www.xanterra.com Open in urlscan Pro
192.99.20.144 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links.email3.xanterra.net/ls/click?upn=Cn6Jf7hlyyvYym5hKiaGxTBwHEirr0wCa1dPSX9A0GeAq3UEZjCmziY2Zo5xlU4upGn9a4qoKn5eCqI3nLi...
Effective URL:
https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_Tac...
Submission: On June 05 via api (June 5th 2020, 6:30:42 pm UTC) from US

Summary HTTP 101 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 23 IPs in 6 countries across 24 domains to perform 101 HTTP transactions. The main IP is 192.99.20.144, located in Montreal, Canada and belongs to OVH, FR. The main domain is www.xanterra.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 31st 2020. Valid for: 3 months.

This is the only time www.xanterra.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::681a:2dd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
49	192.99.20.144 192.99.20.144	16276 (OVH) (OVH)
2	209.197.3.24 209.197.3.24	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE)
5	13.64.150.232 13.64.150.232	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2600:9000:209... 2600:9000:2093:3e00:5:227c:1300:21	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:2182:be00:17:7ae0:4480:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f00... 2a03:2880:f007:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
2 6	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
4	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
1	147.75.102.199 147.75.102.199	54825 (PACKET) (PACKET)
2 2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2	147.75.100.245 147.75.100.245	54825 (PACKET) (PACKET)
1 6	2a03:2880:f10... 2a03:2880:f107:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	23.21.83.205 23.21.83.205	14618 (AMAZON-AES) (AMAZON-AES)
1	2a03:2880:f00... 2a03:2880:f007:2:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1 1	52.209.184.21 52.209.184.21	16509 (AMAZON-02) (AMAZON-02)
1	13.225.83.200 13.225.83.200	16509 (AMAZON-02) (AMAZON-02)
1	147.75.102.13 147.75.102.13	54825 (PACKET) (PACKET)
2	2600:9000:215... 2600:9000:2156:5000:9:6a30:ebc0:93a1	16509 (AMAZON-02) (AMAZON-02)
101	23

1 2606:4700:20::681a:2dd (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

links.email3.xanterra.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 192.99.20.144 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: xanterra3.vsrv.io

www.xanterra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.197.3.24 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: vip0x018.map2.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.64.150.232 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

xanwebrpi.rphelios.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2093:3e00:5:227c:1300:21 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

d36hc0p18k1aoc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:be00:17:7ae0:4480:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.tintup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f007:8:face:b00c:0:1 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.102.199 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress10

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.100.245 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress2

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f107:83:face:b00c:0:25de (Ireland) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.21.83.205 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-83-205.compute-1.amazonaws.com

cs.choozle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f007:2:face:b00c:0:1 (Ireland)

ASN32934 (FACEBOOK, US)

cx.atdmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.184.21 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-184-21.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.83.200 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-83-200.fra2.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.102.13 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress3

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:5000:9:6a30:ebc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.hypemarks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	xanterra.com www.xanterra.com	23 MB
9	gstatic.com fonts.gstatic.com	115 KB
6	facebook.com 1 redirects www.facebook.com	972 B
6	google-analytics.com 2 redirects www.google-analytics.com	46 KB
5	facebook.net connect.facebook.net	428 KB
5	rphelios.net xanwebrpi.rphelios.net	16 KB
4	ensighten.com nexus.ensighten.com	11 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	72 KB
3	googleapis.com fonts.googleapis.com ajax.googleapis.com	34 KB
2	hypemarks.com cdn.hypemarks.com
2	google.de www.google.de	212 B
2	google.com 2 redirects www.google.com	500 B
2	doubleclick.net 2 redirects stats.g.doubleclick.net	301 B
2	cloudfront.net 1 redirects d36hc0p18k1aoc.cloudfront.net d1eoo1tco6rr5e.cloudfront.net	258 B
2	jquery.com code.jquery.com	131 KB
1	hotjar.io vc.hotjar.io	116 B
1	adsrvr.org 1 redirects insight.adsrvr.org	148 B
1	atdmt.com cx.atdmt.com	329 B
1	choozle.com cs.choozle.com	123 B
1	ytimg.com s.ytimg.com	26 KB
1	youtube.com www.youtube.com	941 B
1	googletagmanager.com www.googletagmanager.com	41 KB
1	tintup.com www.tintup.com	122 KB
1	xanterra.net 1 redirects links.email3.xanterra.net	575 B
101	24

	Domain	Requested by
49	www.xanterra.com	www.xanterra.com
9	fonts.gstatic.com	www.xanterra.com
6	www.facebook.com	1 redirects www.xanterra.com
6	www.google-analytics.com	2 redirects www.googletagmanager.com www.google-analytics.com www.xanterra.com
5	connect.facebook.net	www.xanterra.com connect.facebook.net
5	xanwebrpi.rphelios.net	www.xanterra.com xanwebrpi.rphelios.net
4	nexus.ensighten.com	www.googletagmanager.com nexus.ensighten.com
2	cdn.hypemarks.com	www.tintup.com
2	www.google.de	www.xanterra.com
2	www.google.com	2 redirects
2	stats.g.doubleclick.net	2 redirects
2	fonts.googleapis.com	www.xanterra.com
2	code.jquery.com	www.xanterra.com
1	vc.hotjar.io	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	d1eoo1tco6rr5e.cloudfront.net	nexus.ensighten.com
1	insight.adsrvr.org	1 redirects
1	cx.atdmt.com	www.xanterra.com
1	cs.choozle.com	www.xanterra.com
1	script.hotjar.com	static.hotjar.com
1	s.ytimg.com	www.youtube.com
1	static.hotjar.com	www.xanterra.com
1	www.youtube.com	www.xanterra.com
1	www.googletagmanager.com	www.xanterra.com
1	ajax.googleapis.com	www.xanterra.com
1	www.tintup.com	www.xanterra.com
1	d36hc0p18k1aoc.cloudfront.net	1 redirects
1	links.email3.xanterra.net	1 redirects
101	28

This site contains links to these domains. Also see Links.

