e99895.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: GhW7XgiR5V4XoCLAd_-P-48fWlg7GjL8-YP8-ombLnMTyptM32_WTw==

GET
H2 200 ma-logo-color-stacked.svg
www.medicareadvantage.com/Content/img/ 4 KB
1 KB 92ms
92ms Image
image/svg+xml 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/Content/img/ma-logo-color-stacked.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

73b318f137888cf807a521c67aac1e32ac6f9e9388b84c1cdfd41e90fbba9181

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:55:59 GMT
content-encoding: gzip
last-modified: Thu, 26 Sep 2019 16:50:44 GMT
x-frame-options: SAMEORIGIN
etag: "04a97898a74d51:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
access-control-expose-headers: Request-Context
cache-control: private,max-age=604800
accept-ranges: bytes
content-length: 1337
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 ma-logo-color.svg
www.medicareadvantage.com/Content/img/ 4 KB
1 KB 154ms
154ms Image
image/svg+xml 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/Content/img/ma-logo-color.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ffd5962bd47592ab10ccb3b117fba293a4c4bab5cf0ccef70de298c3428c0fa7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
last-modified: Thu, 26 Sep 2019 16:50:44 GMT
x-frame-options: SAMEORIGIN
etag: "04a97898a74d51:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
access-control-expose-headers: Request-Context
cache-control: private,max-age=604800
accept-ranges: bytes
content-length: 1325
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 plan-pills.svg
www.medicareadvantage.com/media/1542/ 3 KB
1 KB 93ms
92ms Image
image/svg+xml 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1542/plan-pills.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

9fc738e4dd975d17435d3848ffd9964152a4d195dac73b5cd041b4c40c714126

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
last-modified: Thu, 26 Sep 2019 16:50:58 GMT
x-frame-options: SAMEORIGIN
etag: "085ef918a74d51:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 1142
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 plan-glasses.svg
www.medicareadvantage.com/media/1543/ 1 KB
1 KB 95ms
94ms Image
image/svg+xml 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1543/plan-glasses.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3a198e74a03f5e42b5c094d57cb6683ae97f60196cfb92910cebc1f2421546af

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:50:58 GMT
etag: "085ef918a74d51:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 1048
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 plan-pig.svg
www.medicareadvantage.com/media/1544/ 3 KB
1 KB 93ms
92ms Image
image/svg+xml 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1544/plan-pig.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2865ded653f1b1acaee6cf385c92fd7dcfbf2017f321c29f25a3e1602f33fb1b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
last-modified: Thu, 26 Sep 2019 16:50:58 GMT
x-frame-options: SAMEORIGIN
etag: "085ef918a74d51:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 1390
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 millionpeople.svg
www.medicareadvantage.com/media/1512/ 94 KB
38 KB 96ms
95ms Image
image/svg+xml 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1512/millionpeople.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c6c66a57fa80f7b6643eeb450478c9fd70a1daed0d1c0d11323b2971f18734b5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
last-modified: Thu, 26 Sep 2019 16:50:56 GMT
x-frame-options: SAMEORIGIN
etag: "058be908a74d51:0"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 39030
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 guide-large.png
www.medicareadvantage.com/media/1522/ 76 KB
76 KB 95ms
94ms Image
image/png 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1522/guide-large.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

345936abb6d8682e5f3573e6d3245490c4e0ca4a8a357f0bd8a1f47e56f19a88

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:50:58 GMT
etag: "085ef918a74d51:0"
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 78090
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 fireworks.png
www.medicareadvantage.com/media/1539/ 15 KB
15 KB 93ms
92ms Image
image/png 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1539/fireworks.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c76967d28a687a5cc3cb12e02860772e4009d1502dfd7c1bc802a8422ea6d342

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:50:58 GMT
etag: "085ef918a74d51:0"
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 15242
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 bundle.js Show response
www.medicareadvantage.com/Content/js/ 302 KB
96 KB 92ms
92ms Script
application/x-javascript 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.medicareadvantage.com/Content/js/bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

063a9ec59354724ad529c305837e51109f1b3338783e1777b678e86f66003eee

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:55:59 GMT
content-encoding: gzip
last-modified: Thu, 26 Sep 2019 16:50:44 GMT
x-frame-options: SAMEORIGIN
etag: "04a97898a74d51:0"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
access-control-expose-headers: Request-Context
cache-control: private,max-age=604800
accept-ranges: bytes
content-length: 97627
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 13 KB
6 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 04 Feb 2020 17:32:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 192237
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Feb 2021 17:32:03 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
496 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Kalam

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

55ced71ea4228031709df886da6495168b120a644b841c1699599c225df61517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 06 Feb 2020 22:56:00 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 06 Feb 2020 22:56:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 24 Jan 2020 01:10:36 GMT
server: Golfe2
age: 4050
date: Thu, 06 Feb 2020 21:48:30 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17926
expires: Thu, 06 Feb 2020 23:48:30 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 137 KB
37 KB 39ms
38ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KX4TVG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5097dfa297f9d9cabcc2b66e2aeaa775da27a5ee0438dc7cb89b5463012ff276

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=604800; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 38123
x-xss-protection: 0
last-modified: Thu, 06 Feb 2020 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 hero-xlg.jpg
www.medicareadvantage.com/media/1538/ 134 KB
134 KB 115ms
115ms Image
image/jpeg 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1538/hero-xlg.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

22c44c1cf017c400479ea8a4e5c80e5b9f0287219b746b74ed531d1938d3e1b2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:50:58 GMT
etag: "085ef918a74d51:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 137025
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 line.svg
www.medicareadvantage.com/Content/img/ 563 B
605 B 112ms
111ms Image
image/svg+xml 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/Content/img/line.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

93973492eb84cf5b25fe4aac945a281bc71b470574aecdb3050a4d6b95180ce4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/Content/css/bundle.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:50:44 GMT
etag: "04a97898a74d51:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
access-control-expose-headers: Request-Context
cache-control: private,max-age=604800
accept-ranges: bytes
content-length: 563
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 video-spanish.jpg
www.medicareadvantage.com/media/1534/ 39 KB
40 KB 112ms
111ms Image
image/jpeg 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/media/1534/video-spanish.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

474b0c4de380d57f97b6eb34a8932950b7e10c224cb75109d82a53b8277de0c3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:50:58 GMT
etag: "085ef918a74d51:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1814400
accept-ranges: bytes
content-length: 40422
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 line.png
www.medicareadvantage.com/Content/img/ 1 KB
1 KB 111ms
111ms Image
image/png 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.medicareadvantage.com/Content/img/line.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

156c95e3749e7d2b48981a237f966d6dfd52c7b712460c76bb73b39acc290fb6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.medicareadvantage.com/Content/css/bundle.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:50:44 GMT
etag: "04a97898a74d51:0"
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
access-control-expose-headers: Request-Context
cache-control: private,max-age=604800
accept-ranges: bytes
content-length: 1202
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 medicare-advantage.woff2
www.medicareadvantage.com/fonts/ 44 KB
44 KB 157ms
157ms Font
application/x-font-woff2 40.71.199.117
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.medicareadvantage.com/fonts/medicare-advantage.woff2?maynzp

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.199.117 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e4bd109458efd809ef10a7dbb1154cdcae99c610b25b977a9756aa9e9c63434d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.medicareadvantage.com/Content/css/bundle.css
Origin: https://www.medicareadvantage.com

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Thu, 26 Sep 2019 16:51:24 GMT
etag: "0ce6ea18a74d51:0"
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff2
status: 200
access-control-expose-headers: Request-Context
cache-control: public,max-age=1209600
accept-ranges: bytes
content-length: 45248
request-context: appId=cid-v1:fbd9fb0b-8ff4-4767-8cab-a851e58b7320

GET
H2 200 YA9dr0Wd4kDdMthROCfhsCkA.woff2
fonts.gstatic.com/s/kalam/v10/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/kalam/v10/YA9dr0Wd4kDdMthROCfhsCkA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81149e87be7f93d9e207c69b0e17dda3135e3c923263f551f5c3a79569f1fd33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Kalam
Origin: https://www.medicareadvantage.com

Response headers

date: Fri, 31 Jan 2020 21:19:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2019 23:49:49 GMT
server: sffe
age: 524200
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14048
x-xss-protection: 0
expires: Sat, 30 Jan 2021 21:19:20 GMT

GET
H2 200 trustedform.js Show response
api.trustedform.com/ 3 KB
2 KB 409ms
132ms Script
application/javascript 50.97.168.187
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=15810297603250.7728322017468918

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.97.168.187 Dallas, United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

bb.a8.6132.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

1ed9628d0aedaf495f9bd3d215bd961047bdbf8e12c0a3da84d2f8fc6c78cd28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 200
date: Thu, 06 Feb 2020 22:56:00 GMT
cache-control: max-age=0, private, must-revalidate
server: nginx
content-encoding: gzip
strict-transport-security: max-age=15768000
content-type: application/javascript; charset=utf-8

GET
H2 200 css
fonts.googleapis.com/ 10 KB
763 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c06b6329970d1560039f39c4935a041d96fcf0f877b47951d8ece559a1b4dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 06 Feb 2020 22:56:00 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 06 Feb 2020 22:56:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 63 KB
24 KB 40ms
39ms Script
application/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-W7RGLWD&cid=704377576.1581029760

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

764ec907880a85a302c0c8b2bd413e4ba464f5d460c3cc1da9191dec8a08d632

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=604800; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24023
x-xss-protection: 0
last-modified: Thu, 06 Feb 2020 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 index.html
widget.trustpilot.com/trustboxes/539ad60defb9600b94d7df2c/ Frame 9CB7 0
0 154ms
154ms Document
text/html 13.35.253.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/trustboxes/539ad60defb9600b94d7df2c/index.html?templateId=539ad60defb9600b94d7df2c&businessunitId=5cb78f39fe9c960001425562
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-29.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: widget.trustpilot.com
:scheme: https
:path: /trustboxes/539ad60defb9600b94d7df2c/index.html?templateId=539ad60defb9600b94d7df2c&businessunitId=5cb78f39fe9c960001425562
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916

Response headers

status: 200
content-type: text/html
content-length: 3188
date: Thu, 06 Feb 2020 22:56:01 GMT
last-modified: Thu, 23 Jan 2020 10:29:44 GMT
etag: "de47c8427ef4f3f683ffa93e2c79ee97"
x-amz-server-side-encryption: AES256
cache-control: max-age=86400
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 7ed7afde326861e358c3c83359e99895.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 1iCFeTiwvfgSNxRCa-5x4oWXRoqdG6hq8lIvY4ZWAXfGJ8QTIcU-Pg==

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Origin: https://www.medicareadvantage.com

Response headers

date: Sat, 01 Feb 2020 00:22:27 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 513213
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9132
x-xss-protection: 0
expires: Sun, 31 Jan 2021 00:22:27 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Origin: https://www.medicareadvantage.com

Response headers

date: Wed, 05 Feb 2020 01:55:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:44 GMT
server: sffe
age: 162055
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9180
x-xss-protection: 0
expires: Thu, 04 Feb 2021 01:55:05 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Origin: https://www.medicareadvantage.com

Response headers

date: Tue, 04 Feb 2020 20:18:40 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:11 GMT
server: sffe
age: 182240
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9080
x-xss-protection: 0
expires: Wed, 03 Feb 2021 20:18:40 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Origin: https://www.medicareadvantage.com

Response headers

date: Tue, 04 Feb 2020 20:40:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:37 GMT
server: sffe
age: 180908
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9016
x-xss-protection: 0
expires: Wed, 03 Feb 2021 20:40:52 GMT

GET
H2 200 pnapi_integration-latest.min.js Show response
solutions.invocacdn.com/js/ 88 KB
28 KB 126ms
49ms Script
text/javascript 143.204.213.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js
Requested by: Host: www.yilopeet.com
URL: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.96 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-96.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c03628d9933445974fb52e2a61530b55bfb27101c25716eb35a031a3a81151c9

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-amz-version-id: bbDEPkpenxKKvKwJa7oBfu6o3yLH332L
content-encoding: gzip
last-modified: Sat, 14 Dec 2019 00:09:15 GMT
server: AmazonS3
age: 3140
date: Thu, 06 Feb 2020 22:03:41 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
status: 200
cache-control: max-age=3600
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: DDeYbk5N1MAowkvHpw3YZ_0lUtcpc8ZyTr_XNxbioofg4L3h29pPsA==
via: 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 26 KB
10 KB 180ms
67ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KX4TVG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

ec7024e764e94caa58c7a18f4624dc84c9ee15537ff5418fd44e2f037f8abc30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9931
x-xss-protection: 0
server: cafe
etag: 8273558640064030436
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 29ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.yilopeet.com
URL: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89b531e78902333807b825faf77cd11cc927fe364ea2ba9307f65365f7e811f7

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
last-modified: Fri, 31 Jan 2020 21:01:31 GMT
x-msedge-ref: Ref A: AB394DCD0F9945428546C1A9E42463D9 Ref B: FRAEDGE0717 Ref C: 2020-02-06T22:56:00Z
access-control-allow-origin: *
etag: "8087c39c79d8d51:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7297

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 269 KB
72 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.yilopeet.com
URL: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

af9f1db26a9da02b1c3f09fc507418348b38bfb3757dfa1385b205d00ffd2829

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 72952
x-xss-protection: 0
pragma: public
x-fb-debug: RXGP6EFmpS3577sZw9pA28PUpTer0nNkEZX0w7S3tdltRkPIdFul/ZNWfcbI41CvdlVea8f69gmQB8QXRVXyMw==
x-fb-trip-id: 1850256238
date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 get-loader.js Show response
loader.wisepops.com/ 32 KB
9 KB 72ms
40ms Script
text/javascript 2606:4700:20::681a:a13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://loader.wisepops.com/get-loader.js?v=1&site=DwcvfpvHj3
Requested by: Host: www.yilopeet.com
URL: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4945981c3af2b35d46db5c32b6fdc0424a5053e7907588598fd74f06b535cbd

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-wisepops-server: popup-prod-eu-6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
cf-ray: 5610b702cb202748-FRA
x-robots-tag: noindex, nofollow

GET
H2 200 ld.js Show response
static.criteo.net/js/ld/ 29 KB
10 KB 39ms
13ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/ld.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KX4TVG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6a60018cab3d38d035188490d869d5dc1283a7dd115917226df457ca92887f7f

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
last-modified: Mon, 16 Dec 2019 15:00:50 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5df79c22-7533"
content-type: text/javascript
status: 200
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 07 Feb 2020 22:56:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9365637

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KX4TVG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cd4311d31dfee2b200b30a5f575deb187e869bb67673dce32dfb017e24a2cca0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=604800; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28363
x-xss-protection: 0
last-modified: Thu, 06 Feb 2020 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 fs.js Show response
fullstory.com/s/ 177 KB
63 KB 36ms
14ms Script
application/javascript 2001:4860:4802:38::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fullstory.com/s/fs.js

Requested by

Host: www.yilopeet.com
URL: https://www.yilopeet.com/DasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~/594916/427fe6a7370519ce86f7aab1141a07a5/70121652/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

db763b1905360b60c599166ce98f720f8281b5fc9b13feb6ef9d2e015c08793d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
server: Google Frontend
age: 452
etag: "TP25PQ"
vary: Accept-Encoding
content-type: application/javascript
status: 200
x-cloud-trace-context: 0fe744fa39daea1ba335416db905fb29
cache-control: public, max-age=600
date: Thu, 06 Feb 2020 22:48:28 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-length: 64153
expires: Thu, 06 Feb 2020 22:58:28 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 6ms
5ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j80&a=1573584473&t=pageview&_s=1&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&dr=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&ul=en-us&de=UTF-8&dt=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAgEADQ~&jid=606977859&gjid=339308244&cid=704377576.1581029760&tid=UA-66468741-1&_gid=1484854204.1581029760&gtm=2wg1t0KX4TVG&cd2=1581029760409.zi6k9cfg&cd7=23%3A56%3A00&cd17=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&cd18=2020-02-06T23%3A56%3A00.409%2B01%3A00&cd16=704377576.1581029760&z=1703530283

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Feb 2020 05:30:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 149150
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j80&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&gjid=339308244&_gid=1484854204.1581029760&_u=aGDAgEADQ~&z=1656320933
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&_v=j80&z=1656320933
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&_v=j80&z=1656320933&slf_rd=1&random=2088724806

42 B
109 B

19ms
19ms

Image
image/gif

2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&_v=j80&z=1656320933&slf_rd=1&random=2088724806