Domain
shop.oasisatdeathvalley.com
shop.grandcanyonlodges.com
shop.thetrain.com
shop.mtrushmorenationalmemorial.com
www.trailridgegiftstore.com
shop.yellowstonenationalparklodges.com
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
xpress.xanterra.net
privacyportal-cdn.onetrust.com
www.verbinteractive.com
www.oasisatdeathvalley.com
www.glaciernationalparklodges.com
www.grandcanyongrandhotel.com
www.grandcanyonlodges.com
www.mtrushmorenationalmemorial.com
www.yellowstonenationalparklodges.com
www.zionlodge.com
www.countrywalkers.com
www.thetrain.com
www.holidayvacations.com
www.vbt.com
www.windstarcruises.com
www.broadmoor.com
www.seaisland.com

Subject Issuer	Validity	Valid
xanterra.com Let's Encrypt Authority X3	`2020-05-31` - `2020-08-29`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh
*.rphelios.net Go Daddy Secure Certificate Authority - G2	`2019-06-30` - `2021-08-29`	2 years	crt.sh
tintup.com Amazon	`2019-10-31` - `2020-11-30`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-05-20` - `2020-08-12`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-05-20` - `2020-08-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-05-14` - `2020-08-05`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-05-20` - `2020-08-12`	3 months	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2019-10-03` - `2020-10-02`	a year	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-04-04` - `2020-07-03`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-05-20` - `2020-08-12`	3 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-04-04` - `2020-07-03`	3 months	crt.sh
*.choozle.com Sectigo RSA Domain Validation Secure Server CA	`2019-06-07` - `2021-06-06`	2 years	crt.sh
*.atlassolutions.com DigiCert SHA2 High Assurance Server CA	`2020-04-19` - `2020-07-18`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-04-04` - `2020-07-03`	3 months	crt.sh
vc.hotjar.io Let's Encrypt Authority X3	`2020-05-15` - `2020-08-13`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Frame ID: 7D2FA464907D36E56BFCCA078F02580E
Requests: 99 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/iframe
Frame ID: 5E89652FAB38AB581D43AC31A36808D8
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 840DFF2950BE30366A29009106CCB508
Requests: 1 HTTP requests in this frame

Frame: https://cdn.hypemarks.com/raw/popUpModalEndpoint
Frame ID: 6C46033ACC0F7757D3C60B327D6D231F
Requests: 1 HTTP requests in this frame

Frame: https://cdn.hypemarks.com/t/xanterra?width=1600&expand=true&clickForMore=true&personalization_id=725549
Frame ID: 3873BAA59666068459E543F16DDAE523
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://links.email3.xanterra.net/ls/click?upn=Cn6Jf7hlyyvYym5hKiaGxTBwHEirr0wCa1dPSX9A0GeAq3UEZjCmziY2Zo5xlU4... HTTP 302
https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_cam... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- All in One SEO Pack ([\d.]+) /i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- All in One SEO Pack ([\d.]+) /i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- All in One SEO Pack ([\d.]+) /i

All in One SEO Pack (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- All in One SEO Pack ([\d.]+) /i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/nexus\.ensighten\.com\//i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

101
Requests

100 %
HTTPS

63 %
IPv6

24
Domains

28
Subdomains

23
IPs

6
Countries

24743 kB
Transfer

52198 kB
Size

0
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://shop.oasisatdeathvalley.com/shop/
Title: Death Valley Gifts

Search URL Search Domain Scan URL

URL: https://shop.grandcanyonlodges.com/shop/
Title: Grand Canyon Gifts

Search URL Search Domain Scan URL

URL: https://shop.thetrain.com/shop
Title: Grand Canyon Railway Gifts

Search URL Search Domain Scan URL

URL: https://shop.mtrushmorenationalmemorial.com/shop/
Title: Mount Rushmore Gifts

Search URL Search Domain Scan URL

URL: https://www.trailridgegiftstore.com/shop/
Title: Rocky Mountain Gifts

Search URL Search Domain Scan URL

URL: https://shop.yellowstonenationalparklodges.com/shop/
Title: Yellowstone Gifts

Search URL Search Domain Scan URL

URL: https://www.facebook.com/xanterra.travel.collection/videos/716638142432436/
Title: Nominate Your Hero

Search URL Search Domain Scan URL

URL: https://www.facebook.com/xanterra.travel.collection
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/xanterraparks
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/xanterratravel/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC1-4QaELHzYc_hOZY7SWahA
Title:

Search URL Search Domain Scan URL

URL: https://xpress.xanterra.net/Interact/Login/Default.aspx?abc
Title: Xpress

Search URL Search Domain Scan URL

URL: https://privacyportal-cdn.onetrust.com/dsarwebform/c7968fb5-dd42-4c76-8f79-3e5198bd1303/a3d7f950-523c-4ea9-a0c5-c4347e8407a3.html
Title: CA Residents Only: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

URL: https://www.verbinteractive.com/
Title: VERB

Search URL Search Domain Scan URL

URL: https://www.oasisatdeathvalley.com/
Title: The Oasis at Death Valley

Search URL Search Domain Scan URL

URL: https://www.glaciernationalparklodges.com/
Title: Glacier National Park

Search URL Search Domain Scan URL

URL: https://www.glaciernationalparklodges.com/lodging/cedar-creek-lodge/
Title: Cedar Creek Lodge - Just Outside Glacier National Park

Search URL Search Domain Scan URL

URL: https://www.grandcanyongrandhotel.com/
Title: The Grand Hotel at the Grand Canyon