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=606977859&_v=j80&z=1656320933&slf_rd=1&random=2088724806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j80&a=1573584473&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%2...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_gid=1484854204.1581029760&gjid=570736283&_v=j80&z=1440944803
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_v=j80&z=1440944803
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_v=j80&z=1440944803&slf_rd=1&random=146271419

42 B
109 B

18ms
17ms

Image
image/gif

2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_v=j80&z=1440944803&slf_rd=1&random=146271419

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=218573815&_v=j80&z=1440944803&slf_rd=1&random=146271419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 174588406419360 Show response
connect.facebook.net/signals/config/ 176 KB
48 KB 59ms
59ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/174588406419360?v=next&r=canary

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fee65566caf7eabca39aa37bd471f5fdbe238ff675c598381fe9495c2a30997c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 4kkVNC7YB6ePee8UUNYzTVWO485elRg4FVDqO2T6i6cI9xuqCU9qwyoqGfLHBXy1fqiF1mugAG9uEjFGqhmAxA==
x-fb-trip-id: 1850256238
date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
93 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5010995&Ver=2&mid=bd5c0cc0-94b2-4341-48a8-9a67e9691f58&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&kw=medicare,%20medicare%20advantage,%20free%20quote,%20medicare%20advantage%20plans,%20compare%20quotes,%20free%20online%20quote,%20Original%20Medicare,%20Medicare%20Part%20C,%20Medicareadvantage.com&p=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&r=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&lt=607&evt=pageLoad&msclkid=N&rn=484345
Requested by: Host: www.medicareadvantage.com
URL: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 27A847028BBD448398214D9DD257F6B5 Ref B: FRAEDGE0717 Ref C: 2020-02-06T22:56:00Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

event Show response
widget.us.criteo.com/
Redirect Chain

https://sslwidget.criteo.com/event?a=34878&v=5.5.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.yilopeet.com&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=medicareadvantage.com&dtycbr=50946
https://widget.us.criteo.com/event?a=34878&v=5.5.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.yilopeet.com&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=medicareadvantage.com&dtycbr=50946

7 KB
3 KB

311ms
115ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.us.criteo.com/event?a=34878&v=5.5.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.yilopeet.com&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=medicareadvantage.com&dtycbr=50946
Requested by: Host: www.medicareadvantage.com
URL: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 078d8d33bfbfbfabb78dce5c7df0a756ef72a5a5d6a1947e7dd1b8218f81fad6

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:55:59 GMT
content-encoding: gzip
content-type: application/x-javascript
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
status: 200
cache-control: no-cache
timing-allow-origin: *
content-length: 3256
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
location: https://widget.us.criteo.com/event?a=34878&v=5.5.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.yilopeet.com&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=medicareadvantage.com&dtycbr=50946
status: 302
cache-control: no-cache
timing-allow-origin: *
content-length: 0
expires: 0

POST
H2 200 page Show response
rs.fullstory.com/rec/ 2 KB
2 KB 520ms
483ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/page
Requested by: Host: fullstory.com
URL: https://fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.186.194.58 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: b30df95381e59a6de07af4ee1cd6b0dc038f85a8d94ddee9614bcd4a7c34af79

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
via: 1.1 google
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.medicareadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: 0

POST
H2 200 my-wisepop Show response
popup.wisepops.com/ 127 B
242 B 35ms
34ms XHR
application/json 2606:4700:20::681a:a13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popup.wisepops.com/my-wisepop
Requested by: Host: loader.wisepops.com
URL: https://loader.wisepops.com/get-loader.js?v=1&site=DwcvfpvHj3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7e3b693bfe8fb2646a629532fc9009ec9a1aee466ceaec1c518f076251aa139

Request headers

Accept: application/json
Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-wisepops-server: popup-prod-eu-6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/json
access-control-allow-origin: https://www.medicareadvantage.com
x-robots-tag: noindex, nofollow
access-control-allow-credentials: true
cf-ray: 5610b7034b4d2748-FRA

GET
H2 200 139185626725322 Show response
connect.facebook.net/signals/config/ 176 KB
48 KB 65ms
65ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/139185626725322?v=next&r=canary

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

06e76c609fb41df979ef53cc2748084fce7a64a4b305f544cb39d3ffcea08114

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: tQ0OPRzcleafsdDo0zRrdq/QcFzhAKtK/m7g5UNRVVgaQYpSX0/KNZrzgy8N0YicBXRL+41fsyVtJps+KqDkAA==
x-fb-trip-id: 1850256238
date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
362 B 17ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=174588406419360&ev=PageView&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&rl=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&if=false&ts=1581029760540&sw=1600&sh=1200&v=next&r=canary&ec=0&o=28&ttf=784.2450013160706&tts=711.7999998629093&ttse=782.9950025081635&fbp=fb.1.1581029760540.2036091874&it=1581029760470&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 tag-live.js Show response
solutions.invocacdn.com/js/networks/1458/3326147965/ 23 KB
6 KB 409ms
409ms Script
text/javascript 143.204.213.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://solutions.invocacdn.com/js/networks/1458/3326147965/tag-live.js
Requested by: Host: solutions.invocacdn.com
URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.96 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-96.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 861289df344675c131d2ea1deaa2df24c4e47fac10ab5efae4270b401e0aed8e

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 05 Feb 2020 07:25:55 GMT
content-encoding: gzip
last-modified: Wed, 08 Jan 2020 14:41:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
x-amz-version-id: Q.DSSqhHusnH6lB.5hGFMeP0sD8ieqAA
status: 200
cache-control: max-age=300
x-amz-replication-status: COMPLETED
content-type: text/javascript
x-amz-cf-id: Al6oDV52ZtSoHIrxu1rcTPe16BdOwjpmVUaE5iH5kR7gsKkUcBn4pQ==
via: 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)

GET
H2 200 189739.js Show response
app.wisepops.com/shared/wisepops/eff6a6d632c6199a31d4b81aeab3b532/ 269 KB
78 KB 102ms
87ms Script
application/javascript 2606:4700:20::681a:a13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.wisepops.com/shared/wisepops/eff6a6d632c6199a31d4b81aeab3b532/189739.js?v=1579188295000
Requested by: Host: loader.wisepops.com
URL: https://loader.wisepops.com/get-loader.js?v=1&site=DwcvfpvHj3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a0a23eeb808720c39d08e211e617cad15a768b9ec7184159897d55c44c451c4

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 16 Jan 2020 15:25:54 GMT
server: cloudflare
access-control-allow-origin: *
etag: W/"4327e-59c4370e015eb-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000, s-maxage=10
cf-ray: 5610b7039b632748-FRA
x-robots-tag: noindex, follow

GET
H2 200 371184110055554 Show response
connect.facebook.net/signals/config/ 176 KB
48 KB 65ms
65ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/371184110055554?v=next&r=canary

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7668f09744969d9bbf1ea5d6e38309015cc50c41c3b9593b4fa5fbdd52ade92c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 6SXbVvRTZDwv9uYHDUCJPOBi133XoX/F1Rj5UiKKxcPBvCnGjwatL6ZfPC8gVCnG08Ig40KWASNRCilAu8067Q==
x-fb-trip-id: 1850256238
date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=139185626725322&ev=PageView&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&rl=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&if=false&ts=1581029760615&sw=1600&sh=1200&v=next&r=canary&ec=0&o=28&ttf=859.5750016868114&tts=711.7999998629093&ttse=786.7900004386902&fbp=fb.1.1581029760540.2036091874&it=1581029760470&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/942774981/ 3 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/942774981/?random=1581029760634&cv=9&fst=1581029760634&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1t0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&ref=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&tiba=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96a89333bab8da76285e06c0a57aee5ebadad602ed1ce6b65ab23518ed8de335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1276
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/942774981/ 42 B
110 B 21ms
20ms Image
image/gif 2a00:1450:4001:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/942774981/?random=1581029760634&cv=9&fst=1581026400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1t0&sendb=1&frm=0&url=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&ref=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&tiba=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&async=1&fmt=3&is_vtc=1&random=124212536&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/942774981/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/942774981/?random=1581029760634&cv=9&fst=1581026400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1t0&sendb=1&frm=0&url=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&ref=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&tiba=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&async=1&fmt=3&is_vtc=1&random=124212536&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 189269471741754 Show response
connect.facebook.net/signals/config/ 176 KB
47 KB 62ms
62ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/189269471741754?v=next&r=canary

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1153a88c29e500e35a8bd4df896be0fea76ecceb9ae00d5bebae7fa79b540ac9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: vVRQYgcgwNsnfaC6DX9AhJoCE2eDK1ZxG5jbSkCwov3Te3b/QYFTMuOD6dDtBnv2FM0KDs9Pqw2eewX6iMk96w==
x-fb-trip-id: 1850256238
date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
5ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=371184110055554&ev=PageView&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&rl=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&if=false&ts=1581029760688&sw=1600&sh=1200&v=next&r=canary&ec=0&o=28&ttf=932.5050024092197&tts=711.7999998629093&ttse=860.3600023090839&fbp=fb.1.1581029760540.2036091874&it=1581029760470&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1744f2dce86348d5bfff1114e5198d7354202eae09fdec735255a90241a32b7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e7cddaaf64f1bd450dd1fa1e7bd2fb70eb0c1499b8c214f44382d3b9cc84872e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=189269471741754&ev=PageView&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&rl=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&if=false&ts=1581029760764&sw=1600&sh=1200&v=next&r=canary&ec=0&o=28&ttf=1009.0900009274483&tts=711.7999998629093&ttse=933.4950020313263&fbp=fb.1.1581029760540.2036091874&it=1581029760470&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:00 GMT, Thu, 06 Feb 2020 22:56:00 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Thu, 06 Feb 2020 22:56:00 GMT

GET
H2 200 t.js Show response
api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/ 56 KB
21 KB 131ms
131ms Script
application/javascript 50.97.168.187
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/t.js?lo=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&l=15810297603250.7728322017468918&f=false&n=f8e691a1ec97a04f7e7df6b5cd1e066d2ae29e08&cs=g3QAAAACZAABdGJePJmAZAABdnQAAAADbQAAAAVmaWVsZG0AAAAUeHhUcnVzdGVkRm9ybUNlcnRVcmxtAAAAAWxtAAAAHzE1ODEwMjk3NjAzMjUwLjc3MjgzMjIwMTc0Njg5MThtAAAAEHByb3ZpZGVfcmVmZXJyZXJkAAVmYWxzZQ%3D%3D&csh=wyzgSr42sFKWnBma6r9Z6fzEYfFKVO14N8G5XHfySjg%3D

Requested by

Host: api.trustedform.com
URL: https://api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=15810297603250.7728322017468918

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.97.168.187 Dallas, United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

bb.a8.6132.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

d11a81ab79ba0eeaccb6bcbfd64e1db59d2be1ad58a9940da7d53f22fa26aadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 200
date: Thu, 06 Feb 2020 22:56:00 GMT
cache-control: max-age=0, private, must-revalidate
server: nginx
content-encoding: gzip
strict-transport-security: max-age=15768000
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK map_number.jsonp Show response
pnapi.invoca.net/2/api/2014-09-01/ 505 B
684 B 484ms
136ms Script
text/plain 52.200.79.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pnapi.invoca.net/2/api/2014-09-01/map_number.jsonp?network_id=1458&js_version=3.6.22&tag_id=1458%2F3326147965&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916%22%2C%22referrer%22%3A%22https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F%22%2C%22cores%22%3A16%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22screenWidth%22%3A1600%2C%22screenHeight%22%3A1200%2C%22language%22%3A%22en-US%22%7D&request_data_shared_params=%7B%22q_publisher%22%3A%22594916%22%2C%22q_placement%22%3A%22528015601%22%2C%22pub_id%22%3A%22160007%22%2C%22q_campaignid%22%3A%221_state%22%2C%22sub_id%22%3A%22state%22%2C%22q_creative%22%3A%22MA_MadTest_Email1%22%2C%22tfn%22%3A%22MjAxLTc0Ni0xODky%22%2C%22afid%22%3A%22521124%22%2C%22src%22%3A%22tz_ma_email_mad%22%2C%22exp_landing%22%3Anull%2C%22full_url%22%3A%22https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916%22%2C%22gclid%22%3Anull%2C%22google_property_id%22%3A%22UA-66468741-1%22%2C%22g_cid%22%3Anull%2C%22Interaction_id%22%3Anull%2C%22k_clickid%22%3Anull%2C%22msclkid%22%3Anull%2C%22original_call_start_time_local%22%3Anull%2C%22original_call_start_time_utc%22%3Anull%2C%22profile_name%22%3Anull%2C%22q_accountid%22%3Anull%2C%22q_adgroupid%22%3Anull%2C%22q_adid%22%3Anull%2C%22q_adposition%22%3Anull%2C%22q_criteria%22%3Anull%2C%22q_device%22%3Anull%2C%22q_devicemodel%22%3Anull%2C%22q_feeditemid%22%3Anull%2C%22q_keyword%22%3Anull%2C%22q_matchtype%22%3Anull%2C%22q_network%22%3Anull%2C%22q_query%22%3Anull%2C%22q_targetid%22%3Anull%2C%22utm_medium%22%3A%22referral%22%2C%22utm_source%22%3A%22yilopeet.com%22%7D&request_data=%5B%7B%22advertiser_campaign_id_from_network%22%3A%22362498%22%2C%22request_id%22%3A%22362498%22%7D%2C%7B%22advertiser_campaign_id_from_network%22%3A%22625218%22%2C%22request_id%22%3A%22625218%22%7D%5D&destination_settings=%7B%22paramName%22%3Anull%7D&jsoncallback=json_rr1&
Requested by: Host: solutions.invocacdn.com
URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.79.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-79-99.compute-1.amazonaws.com
Software: Goliath /
Resource Hash: 9251399579fb75269bbc99eb4a397b343d583002b99be74c17a6a6c9f99a63f8

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 06 Feb 2020 22:56:01 GMT
Server: Goliath
Connection: keep-alive
processing_time: 34.89752ms
Content-Length: 505

POST
H2 200 bundle Show response
rs.fullstory.com/rec/ 29 B
97 B 281ms
280ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle?OrgId=PGJDY&UserId=4620146195005440&SessionId=5068486330253312&PageId=4631579842543616&Seq=1&PageStart=1581029760780&PrevBundleTime=0&LastActivity=546&IsNewSession=true
Requested by: Host: fullstory.com
URL: https://fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.186.194.58 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 629f922223f37ae46e5c44f3931c3bfb3f7bf5769c0baa7a2219862542c82202

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
via: 1.1 google
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.medicareadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 29
expires: 0

POST
H2 200 h Show response
api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/ 0
262 B 542ms
287ms XHR
text/html 50.97.168.187
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/h?n=dbe0f5ae3b32595020f41e395a240f518dde48fd&l=15810297603250.7728322017468918&a=1&ce=z&t=cors

Requested by

Host: api.trustedform.com
URL: https://api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/t.js?lo=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&l=15810297603250.7728322017468918&f=false&n=f8e691a1ec97a04f7e7df6b5cd1e066d2ae29e08&cs=g3QAAAACZAABdGJePJmAZAABdnQAAAADbQAAAAVmaWVsZG0AAAAUeHhUcnVzdGVkRm9ybUNlcnRVcmxtAAAAAWxtAAAAHzE1ODEwMjk3NjAzMjUwLjc3MjgzMjIwMTc0Njg5MThtAAAAEHByb3ZpZGVfcmVmZXJyZXJkAAVmYWxzZQ%3D%3D&csh=wyzgSr42sFKWnBma6r9Z6fzEYfFKVO14N8G5XHfySjg%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.97.168.187 Dallas, United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

bb.a8.6132.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 06 Feb 2020 22:56:01 GMT
server: nginx
status: 200
access-control-max-age: 1728000
access-control-allow-methods: POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=15768000
access-control-allow-headers: Content-Type,Content-Length,X-Requested-With
content-length: 0

POST
H2 200 f Show response
api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/ 0
262 B 378ms
130ms XHR
text/html 50.97.168.187
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/f?l=15810297603250.7728322017468918&n=a54b4f73f1c3672ad3f069a407715f0f3daf3613&rn=0&a=1&t=cors

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.97.168.187 Dallas, United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

bb.a8.6132.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 06 Feb 2020 22:56:01 GMT
server: nginx
status: 200
access-control-max-age: 1728000
access-control-allow-methods: POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=15768000
access-control-allow-headers: Content-Type,Content-Length,X-Requested-With
content-length: 0