Search URL Search Domain Scan URL

URL: https://www.grandcanyonlodges.com/
Title: Grand Canyon National Park – South Rim

Search URL Search Domain Scan URL

URL: https://www.mtrushmorenationalmemorial.com/
Title: Mount Rushmore National Memorial

Search URL Search Domain Scan URL

URL: https://www.trailridgegiftstore.com/
Title: Rocky Mountain National Park

Search URL Search Domain Scan URL

URL: https://www.yellowstonenationalparklodges.com/
Title: Yellowstone National Park

Search URL Search Domain Scan URL

URL: https://www.zionlodge.com/
Title: Zion National Park

Search URL Search Domain Scan URL

URL: https://www.countrywalkers.com/
Title: Country Walkers

Search URL Search Domain Scan URL

URL: https://www.thetrain.com/
Title: Grand Canyon Railway & Hotel

Search URL Search Domain Scan URL

URL: https://www.holidayvacations.com/
Title: Holiday Vacations

Search URL Search Domain Scan URL

URL: https://www.vbt.com/
Title: VBT Bicycling Vacations

Search URL Search Domain Scan URL

URL: https://www.windstarcruises.com/
Title: Windstar Cruises

Search URL Search Domain Scan URL

URL: https://www.broadmoor.com/
Title: The Broadmoor

Search URL Search Domain Scan URL

URL: https://www.seaisland.com/
Title: Sea Island

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links.email3.xanterra.net/ls/click?upn=Cn6Jf7hlyyvYym5hKiaGxTBwHEirr0wCa1dPSX9A0GeAq3UEZjCmziY2Zo5xlU4upGn9a4qoKn5eCqI3nLiso-2BBeckS-2FxQNjcHl7eDKAIr6Ohf0vLbOQkldRfioqN9NTAFBILm0sA8-2Bsv7RoGULHf2IXaakpRCY3YX7qUh128Dh3vtGMVbZBZuX-2BK10aaeGl3UJ5JLlFBMhW1f4mtw7May3ni-2FFTBgAGkU2-2B-2FckvfgKCu94evOcKJDeIdqUSsye5AxEtEdTSDlh5qst9SyxDd5e5t20zUgCYbE-2BHkMXV3siM9Pt6gbpCk3fTIgeFlLq4YQ6aKmaWKjz8Y-2FretsB3QU3R-2BMMf4u-2B9akq-2FmGkBlRj8vsQKyXbBHTs-2FnXdkqA9cIgDHYxyHD7hfxaWTeEdQUg-3D-3DDJtp_9x1c33CuWJ1dEEIj3FTKvrlpGPtsBT5LX0-2FFCrGerC3F-2BnU9q2AKmAw6O-2Bi4F44r4pSAM9OHrwD-2FhQbX-2FWi3Rf2AjDrWfmPMo4g5a2-2Bi-2F6UXNX5CJQ-2F-2BYmyuHToOP1CMJfbEtM52jOzlqQteUJX7RmnVWcGyaUdsGazBg0QWrVvjClsE0y01C6X1ewERHINhrHz2DTeHbCRSDaGuQvxkqkTu-2BaDEkCDeh-2BDsnqlVPQsQDpE8DgU-2FESRogonSUBxZMpC7GLdZ8-2FzgA5NqBp0A6h2sDvnankKGRFKvUedVPyHhiOW-2FBuCtUY3jOlnIPEgFHG-2BMBkZXf0CABwaotZ91riJE2oBXUWi0wYebpqzxwQwgFakJ6pUAuT42SKzltm9shwa-2FohUTOZHUETldYhyJ1Q-3D-3D HTTP 302
https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://d36hc0p18k1aoc.cloudfront.net/public/js/modules/tintembed.js HTTP 301
https://www.tintup.com/public/js/modules/tintembed.js

Request Chain 67

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1404928623&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&ul=en-us&de=UTF-8&dt=%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEADQ~&jid=1161592757&gjid=643841889&cid=696442659.1591381823&tid=UA-1085772-1&_gid=1110695872.1591381823&_r=1&gtm=2wg5r05WFT4Z6&z=576099459 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_gid=1110695872.1591381823&gjid=643841889&_v=j82&z=576099459 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_v=j82&z=576099459 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_v=j82&z=576099459&slf_rd=1&random=3935190211

Request Chain 80

https://www.facebook.com/tr/?id=236412366966438&ev=PageView&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&rl=&if=false&ts=1591381823827&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1591381823666.422228783&it=1591381823438&coo=false&rqm=GET HTTP 302
https://cx.atdmt.com/?c=15016065818521156487&f=AYw8eUA1svyT4ChdHFAObjQg6XINQ00Jupz19DKpUf5SL5mP3sqbsyejlxN7EM6TTKtBAXfHzr7rKcjc9OUtUdm6&id=236412366966438&l=3&v=0

Request Chain 84

https://insight.adsrvr.org/tags/j5ww479/3qz8qrq/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/iframe

Request Chain 101

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1404928623&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&ul=en-us&de=UTF-8&dt=%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=896&el=10%25&_u=aGjAAEADQ~&jid=1236062368&gjid=1286153499&cid=696442659.1591381823&tid=UA-1085772-1&_gid=112676629.1591381834&_r=1&gtm=2wg5r05WFT4Z6&z=1667273532 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_gid=112676629.1591381834&gjid=1286153499&_v=j82&z=1667273532 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_v=j82&z=1667273532 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_v=j82&z=1667273532&slf_rd=1&random=2607244916

101 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.xanterra.com/gratitude-contest/
Redirect Chain

https://links.email3.xanterra.net/ls/click?upn=Cn6Jf7hlyyvYym5hKiaGxTBwHEirr0wCa1dPSX9A0GeAq3UEZjCmziY2Zo5xlU4upGn9a4qoKn5eCqI3nLiso-2BBeckS-2FxQNjcHl7eDKAIr6Ohf0vLbOQkldRfioqN9NTAFBILm0sA8-2Bsv7Ro...
https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz...