POST
H2 200 md Show response
api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/ 0
263 B 376ms
127ms XHR
text/html 50.97.168.187
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/md?a=1&t=cors

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.97.168.187 Dallas, United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

bb.a8.6132.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 06 Feb 2020 22:56:01 GMT
server: nginx
status: 200
access-control-max-age: 1728000
access-control-allow-methods: POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=15768000
access-control-allow-headers: Content-Type,Content-Length,X-Requested-With
content-length: 0

GET
H2 204 0
bat.bing.com/action/ 0
117 B 29ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5010995&Ver=2&mid=bd5c0cc0-94b2-4341-48a8-9a67e9691f58&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&kw=medicare,%20medicare%20advantage,%20free%20quote,%20medicare%20advantage%20plans,%20compare%20quotes,%20free%20online%20quote,%20Original%20Medicare,%20Medicare%20Part%20C,%20Medicareadvantage.com&p=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&r=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&lt=607&evt=pageLoad&msclkid=N&rn=484345
Requested by: Host: www.medicareadvantage.com
URL: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: F32DCCF9B23A4E1CA93B764B8FFEC5E8 Ref B: FRAEDGE0717 Ref C: 2020-02-06T22:56:01Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 5C05
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2926&partner_device_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2926&partner_device_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f

95 B
449 B

25ms
25ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2926&partner_device_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.227.248.159 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(8.1.13.v20130916) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
via: 1.1 google
server: Jetty(8.1.13.v20130916)
date: Thu, 06 Feb 2020 22:56:01 GMT
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
status: 200
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

strict-transport-security: max-age=31536000
via: 1.1 google
server: Jetty(8.1.13.v20130916)
date: Thu, 06 Feb 2020 22:56:01 GMT
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2926&partner_device_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
status: 302
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK /
customer.mediawallahscript.com/ Frame 5C05 32 B
367 B 115ms
30ms Image
image/png 34.253.126.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://customer.mediawallahscript.com/?account_id=1043&customer_id=1037&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&custom=&tag_format=img&tag_action=sync&custom=&cb=b1e28d93-df3b-48e1-98c3-24e3609b1ff5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.126.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-126-105.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 06 Feb 2020 22:56:01 GMT
Server: nginx/1.12.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Connection: keep-alive
Content-Type: image/png
Content-Length: 32
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/cdb/ Frame 5C05
Redirect Chain

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%25...
https://gum.criteo.com/sync?s=1&c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdi...
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/WHN36MO_QAY-1HJ38VrZ24MwTuBUl9qh/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_...
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2382330507186218235

43 B
291 B

26ms
26ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2382330507186218235
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:00 GMT
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2382330507186218235
Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:01 GMT
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Server: Apache-Coyote/1.1
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/rightmedia/ Frame 5C05
Redirect Chain

https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1
https://dis.criteo.com/dis/rtb/rightmedia/cookiematch.aspx?xid=E0

43 B
291 B

26ms
25ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/rightmedia/cookiematch.aspx?xid=E0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Thu, 06 Feb 2020 22:56:01 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
location: https://dis.criteo.com/dis/rtb/rightmedia/cookiematch.aspx?xid=E0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status: 302
x-content-type-options: nosniff
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame 5C05 43 B
770 B 183ms
128ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 , Switzerland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:01 GMT
x-content-type-options: nosniff
age: 0
status: 200
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
expires: Thu, 06 Feb 2020 22:56:01 GMT

GET
H2 200 362338.gif
idsync.rlcdn.com/ Frame 5C05 42 B
433 B 153ms
120ms Image
image/gif 35.190.72.21
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362338.gif?partner_uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&ct=3&cv=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:01 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 200
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 42

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 5C05
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_cm&google_hm=FZwIPRr6hEyzqpPhkVYsbw
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_cm=&google_hm=FZwIPRr6hEyzqpPhkVYsbw&google_tc=
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_gid=CAESENWJiI2pT0UhPIv8haWN3A4&google_cver=1&google_ula=913071,0

43 B
291 B

25ms
25ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_gid=CAESENWJiI2pT0UhPIv8haWN3A4&google_cver=1&google_ula=913071,0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
server: HTTP server (unknown)
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=3d089c15-fa1a-4c84-b3aa-93e191562c6f&google_gid=CAESENWJiI2pT0UhPIv8haWN3A4&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 394
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 5C05
Redirect Chain

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D95287%26redir%3Dhttps%253A%252F%252Fsecure.adnxs.com%252Fgetuid%253Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fappnexus%252Fcookiematch.as...
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3932742012551617658

43 B
291 B

31ms
31ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3932742012551617658
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:03 GMT
AN-X-Request-Uuid: 1f80bb03-0d53-4af5-bfc6-9d198656c935
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3932742012551617658
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 194.36.110.102; 194.36.110.102; 308.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.90:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55945/ Frame 5C05
Redirect Chain

https://pixel.advertising.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1
https://pixel.advertising.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1&verify=true
https://ups.analytics.yahoo.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1&apid=UPd8aeb76d-4933-11ea-85b5-0664db8ae1ec

0
561 B

94ms
30ms

Image
text/plain

3.122.14.108
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1&apid=UPd8aeb76d-4933-11ea-85b5-0664db8ae1ec

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.14.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-14-108.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
date: Thu, 06 Feb 2020 22:56:01 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Thu, 06 Feb 2020 22:56:01 GMT
strict-transport-security: max-age=31536000
content-length: 0
location: https://ups.analytics.yahoo.com/ups/55945/sync?uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&_origin=1&apid=UPd8aeb76d-4933-11ea-85b5-0664db8ae1ec
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 5C05 0
239 B 143ms
37ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=3d089c15-fa1a-4c84-b3aa-93e191562c6f&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H2 204 t.gif
cw.addthis.com/ Frame 5C05 0
426 B 220ms
158ms Image
text/plain 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cw.addthis.com/t.gif?pid=113&pdid=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 06 Feb 2020 22:56:01 GMT

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 5C05
Redirect Chain

https://sync.outbrain.com/cookie-sync?p=criteo&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f
https://sync.outbrain.com/cookie-sync?p=criteo&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&rdrctExp=true

0
445 B

91ms
91ms

Image
text/plain

70.42.32.95
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&rdrctExp=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

X-TraceId: 5880b7159bb68b973c5c10e5b44279b0
Date: Thu, 06 Feb 2020 22:56:02 GMT
Content-Length: 0

Redirect headers

Location: https://sync.outbrain.com/cookie-sync?p=criteo&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f&rdrctExp=true
Date: Thu, 06 Feb 2020 22:56:01 GMT
X-TraceId: ea2911df756d14cea075839fbd3c2f5d
Content-Length: 0

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame 5C05
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&C=1

43 B
995 B

74ms
74ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:01 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 06 Feb 2020 22:56:01 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:01 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 292
Expires: Thu, 06 Feb 2020 22:56:01 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 5C05
Redirect Chain

https://us-u.openx.net/w/1.0/sd?id=537072953&val=3d089c15-fa1a-4c84-b3aa-93e191562c6f&c=us
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072953&val=3d089c15-fa1a-4c84-b3aa-93e191562c6f&c=us

43 B
183 B

31ms
31ms

Image
image/gif

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072953&val=3d089c15-fa1a-4c84-b3aa-93e191562c6f&c=us
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.174.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
via: 1.1 google
server: OXGW/16.174.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Thu, 06 Feb 2020 22:56:01 GMT
via: 1.1 google
server: OXGW/16.174.1
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072953&val=3d089c15-fa1a-4c84-b3aa-93e191562c6f&c=us
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK Pug
simage2.pubmatic.com/AdServer/ Frame 5C05 42 B
993 B 209ms
17ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:01 GMT
X-lat: Pug23009:0:192
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Cache-Control: no-store, no-cache, private
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
X-Cnection: close
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H2 200 cksync.php
contextual.media.net/ Frame 5C05 49 B
49 B 242ms
176ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=3d089c15-fa1a-4c84-b3aa-93e191562c6f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Thu, 06 Feb 2020 22:56:01 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
status: 200
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 49
x-mnet-hl2: E
expires: Thu, 06 Feb 2020 22:56:01 GMT

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 5C05
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&expires=30