57 KB
58 KB

615ms
208ms

Document
text/html

192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

0e055a370a180fadee54d2b7e87c0bed2ce1281aad2261b561d2de6cda5f5d37

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.xanterra.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Link: <https://www.xanterra.com/wp-json/>; rel="https://api.w.org/", <https://www.xanterra.com/?p=8967>; rel=shortlink
Set-Cookie: PHPSESSID=97edca8a98520d01df0c85a26fe68a92; path=/ wfvt_3392168791=5eda8f3e43bfb; expires=Fri, 05-Jun-2020 19:00:22 GMT; Max-Age=1800; path=/; httponly FirstTimerers=1; expires=Sat, 05-Jun-2021 18:30:22 GMT; Max-Age=31536000; path=/
Strict-Transport-Security: max-age=63072000;
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

status: 302
date: Fri, 05 Jun 2020 18:30:21 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d3248d11e0cc92f2af5553b65374b692b1591381821; expires=Sun, 05-Jul-20 18:30:21 GMT; path=/; domain=.xanterra.net; HttpOnly; SameSite=Lax
location: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
cf-request-id: 0327589fed00001f39b29ba200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 59ebf6dfee181f39-FRA

GET
H/1.1 200
OK jquery-ui.css
code.jquery.com/ui/1.12.1/themes/base/ 35 KB
9 KB 427ms
32ms Stylesheet
text/css 209.197.3.24
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.24 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: vip0x018.map2.ssl.hwcdn.net
Software: nginx /
Resource Hash: 44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Sep 2016 16:34:16 GMT
Server: nginx
ETag: W/"57d97c08-8c85"
Vary: Accept-Encoding
X-HW: 1591381822.dop012.sk1.t,1591381822.cds039.sk1.shn,1591381822.dop012.sk1.t,1591381822.cds016.sk1.c
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 8323

GET
H/1.1 200
OK style.css
www.xanterra.com/content/themes/base/css/ 193 KB
193 KB 407ms
136ms Stylesheet
text/css 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/themes/base/css/style.css?ver=1.18

Requested by

Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

fe89f7a270664ccebaf60f89dc237b7aa911e25c6ec8893daa7c96cc02ee714a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:22 GMT
Last-Modified: Sat, 30 May 2020 01:14:01 GMT
Server: Apache
ETag: "3026d-5a6d346ed99fa"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 197229
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK flipclock.css
www.xanterra.com/content/themes/base/css/ 12 KB
12 KB 449ms
150ms Stylesheet
text/css 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/themes/base/css/flipclock.css?ver=1.1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

3e2bad60fb2ae83313f3f98a04893164c2a6a0aeada301b785210b56fb111dc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:22 GMT
Last-Modified: Wed, 10 Apr 2019 22:16:00 GMT
Server: Apache
ETag: "2ffd-586346a190800"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12285
X-XSS-Protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 17 KB
1 KB 16ms
15ms Stylesheet
text/css 2a00:1450:4001:815::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ea4de94b05caf25349848cbcd53119ee2fe36a8b23a4a3d7f8ca1f2303b73a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 05 Jun 2020 18:30:22 GMT
server: ESF
date: Fri, 05 Jun 2020 18:30:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 05 Jun 2020 18:30:22 GMT

GET
H2 200 css
fonts.googleapis.com/ 869 B
461 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:815::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Serif+Pro

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5316e0ab38a57f2c981b785d6d43dbab7d485dce10bd1ce9eb5623aaa6fd8a5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 05 Jun 2020 18:30:22 GMT
server: ESF
date: Fri, 05 Jun 2020 18:30:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 05 Jun 2020 18:30:22 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
www.xanterra.com/wp/wp-includes/js/ 12 KB
12 KB 407ms
140ms Script
application/javascript 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/wp/wp-includes/js/wp-emoji-release.min.js?ver=4.9.10

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Fri, 13 Jul 2018 06:37:26 GMT
Server: Apache
ETag: "2efa-570dbb686f580"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 12026
X-XSS-Protection: 1; mode=block

GET
H2 200 rpiweblib_config.js Show response
xanwebrpi.rphelios.net/RPIFormValidation/shared/js/ 706 B
678 B 670ms
200ms Script
application/javascript 13.64.150.232
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://xanwebrpi.rphelios.net/RPIFormValidation/shared/js/rpiweblib_config.js
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.64.150.232 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: f29bcb61e16acf81997f5e0cb5136f7946f993981c43a2e6416fd9284453318a

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:22 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2019 14:37:40 GMT
server: Microsoft-IIS/10.0
status: 200
etag: "0d2344362ffd41:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 518

GET
H2 200 rpiweblib_v4.2.js Show response
xanwebrpi.rphelios.net/RPIFormValidation/shared/js/ 55 KB
9 KB 672ms
202ms Script
application/javascript 13.64.150.232
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://xanwebrpi.rphelios.net/RPIFormValidation/shared/js/rpiweblib_v4.2.js
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.64.150.232 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 9f7ee1126aee7616c59ef5ce2b6c48561957562a826de7927c21b4b23e13f9cd

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:22 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2019 14:37:40 GMT
server: Microsoft-IIS/10.0
status: 200
etag: "0d2344362ffd41:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8978

GET
H2 200 polyfiller.js Show response
xanwebrpi.rphelios.net/RPIFormValidation/shared/js/js-webshim/minified/ 15 KB
6 KB 678ms
207ms Script
application/javascript 13.64.150.232
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://xanwebrpi.rphelios.net/RPIFormValidation/shared/js/js-webshim/minified/polyfiller.js
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.64.150.232 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7840b882c40dbf74ed59a55fa03d3045829b3c09db856ad6e08ac4ae8d3b5bff

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:22 GMT
content-encoding: gzip
last-modified: Tue, 30 Apr 2019 14:37:40 GMT
server: Microsoft-IIS/10.0
status: 200
etag: "0d2344362ffd41:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 6104

GET
H/1.1 200
OK xanterra-white-lg.png
www.xanterra.com/content/uploads/2018/01/ 16 KB
16 KB 410ms
135ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2018/01/xanterra-white-lg.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

6701141ade0b13657f1339ecad529f40dab31125c5700fc90506b259758abf48

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Tue, 30 Jan 2018 20:29:38 GMT
Server: Apache
ETag: "4082-5640438bc867d"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 16514
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK facebook-icon.png
www.xanterra.com/content/uploads/2020/05/ 1 KB
1 KB 145ms
139ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/facebook-icon.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

2f616972a6d28131cfaa7b934c1b7314d5dd28b89fe6df3c856bcb0e384822b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Sat, 30 May 2020 01:28:05 GMT
Server: Apache
ETag: "468-5a6d379380fef"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1128
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK share-icon.png
www.xanterra.com/content/uploads/2020/05/ 1 KB
2 KB 136ms
135ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/share-icon.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

b8df767477cd173b1af6251cdfd4d23d184b1185d8e7a4e6aa71fcc05b31d973

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Sat, 30 May 2020 01:28:06 GMT
Server: Apache
ETag: "56e-5a6d37941a512"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1390
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK nominate-icon.png
www.xanterra.com/content/uploads/2020/05/ 1 KB
2 KB 140ms
139ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/nominate-icon.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

a9affa6765ae0b7fabb07f8cf27652be75aa0f7df76a85e30ab75cf390ecc249

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Sat, 30 May 2020 01:28:05 GMT
Server: Apache
ETag: "515-5a6d3793cf1f1"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1301
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK windstarlogo.png
www.xanterra.com/content/uploads/2018/05/ 9 KB
9 KB 136ms
136ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2018/05/windstarlogo.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

ad64f002f7ba8f35d8fbab8d5d8e3854c42aa15f1c862feb939a763458244be7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Wed, 30 May 2018 11:41:27 GMT
Server: Apache
ETag: "2375-56d6ad4c7e4c2"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 9077
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK VBT_Logo_2_color.png
www.xanterra.com/content/uploads/2017/04/ 31 KB
31 KB 136ms
136ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/04/VBT_Logo_2_color.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

38f8582352e684ca0d4a55f406ace67c4fb1914f975cfdd31f939f2421b85914

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Mon, 14 Oct 2019 22:07:32 GMT
Server: Apache
ETag: "7aa5-594e618332553"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 31397
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK CW_LOGO_PMS.png
www.xanterra.com/content/uploads/2020/02/ 79 KB
79 KB 135ms
134ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/02/CW_LOGO_PMS.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

3f3ad98917349696edf712f3b48143121926a1fc9cf90cad488c3476bbd4ce7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Tue, 11 Feb 2020 15:56:10 GMT
Server: Apache
ETag: "13b3f-59e4ee4ffae0c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 80703
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK gc-lodges-220x74.png
www.xanterra.com/content/uploads/2017/11/ 6 KB
7 KB 139ms
139ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/11/gc-lodges-220x74.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

d9cc52a209daecff6624cb3fceed5c9121042849d7710881f947988a1a1a348b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Fri, 10 Nov 2017 21:04:43 GMT
Server: Apache
ETag: "19d5-55da745174f42"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 6613
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK OasisLogo.png
www.xanterra.com/content/uploads/2017/05/ 234 KB
234 KB 151ms
150ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/05/OasisLogo.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

313788fc2ff99aec1b6adab0d4b49421a088fe147e391b9a7266c1fdcdccda31

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Thu, 08 Jun 2017 17:07:22 GMT
Server: Apache
ETag: "3a6f7-55175e2da3f95"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 239351
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK CedarCreekLogoPMS188.png
www.xanterra.com/content/uploads/2018/09/ 202 KB
202 KB 136ms
135ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2018/09/CedarCreekLogoPMS188.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

5620211c4c35f09da08d61208503e16ee7aef74043a8e785a97a1c879e780bb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Mon, 24 Sep 2018 16:25:15 GMT
Server: Apache
ETag: "32631-576a06f308946"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 206385
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK gc-railway-220x74.png
www.xanterra.com/content/uploads/2017/11/ 11 KB
11 KB 139ms
139ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/11/gc-railway-220x74.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

a20dcef4408f3c8db458622d83e689a0469dcc3b5aaf59bd74844bcd325703d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Fri, 10 Nov 2017 21:11:19 GMT
Server: Apache
ETag: "2a3d-55da75cad3be8"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 10813
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK holiday-vacations-220x74.png
www.xanterra.com/content/uploads/2017/11/ 22 KB
22 KB 131ms
131ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/11/holiday-vacations-220x74.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

e0659211bfa7b3c645b368825acc728a29a25e6f424a04dbdd24add7baf73960

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Fri, 10 Nov 2017 21:14:29 GMT
Server: Apache
ETag: "5647-55da768066550"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 22087
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK YellowstoneNPLogo2018-black-74whitebg.png
www.xanterra.com/content/uploads/2018/12/ 14 KB
14 KB 150ms
149ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2018/12/YellowstoneNPLogo2018-black-74whitebg.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

23b73a52d88ee0c1bdbdb7f9936ad05d3c867a38e9c4de887ce7d674447d5261

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Thu, 07 Mar 2019 19:34:18 GMT
Server: Apache
ETag: "3826-58386313a270c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 14374
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK facebook-82x82.png
www.xanterra.com/content/uploads/2017/05/ 5 KB
6 KB 139ms
139ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/05/facebook-82x82.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