43 B
411 B

31ms
31ms

Image
image/gif

52.57.126.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&expires=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.126.118 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-126-118.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 200
date: Thu, 06 Feb 2020 22:56:01 GMT
cache-control: no-cache, no-store, must-revalidate
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 43
content-type: image/gif

Redirect headers

status: 302
date: Thu, 06 Feb 2020 22:56:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f&expires=30
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 pixel_sync
cm.revcontent.com/ Frame 5C05 35 B
335 B 203ms
29ms Image
image/gif 52.30.161.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.revcontent.com/pixel_sync?bidder=151&bidder_uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.161.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-161-101.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 200
date: Thu, 06 Feb 2020 22:56:01 GMT
x-powered-by: Express
content-length: 35
content-type: image/gif

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 5C05 43 B
680 B 183ms
46ms Image
image/gif 185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=110&partneruserid=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Content-Type: image/gif
Content-Length: 43
Expires: -1

GET
H2 200 um
criteo-sync.teads.tv/ Frame 5C05 23 B
286 B 186ms
58ms Image
image/gif 23.45.108.93
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.108.93 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-108-93.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.5 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
server: akka-http/10.1.5
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 23
expires: Thu, 06 Feb 2020 22:56:01 GMT

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame 5C05
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f

43 B
442 B

31ms
31ms

Image
image/gif

35.157.238.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.238.72 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-238-72.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 200
date: Thu, 06 Feb 2020 22:56:01 GMT
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 43
content-type: image/gif

Redirect headers

status: 302
date: Thu, 06 Feb 2020 22:56:01 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
location: https://ad.360yield.com:443/ul_cb/match?publisher_dsp_id=38&external_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
content-type: text/plain

GET
H2 200 sync.htm
ade.clmbtech.com/uid/ Frame 5C05 68 B
239 B 168ms
144ms Image
image/jpeg 2a02:26f0:6c00:194::143a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.clmbtech.com/uid/sync.htm?pid=13079&cuid=3d089c15-fa1a-4c84-b3aa-93e191562c6f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:194::143a , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

nginx /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=25920000; includeSubdomains
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=25920000; includeSubdomains
server: nginx
date: Thu, 06 Feb 2020 22:56:01 GMT
x-frame-options: sameorigin
content-type: image/jpeg
status: 200
content-disposition: inline;filename=f.txt
content-length: 68
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK Criteo
crb.kargo.com/api/v1/dsync/ Frame 5C05 43 B
505 B 409ms
95ms Image
image/gif 18.215.83.217
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/Criteo?exid=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.83.217 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-83-217.compute-1.amazonaws.com
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:02 GMT
Vary: Origin
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 43
X-Accel-Expires: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK /
sync.aralego.com/idSync/ Frame 5C05 35 B
509 B 400ms
101ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC-01

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idSync/?ucf_nid=dsp-833DD22BEB97673FB4E8B8DBB882B99&ucf_user_id=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Arlington, United States, ASN30633 (LEASEWEB-USA-WDC-01, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 06 Feb 2020 22:56:02 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 5ms
5ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j80&a=1573584473&t=timing&_s=2&dl=https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916&dr=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&ul=en-us&de=UTF-8&dt=Compare%20Medicare%20Advantage%20Plans%20%7C%20MedicareAdvantage.com&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&plt=1727&pdt=2&dns=1&rrt=1&srt=125&tcp=187&dit=605&clt=605&_gst=535&_gbt=584&_cst=535&_cbt=610&_u=aHDAgEADQ~&jid=1578178491&gjid=959917919&cid=704377576.1581029760&tid=UA-66468741-1&_gid=1484854204.1581029760&gtm=2wg1t0KX4TVG&cd2=1581029760409.zi6k9cfg&cd7=23%3A56%3A00&cd17=https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F&cd18=2020-02-06T23%3A56%3A00.409%2B01%3A00&cd16=704377576.1581029760&z=958549057

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Feb 2020 05:30:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 149151
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j80&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&gjid=959917919&_gid=1484854204.1581029760&_u=aHDAgEADQ~&z=1962142247
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&_v=j80&z=1962142247
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&_v=j80&z=1962142247&slf_rd=1&random=3620710802

42 B
109 B

16ms
16ms

Image
image/gif

2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&_v=j80&z=1962142247&slf_rd=1&random=3620710802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-66468741-1&cid=704377576.1581029760&jid=1578178491&_v=j80&z=1962142247&slf_rd=1&random=3620710802
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fs.js Show response
fullstory.com/s/ Frame 1D85 177 KB
63 KB 14ms
13ms Script
application/javascript 2001:4860:4802:38::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fullstory.com/s/fs.js

Requested by

Host: fullstory.com
URL: https://fullstory.com/s/fs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

db763b1905360b60c599166ce98f720f8281b5fc9b13feb6ef9d2e015c08793d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
server: Google Frontend
age: 453
etag: "TP25PQ"
vary: Accept-Encoding
content-type: application/javascript
status: 200
x-cloud-trace-context: 0fe744fa39daea1ba335416db905fb29
cache-control: public, max-age=600
date: Thu, 06 Feb 2020 22:48:28 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-length: 64153
expires: Thu, 06 Feb 2020 22:58:28 GMT

GET
H/1.1 200
OK setuid
secure.adnxs.com/ Frame 5C05 43 B
1 KB 24ms
24ms Image
image/gif 185.33.223.200
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/setuid?entity=52&code=3d089c15-fa1a-4c84-b3aa-93e191562c6f&seg=95287

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.200 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

308.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:03 GMT
AN-X-Request-Uuid: ec215425-0605-4dc9-a66e-5218ba3919fb
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 194.36.110.102; 194.36.110.102; 308.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.46:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 5C05
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=mOImmNNDAM15Elq0Bp15cN3JmJiYV4CK

0
337 B

174ms
27ms

Image
text/plain

34.254.119.250
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=mOImmNNDAM15Elq0Bp15cN3JmJiYV4CK
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.119.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-119-250.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
date: Thu, 06 Feb 2020 22:56:01 GMT
cache-control: private, no-cache, no-store
x-request-time: D=38 t=1581029761
x-served-by: beacon-n009-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

strict-transport-security: max-age=31536000
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=mOImmNNDAM15Elq0Bp15cN3JmJiYV4CK
content-type: text/html; charset=utf-8
status: 302
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
date: Thu, 06 Feb 2020 22:56:00 GMT
content-length: 218

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 5C05
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=FZwIPRr6hEyzqpPhkVYsbw
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

43 B
291 B

24ms
24ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:01 GMT
server: HTTP server (unknown)
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 279
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 5C05
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=-KjvyUw0q4Pu5mjQw_oZpdnaiXO0C30C
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=-KjvyUw0q4Pu5mjQw_oZpdnaiXO0C30C

42 B
915 B

30ms
30ms

Image
image/gif

52.49.234.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=-KjvyUw0q4Pu5mjQw_oZpdnaiXO0C30C

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.234.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-234-3.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v059-024d11bc5.edge-irl1.demdex.com 5.65.0.20200204084552 1ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: wpmX/UxoTms=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: MY6+5A+jQTE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=-KjvyUw0q4Pu5mjQw_oZpdnaiXO0C30C
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 5C05 43 B
461 B 46ms
45ms Image
image/gif 185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=3d089c15-fa1a-4c84-b3aa-93e191562c6f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 06 Feb 2020 22:56:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Content-Type: image/gif
Content-Length: 43
Expires: -1

GET
H2 200 fs.js Show response
fullstory.com/s/ Frame 5C05 177 KB
63 KB 13ms
13ms Script
application/javascript 2001:4860:4802:38::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fullstory.com/s/fs.js

Requested by

Host: fullstory.com
URL: https://fullstory.com/s/fs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

db763b1905360b60c599166ce98f720f8281b5fc9b13feb6ef9d2e015c08793d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Origin: https://www.medicareadvantage.com

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
server: Google Frontend
age: 453
etag: "TP25PQ"
vary: Accept-Encoding
content-type: application/javascript
status: 200
x-cloud-trace-context: 0fe744fa39daea1ba335416db905fb29
cache-control: public, max-age=600
date: Thu, 06 Feb 2020 22:48:28 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-length: 64153
expires: Thu, 06 Feb 2020 22:58:28 GMT

GET
H/1.1

200
OK

sync
tags.bluekai.com/site/29001/ Frame 5C05
Redirect Chain

https://gum.criteo.com/sync?c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40
https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=dzNQ5qGdMnmJrqfkxopBQUs_a_UK1eui