262da2472a5aed6abc8f3e62201ef0a598965243fd9e5da84371e92a141651b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 12 May 2017 17:06:54 GMT
Server: Apache
ETag: "1492-54f56bb6fc780"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 5266
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK twitter-82x82.png
www.xanterra.com/content/uploads/2017/05/ 6 KB
6 KB 137ms
135ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/05/twitter-82x82.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

cf840f7686a215613e6390777e77faa985ecea3c2f0fed5cd1b7ffa8bf42e2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 12 May 2017 17:06:54 GMT
Server: Apache
ETag: "1694-54f56bb6fc780"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 5780
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK instagram-82x82.png
www.xanterra.com/content/uploads/2017/05/ 5 KB
6 KB 131ms
131ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/05/instagram-82x82.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

d60783c7e640b8e7f0867fdad3ef108a1ee9be4a6b2e0862d7bbcd5139e160ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 12 May 2017 17:06:54 GMT
Server: Apache
ETag: "15e8-54f56bb6fc780"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 5608
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK youtube-icon-mono-82x82.png
www.xanterra.com/content/uploads/2019/08/ 5 KB
5 KB 150ms
149ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2019/08/youtube-icon-mono-82x82.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

a837b5638a560791e164cd48fd8ac950598fe3fc7b20794a4ea242634427aa08

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 16 Aug 2019 16:40:15 GMT
Server: Apache
ETag: "13fc-5903ea51558e0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 5116
X-XSS-Protection: 1; mode=block

GET
H2

200

tintembed.js Show response
www.tintup.com/public/js/modules/
Redirect Chain

https://d36hc0p18k1aoc.cloudfront.net/public/js/modules/tintembed.js
https://www.tintup.com/public/js/modules/tintembed.js

122 KB
122 KB

305ms
240ms

Script
application/javascript

2600:9000:2182:be00:17:7ae0:4480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tintup.com/public/js/modules/tintembed.js
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:be00:17:7ae0:4480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 8024503814728804ec2295622a1d6af76dd587f7e64d5e6bbd6882df71172cc9

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
via: 1.1 3c2fca5c3988bc152e874a83fac74f4a.cloudfront.net (CloudFront), 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: DUS51-C1, DUS51-C1
x-cache: Miss from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
x-backend-server: ip-172-30-4-171.ec2.internal
x-amz-cf-id: PYCoV9MoLbGcZMkfhTfXPG2gb-xmEUOnoaZkonbGkR9yu_Eq_IUFWQ==

Redirect headers

date: Fri, 05 Jun 2020 10:14:19 GMT
via: 1.1 5fbb28bff7a0b15518cded51f089f259.cloudfront.net (CloudFront)
server: AmazonS3
age: 29765
status: 301
x-cache: Hit from cloudfront
location: https://www.tintup.com/public/js/modules/tintembed.js
x-amz-cf-pop: HAM50-C1
content-length: 0
x-amz-cf-id: xGcPOrYLJAcchF3nU_vjsJIUmVgrK5oYsCqsnTqGV0t7h6l8m1v9QQ==

GET
H/1.1 200
OK xanterraLogoWhite-280x139.png
www.xanterra.com/content/uploads/2019/08/ 16 KB
16 KB 131ms
130ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2019/08/xanterraLogoWhite-280x139.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

dc463bbb21a41c0ab117254c5024a8b0b76ec538b8f2f0482d1b90cf3ef3b5a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Tue, 20 Aug 2019 12:48:26 GMT
Server: Apache
ETag: "401e-5908bdf606a3d"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 16414
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK climate-savers.jpg
www.xanterra.com/content/uploads/2017/02/ 10 KB
11 KB 140ms
139ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/02/climate-savers.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

c928fdb51385041f3f674421c855f81de6dbb21b0085a3d003073cb810bc5208

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 03 Mar 2017 21:35:25 GMT
Server: Apache
ETag: "2939-549da52d5e140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 10553
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK new-tab.js Show response
www.xanterra.com/content/plugins/page-links-to/dist/ 15 KB
16 KB 136ms
135ms Script
application/javascript 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/plugins/page-links-to/dist/new-tab.js?ver=3.3.3

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

3ff904565543981d78679d6e90aaaded0d29dfb47198f711f2bc16c43dc57d89

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Wed, 03 Jun 2020 14:00:41 GMT
Server: Apache
ETag: "3d40-5a72e7415cde7"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15680
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 90 KB
32 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 18 May 2020 01:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1617264
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 May 2021 01:15:59 GMT

GET
H/1.1 200
OK jquery-ui.js Show response
code.jquery.com/ui/1.12.1/ 509 KB
122 KB 34ms
30ms Script
application/javascript 209.197.3.24
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.12.1/jquery-ui.js
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.24 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: vip0x018.map2.ssl.hwcdn.net
Software: nginx /
Resource Hash: 4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Sep 2016 16:34:16 GMT
Server: nginx
ETag: W/"57d97c08-7f20a"
Vary: Accept-Encoding
X-HW: 1591381822.dop012.sk1.t,1591381822.cds039.sk1.shn,1591381822.dop012.sk1.t,1591381823.cds016.sk1.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 124434

GET
H/1.1 200
OK scripts.js Show response
www.xanterra.com/content/themes/base/js/ 348 KB
349 KB 153ms
150ms Script
application/javascript 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/themes/base/js/scripts.js?ver=1.93

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

e2f08eb7b2b2f2d4b2d071b3da887c5e13554f7748488cd168331a2c62b249a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Sat, 30 May 2020 01:14:01 GMT
Server: Apache
ETag: "571a8-5a6d346ee075a"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 356776
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK wp-embed.min.js Show response
www.xanterra.com/wp/wp-includes/js/ 1 KB
2 KB 138ms
134ms Script
application/javascript 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/wp/wp-includes/js/wp-embed.min.js?ver=4.9.10