62 B
765 B

253ms
197ms

Image
image/gif

23.5.109.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=dzNQ5qGdMnmJrqfkxopBQUs_a_UK1eui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.5.109.152 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-5-109-152.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 06 Feb 2020 22:56:02 GMT
Connection: keep-alive
Content-Type: image/gif
Content-Length: 62
BK-Server: 9ab9
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

Redirect headers

strict-transport-security: max-age=31536000
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
location: https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=dzNQ5qGdMnmJrqfkxopBQUs_a_UK1eui
content-type: text/html; charset=utf-8
status: 302
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
date: Thu, 06 Feb 2020 22:56:01 GMT
content-length: 205

GET
H/1.1 200
OK map_number.jsonp Show response
pnapi.invoca.net/2/api/2014-09-01/ 505 B
684 B 169ms
168ms Script
text/plain 52.200.79.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pnapi.invoca.net/2/api/2014-09-01/map_number.jsonp?network_id=1458&js_version=3.6.22&tag_id=1458%2F3326147965&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916%22%2C%22referrer%22%3A%22https%3A%2F%2Fwww.yilopeet.com%2FDasWMndL8n8BSe98BtZGmB85mC7D41acZcKI1_E--RUFcjnQCRtCZEF015-gW03_jnjdgtpoE2Y3MK4lXok85g~~%2F594916%2F427fe6a7370519ce86f7aab1141a07a5%2F70121652%2F%22%2C%22cores%22%3A16%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22screenWidth%22%3A1600%2C%22screenHeight%22%3A1200%2C%22language%22%3A%22en-US%22%7D&request_data_shared_params=%7B%22invoca_id%22%3A%22i-eec9acf1-ae32-44e0-8185-f5f2f17a7218%22%2C%22utm_medium%22%3A%22referral%22%2C%22utm_source%22%3A%22yilopeet.com%22%2C%22afid%22%3A%22521124%22%2C%22full_url%22%3A%22https%3A%2F%2Fwww.medicareadvantage.com%2F%3Fsrc%3Dtz_ma_email_mad%26afid%3D521124%26tfn%3DMjAxLTc0Ni0xODky%26q_creative%3DMA_MadTest_Email1%26sub_id%3Dstate%26q_campaignid%3D1_state%26pub_id%3D160007%26q_placement%3D528015601%26q_publisher%3D594916%22%2C%22google_property_id%22%3A%22UA-66468741-1%22%2C%22pub_id%22%3A%22160007%22%2C%22q_campaignid%22%3A%221_state%22%2C%22q_creative%22%3A%22MA_MadTest_Email1%22%2C%22q_placement%22%3A%22528015601%22%2C%22q_publisher%22%3A%22594916%22%2C%22src%22%3A%22tz_ma_email_mad%22%2C%22sub_id%22%3A%22state%22%2C%22tfn%22%3A%22MjAxLTc0Ni0xODky%22%2C%22g_cid%22%3A%22704377576.1581029760%22%2C%22exp_landing%22%3Anull%2C%22gclid%22%3Anull%2C%22Interaction_id%22%3Anull%2C%22k_clickid%22%3Anull%2C%22msclkid%22%3Anull%2C%22original_call_start_time_local%22%3Anull%2C%22original_call_start_time_utc%22%3Anull%2C%22profile_name%22%3Anull%2C%22q_accountid%22%3Anull%2C%22q_adgroupid%22%3Anull%2C%22q_adid%22%3Anull%2C%22q_adposition%22%3Anull%2C%22q_criteria%22%3Anull%2C%22q_device%22%3Anull%2C%22q_devicemodel%22%3Anull%2C%22q_feeditemid%22%3Anull%2C%22q_keyword%22%3Anull%2C%22q_matchtype%22%3Anull%2C%22q_network%22%3Anull%2C%22q_query%22%3Anull%2C%22q_targetid%22%3Anull%7D&request_data=%5B%7B%22advertiser_campaign_id_from_network%22%3A%22362498%22%2C%22request_id%22%3A%22362498%22%7D%2C%7B%22advertiser_campaign_id_from_network%22%3A%22625218%22%2C%22request_id%22%3A%22625218%22%7D%5D&destination_settings=%7B%22paramName%22%3Anull%7D&metrics=%5B%5B%22initialLoad%22%2C1581029760546%5D%2C%5B%22startRun%22%2C1581029760963%5D%2C%5B%22startMapNumberRequest%22%2C1581029760991%5D%2C%5B%22startWaitForData%22%2C1581029761009%5D%2C%5B%22endMapNumberRequest%22%2C1581029761477%5D%2C%5B%22endNumberReplacement%22%2C1581029761479%5D%2C%5B%22endWaitForData%22%2C1581029762210%5D%5D&jsoncallback=json_rr2&
Requested by: Host: solutions.invocacdn.com
URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.79.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-79-99.compute-1.amazonaws.com
Software: Goliath /
Resource Hash: 05c56257bf10d6caaa65cebfd3658c1bcaf5c65d8febcf642d27bb070475e1ea

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 06 Feb 2020 22:56:02 GMT
Server: Goliath
Connection: keep-alive
processing_time: 65.50121ms
Content-Length: 505

POST
H2 200 e Show response
api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/ 0
262 B 134ms
134ms XHR
text/html 50.97.168.187
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/e?cs=g2JePJmA&csh=cEHVuaBTyZLPWlVun86MWIsWKXAGuOj%252BqTEcYnOxFU8%253D&a=1&t=cors

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.97.168.187 Dallas, United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

bb.a8.6132.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 06 Feb 2020 22:56:02 GMT
server: nginx
status: 200
access-control-max-age: 1728000
access-control-allow-methods: POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=15768000
access-control-allow-headers: Content-Type,Content-Length,X-Requested-With
content-length: 0

POST
H2 200 e Show response
api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/ 0
262 B 131ms
131ms XHR
text/html 50.97.168.187
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://api.trustedform.com/2d9baa49c8400aa785c8600be1b2959e6be7ea8d/e?cs=g2JePJmA&csh=cEHVuaBTyZLPWlVun86MWIsWKXAGuOj%252BqTEcYnOxFU8%253D&a=1&t=cors

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.97.168.187 Dallas, United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

bb.a8.6132.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 06 Feb 2020 22:56:03 GMT
server: nginx
status: 200
access-control-max-age: 1728000
access-control-allow-methods: POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=15768000
access-control-allow-headers: Content-Type,Content-Length,X-Requested-With
content-length: 0

POST
H2 200 bundle Show response
rs.fullstory.com/rec/ 29 B
94 B 159ms
158ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle?OrgId=PGJDY&UserId=4620146195005440&SessionId=5068486330253312&PageId=4631579842543616&Seq=2&PageStart=1581029760780&PrevBundleTime=1581029761153&LastActivity=4819&IsNewSession=true
Requested by: Host: fullstory.com
URL: https://fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.186.194.58 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: e1206cac50c813a7a040bf27a261eb402ff036a8af0ad5b7cf8424ffad0aeda4

Request headers

Referer: https://www.medicareadvantage.com/?src=tz_ma_email_mad&afid=521124&tfn=MjAxLTc0Ni0xODky&q_creative=MA_MadTest_Email1&sub_id=state&q_campaignid=1_state&pub_id=160007&q_placement=528015601&q_publisher=594916
Origin: https://www.medicareadvantage.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 06 Feb 2020 22:56:06 GMT
via: 1.1 google
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.medicareadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 29
expires: 0

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.medicareadvantage.com/	1970-02-24 19:10:29	Name: invoca_session Value: %7B%22session%22%3A%7B%22invoca_id%22%3A%22i-eec9acf1-ae32-44e0-8185-f5f2f17a7218%22%7D%2C%22ttl%22%3A%222020-02-21T22%3A56%3A01.477Z%22%7D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://fullstory.com/s/fs.js(Line 3) Message: Invoca: Unable to read cache...check if cookies are enabled
console-api	warning	URL: https://fullstory.com/s/fs.js(Line 3) Message: Invoca: Unable to read cache...check if cookies are enabled

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ade.clmbtech.com
ads.yahoo.com
ajax.googleapis.com
api.trustedform.com
app.wisepops.com
bat.bing.com
beacon.krxd.net
cm.g.doubleclick.net
cm.revcontent.com
connect.facebook.net
contextual.media.net
crb.kargo.com
criteo-sync.teads.tv
customer.mediawallahscript.com
cw.addthis.com
d.turn.com
dis.criteo.com
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
fullstory.com
googleads.g.doubleclick.net
gum.criteo.com
idsync.rlcdn.com
loader.wisepops.com
pixel.advertising.com
pixel.rubiconproject.com
pixel.tapad.com
pnapi.invoca.net
popup.wisepops.com
r.casalemedia.com
rs.fullstory.com
rtb-csync.smartadserver.com
secure.adnxs.com
simage2.pubmatic.com
solutions.invocacdn.com
sp.analytics.yahoo.com
sslwidget.criteo.com
static.criteo.net
stats.g.doubleclick.net
str.visionarygeek.eu
sync.aralego.com
sync.outbrain.com
tags.bluekai.com
ups.analytics.yahoo.com
us-u.openx.net
widget.trustpilot.com
widget.us.criteo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.medicareadvantage.com
www.yilopeet.com
x.bidswitch.net
103.83.36.136
13.35.253.29
143.204.213.96
162.210.196.208
172.217.18.162
172.217.22.98
178.250.2.151
18.215.83.217
185.33.223.200
185.64.190.80
185.86.137.110
2.18.234.21
2.18.235.93
2001:4860:4802:38::15
212.82.100.181
23.210.248.44
23.45.108.93
23.5.109.152
2606:4700:20::681a:a13
2620:1ec:c11::200
2a00:1288:f03d:1fa::4000
2a00:1450:4001:816::2004
2a00:1450:4001:818::2003
2a00:1450:4001:819::2002
2a00:1450:4001:81b::200a
2a00:1450:4001:81d::200a
2a00:1450:4001:81f::2003
2a00:1450:4001:824::2008
2a00:1450:4001:824::200e
2a00:1450:400c:c00::9b
2a02:2638:1::13
2a02:2638:1::3
2a02:26f0:6c00:194::143a
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.122.14.108
34.253.126.105
34.254.119.250
34.95.120.147
35.157.238.72
35.186.194.58
35.190.72.21
35.227.248.159
40.71.199.117
46.228.164.13
50.97.168.187
52.200.79.99
52.30.161.101
52.49.234.3
52.57.126.118
52.59.74.203
69.173.144.138
70.42.32.95
74.119.119.150
86.106.95.57
05c56257bf10d6caaa65cebfd3658c1bcaf5c65d8febcf642d27bb070475e1ea
063a9ec59354724ad529c305837e51109f1b3338783e1777b678e86f66003eee
06e76c609fb41df979ef53cc2748084fce7a64a4b305f544cb39d3ffcea08114
078d8d33bfbfbfabb78dce5c7df0a756ef72a5a5d6a1947e7dd1b8218f81fad6
09136ace9c9bb4df0b56a34b27ec470fda6ae057a3160f176c791bd05219c788
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1153a88c29e500e35a8bd4df896be0fea76ecceb9ae00d5bebae7fa79b540ac9
156c95e3749e7d2b48981a237f966d6dfd52c7b712460c76bb73b39acc290fb6
1ed9628d0aedaf495f9bd3d215bd961047bdbf8e12c0a3da84d2f8fc6c78cd28
22c44c1cf017c400479ea8a4e5c80e5b9f0287219b746b74ed531d1938d3e1b2
2865ded653f1b1acaee6cf385c92fd7dcfbf2017f321c29f25a3e1602f33fb1b
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e3d279ce7882d2b0bb2e9147db63968eb26f0e926ba3d4ba37901cf3847fcad
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
345936abb6d8682e5f3573e6d3245490c4e0ca4a8a357f0bd8a1f47e56f19a88
3a198e74a03f5e42b5c094d57cb6683ae97f60196cfb92910cebc1f2421546af
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
474b0c4de380d57f97b6eb34a8932950b7e10c224cb75109d82a53b8277de0c3
4a0a23eeb808720c39d08e211e617cad15a768b9ec7184159897d55c44c451c4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5097dfa297f9d9cabcc2b66e2aeaa775da27a5ee0438dc7cb89b5463012ff276
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
55ced71ea4228031709df886da6495168b120a644b841c1699599c225df61517
5c06b6329970d1560039f39c4935a041d96fcf0f877b47951d8ece559a1b4dc6
5d9371e0c41f5f47e50429fdb0aeecca88b5f31c047093468614211ce03e5d90
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
629f922223f37ae46e5c44f3931c3bfb3f7bf5769c0baa7a2219862542c82202
6a60018cab3d38d035188490d869d5dc1283a7dd115917226df457ca92887f7f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
73b318f137888cf807a521c67aac1e32ac6f9e9388b84c1cdfd41e90fbba9181
764ec907880a85a302c0c8b2bd413e4ba464f5d460c3cc1da9191dec8a08d632
7668f09744969d9bbf1ea5d6e38309015cc50c41c3b9593b4fa5fbdd52ade92c
793dca8eef48396ca1952e380b0d4beba15d51622db3942c2f34ef608d4c5eec
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
81149e87be7f93d9e207c69b0e17dda3135e3c923263f551f5c3a79569f1fd33
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1
861289df344675c131d2ea1deaa2df24c4e47fac10ab5efae4270b401e0aed8e
89b531e78902333807b825faf77cd11cc927fe364ea2ba9307f65365f7e811f7
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
9251399579fb75269bbc99eb4a397b343d583002b99be74c17a6a6c9f99a63f8
93973492eb84cf5b25fe4aac945a281bc71b470574aecdb3050a4d6b95180ce4
96a89333bab8da76285e06c0a57aee5ebadad602ed1ce6b65ab23518ed8de335
9fc738e4dd975d17435d3848ffd9964152a4d195dac73b5cd041b4c40c714126
a1744f2dce86348d5bfff1114e5198d7354202eae09fdec735255a90241a32b7
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
af9f1db26a9da02b1c3f09fc507418348b38bfb3757dfa1385b205d00ffd2829
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b30df95381e59a6de07af4ee1cd6b0dc038f85a8d94ddee9614bcd4a7c34af79
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
c03628d9933445974fb52e2a61530b55bfb27101c25716eb35a031a3a81151c9
c6c66a57fa80f7b6643eeb450478c9fd70a1daed0d1c0d11323b2971f18734b5
c76967d28a687a5cc3cb12e02860772e4009d1502dfd7c1bc802a8422ea6d342
cd4311d31dfee2b200b30a5f575deb187e869bb67673dce32dfb017e24a2cca0
d11a81ab79ba0eeaccb6bcbfd64e1db59d2be1ad58a9940da7d53f22fa26aadc
db763b1905360b60c599166ce98f720f8281b5fc9b13feb6ef9d2e015c08793d
e1206cac50c813a7a040bf27a261eb402ff036a8af0ad5b7cf8424ffad0aeda4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bd109458efd809ef10a7dbb1154cdcae99c610b25b977a9756aa9e9c63434d
e7cddaaf64f1bd450dd1fa1e7bd2fb70eb0c1499b8c214f44382d3b9cc84872e
e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796
ec7024e764e94caa58c7a18f4624dc84c9ee15537ff5418fd44e2f037f8abc30
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f35fa941ec6364fc02ba2ef295da8ab672a24e0ccf8afcb53787e3eafca8126a
f4945981c3af2b35d46db5c32b6fdc0424a5053e7907588598fd74f06b535cbd
f7e3b693bfe8fb2646a629532fc9009ec9a1aee466ceaec1c518f076251aa139
fee65566caf7eabca39aa37bd471f5fdbe238ff675c598381fe9495c2a30997c
ffd5962bd47592ab10ccb3b117fba293a4c4bab5cf0ccef70de298c3428c0fa7

www.medicareadvantage.com Open in urlscan Pro 40.71.199.117 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

105 Requests

100 %HTTPS

33 %IPv6

47 Domains

58 Subdomains

49 IPs

9 Countries

1348 kBTransfer

3621 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.medicareadvantage.com Open in urlscan Pro
40.71.199.117 Public Scan

Screenshot
Live screenshot

Full Image

105
Requests

100 %
HTTPS

33 %
IPv6

47
Domains

58
Subdomains

49
IPs

9
Countries

1348 kB
Transfer

3621 kB
Size

1
Cookies

105 HTTP transactions
2 data transactions