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Fri, 31 Aug 2018 06:29:28 GMT
Server: Apache
ETag: "57b-574b55042a200"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1403
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ajax-load-more.min.js Show response
www.xanterra.com/content/plugins/ajax-load-more/core/dist/js/ 164 KB
165 KB 395ms
131ms Script
application/javascript 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/plugins/ajax-load-more/core/dist/js/ajax-load-more.min.js?ver=5.1.4

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

aa76658ff2b923f33dcf516e0edd23012c7e8424d0a63adf1d96b22472bb65bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Thu, 22 Aug 2019 18:03:09 GMT
Server: Apache
ETag: "29086-590b88094d4b3"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 168070
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 143 KB
41 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5WFT4Z6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14cf40bc69ccd46f166fc3c4ef6a79b86ecde4de1e1e10ffebbee739bae75d78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41580
x-xss-protection: 0
last-modified: Fri, 05 Jun 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Jun 2020 18:30:23 GMT

GET
H/1.1 200
OK search.png
www.xanterra.com/content/themes/base/img/icons/ 1 KB
2 KB 216ms
135ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/themes/base/img/icons/search.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

71fd12d97b9f9aecaf7da4de60c8fdbf77596dc869bcb3562fb3fca82f2b4bdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/content/themes/base/css/style.css?ver=1.18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Fri, 08 Feb 2019 18:13:41 GMT
Server: Apache
ETag: "55c-58165eb3d1ba8"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1372
X-XSS-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK countdown-border.svg
www.xanterra.com/content/themes/base/img/ 145 B
524 B 223ms
135ms Image
image/svg+xml 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/themes/base/img/countdown-border.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

ccf346ddeb31feec2f3b98f4bebe61394413fa93165fb52960d3bc93451ca333

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/content/themes/base/css/style.css?ver=1.18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Sat, 30 May 2020 01:14:01 GMT
Server: Apache
ETag: "91-5a6d346eda99a"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 145
X-XSS-Protection: 1; mode=block

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Wed, 27 May 2020 04:01:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 829749
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Thu, 27 May 2021 04:01:14 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Thu, 21 May 2020 08:38:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 1331515
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Fri, 21 May 2021 08:38:28 GMT

GET
H2 200 wlpogwHKFkZgtmSR3NB0oRJfajhRK_Z_3rhH.woff2
fonts.gstatic.com/s/crimsontext/v10/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/crimsontext/v10/wlpogwHKFkZgtmSR3NB0oRJfajhRK_Z_3rhH.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

449a906d6b2ab46252e1ae6a93424fe8ac608ae9dbc2c10428d797520fc704f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Sat, 23 May 2020 01:34:53 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:19:48 GMT
server: sffe
age: 1184130
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15508
x-xss-protection: 0
expires: Sun, 23 May 2021 01:34:53 GMT

GET
H/1.1 206
Partial Content Untitled.mp4
www.xanterra.com/content/uploads/2020/06/ 304 KB
0 136ms
135ms Media
video/mp4 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/uploads/2020/06/Untitled.mp4

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Mon, 01 Jun 2020 16:03:15 GMT
Server: Apache
ETag: "1961700-5a707eeb5d634"
X-Frame-Options: SAMEORIGIN
Content-Type: video/mp4
Content-Range: bytes 0-26613503/26613504
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 26613504
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK joys-camp-bush-walk.png
www.xanterra.com/content/uploads/2020/05/ 1 MB
1 MB 232ms
130ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/joys-camp-bush-walk.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

85f6f8ecfdd120e04473bc328330881b35ff0a19dafda75a435480a71b09fd66

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:23 GMT
Last-Modified: Sat, 30 May 2020 01:27:27 GMT
Server: Apache
ETag: "162197-5a6d376f7c3ea"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1450391
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 97454273_10158468382913713_3527552984911183872_o.jpg
www.xanterra.com/content/uploads/2020/05/ 539 KB
540 KB 131ms
130ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/97454273_10158468382913713_3527552984911183872_o.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

edb77397f34ad796c93a40c9f0d86beb3a2d4418045743b8b048a6f1fc30f22b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 22 May 2020 16:47:35 GMT
Server: Apache
ETag: "86d18-5a63f62e515f9"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 552216
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Bikers_at_Vicksburg_Battlefield_in_Mississippi_-_D1-C3-_-_72_ppi-4-1-e1590667790614.jpg
www.xanterra.com/content/uploads/2020/05/ 637 KB
637 KB 135ms
134ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/Bikers_at_Vicksburg_Battlefield_in_Mississippi_-_D1-C3-_-_72_ppi-4-1-e1590667790614.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

00136ae44dda7f576212b8625b052ca50c4f32178d7598968d5a258209530de6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Thu, 28 May 2020 12:09:50 GMT
Server: Apache
ETag: "9f424-5a6b4349fb106"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 652324
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK iStock-509308670-e1590670627779.jpg
www.xanterra.com/content/uploads/2020/05/ 374 KB
375 KB 131ms
130ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/iStock-509308670-e1590670627779.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

24fc5aebddfeff69c83b569ccfb05a14259852c8e5c7b6eae6f46e89d44bd1eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Thu, 28 May 2020 12:57:07 GMT
Server: Apache
ETag: "5d9be-5a6b4ddb97e9c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 383422
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK GettyImages-1194566593-e1590671130420.jpg
www.xanterra.com/content/uploads/2020/05/ 1 MB
1 MB 151ms
150ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/GettyImages-1194566593-e1590671130420.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

0dc61a927a1081bb47bd3e4c23bc33e40cb171fa001f13a3d6fc7fb6e388576f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Thu, 28 May 2020 13:05:30 GMT
Server: Apache
ETag: "130228-5a6b4fbb62da3"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 1245736
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ranch-entry-600x300.jpg
www.xanterra.com/content/uploads/2020/01/ 69 KB
69 KB 140ms
139ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/01/ranch-entry-600x300.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

9269ff76d988110a8697d64cd9dfe41e5d4b08533c0c2ea05761f285046a4fdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Thu, 02 Jan 2020 16:54:18 GMT
Server: Apache
ETag: "113f9-59b2b0b3d3089"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 70649
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Many-Glacier-Hotel-from-Hillside-8.jpg
www.xanterra.com/content/uploads/2017/05/ 407 KB
407 KB 186ms
130ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2017/05/Many-Glacier-Hotel-from-Hillside-8.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

04725573aa44a4e96f03019266c876d127c4ba1b50a0ec6745c82437413b75e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 19 May 2017 16:28:58 GMT
Server: Apache
ETag: "65b2d-54fe304aa6680"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 416557
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK steam-flag-600x300.jpg
www.xanterra.com/content/uploads/2019/06/ 68 KB
68 KB 272ms
130ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2019/06/steam-flag-600x300.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

9c122c0753856bc192046422b9ad40de75f1c3b86796a1a329d76b57d72fd5ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Thu, 27 Jun 2019 16:15:21 GMT
Server: Apache
ETag: "10ee4-58c5077f91f31"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 69348
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK niagara-falls-getaway-7.jpg
www.xanterra.com/content/uploads/2020/05/ 16 MB
16 MB 178ms
130ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/niagara-falls-getaway-7.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

692582a00b906aa94494f27a7677a0df112cc04fd4c0d79ef8cea20ae71567e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 22 May 2020 17:35:35 GMT
Server: Apache
ETag: "1003d65-5a6400e8df7a8"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 16792933
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK roosevelt-cookout.jpg
www.xanterra.com/content/uploads/2020/05/ 432 KB
433 KB 161ms
140ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/roosevelt-cookout.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

ce4a6115677a67977af8657165097b465b8aa68453524a323620024c274c6620

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 22 May 2020 17:38:45 GMT
Server: Apache
ETag: "6c143-5a64019dc35a0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 442691
X-XSS-Protection: 1; mode=block

GET
H2 200 wlppgwHKFkZgtmSR3NB0oRJX1C1GDNNQ9rJPfw.woff2
fonts.gstatic.com/s/crimsontext/v10/ 13 KB
13 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/crimsontext/v10/wlppgwHKFkZgtmSR3NB0oRJX1C1GDNNQ9rJPfw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bcc80b636a61b36149ef6a4ec7081ca873e68782396f5f0e2d988c854322d8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Tue, 19 May 2020 01:10:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:23:07 GMT
server: sffe
age: 1531214
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13676
x-xss-protection: 0
expires: Wed, 19 May 2021 01:10:09 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TjASc6CsTYl4BO.woff2
fonts.gstatic.com/s/roboto/v20/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc6CsTYl4BO.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c575d67f22342308c6bdc002dce3d2bf2eb03c3434846dd8aeb4b2b74b43d43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Wed, 27 May 2020 04:54:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:39 GMT
server: sffe
age: 826572
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12824
x-xss-protection: 0
expires: Thu, 27 May 2021 04:54:11 GMT

GET
H2 200 wlp2gwHKFkZgtmSR3NB0oRJfbwhTIfFd3A.woff2
fonts.gstatic.com/s/crimsontext/v10/ 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/crimsontext/v10/wlp2gwHKFkZgtmSR3NB0oRJfbwhTIfFd3A.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3edefaa76df5db9537e355ed87a450f910154f9c76ee2a0b9462b8a7a31d95b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Wed, 27 May 2020 07:13:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:26:13 GMT
server: sffe
age: 818192
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14312
x-xss-protection: 0
expires: Thu, 27 May 2021 07:13:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Wed, 27 May 2020 06:53:30 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 819413
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Thu, 27 May 2021 06:53:30 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsTYl4BO.woff2
fonts.gstatic.com/s/roboto/v20/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsTYl4BO.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d630df8a89d2ec3c590c3b036b610c60fda3df53b3a4c81f3a9e5c94a0de5929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Wed, 20 May 2020 07:41:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:03 GMT
server: sffe
age: 1421336
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12688
x-xss-protection: 0
expires: Thu, 20 May 2021 07:41:27 GMT

GET
H/1.1 200
OK cartographer.png
www.xanterra.com/content/themes/base/img/ 168 KB
168 KB 135ms
134ms Image
image/png 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/themes/base/img/cartographer.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

6890d0206a75ab7bccfe291de59a8f80cbb6272a8f6f89b258523a2d7d65096d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/content/themes/base/css/style.css?ver=1.18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 08 Feb 2019 18:13:41 GMT
Server: Apache
ETag: "29ece-58165eb3c9ea8"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 171726
X-XSS-Protection: 1; mode=block

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 131 KB
31 KB 17ms
17ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 31766
x-xss-protection: 0
pragma: public
x-fb-debug: oNYaAZg2vb7A0sWugsauQitKl2ZHkap7k95K5Wlhkc3P3DRRAiBYuVFMENZp0tudWim+nhzOzGQ6ZsNoWm0+UQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WFT4Z6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 5644
date: Fri, 05 Jun 2020 16:56:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Fri, 05 Jun 2020 18:56:19 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
941 B 19ms
19ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

7b7ce130a306561a4101914e820186deaf9e9e012255c96667706129853c1084

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

POST
H2 200 Visit Show response
xanwebrpi.rphelios.net/api/Cache/ 197 B
310 B 607ms
207ms XHR
application/json 13.64.150.232
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://xanwebrpi.rphelios.net/api/Cache/Visit
Requested by: Host: xanwebrpi.rphelios.net
URL: https://xanwebrpi.rphelios.net/RPIFormValidation/shared/js/rpiweblib_v4.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.64.150.232 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2e9ae0bfcb0f6620519d4b3e01f9143615e24f844a6c913a37081b751dd9f1fe

Request headers

Accept: application/json
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Jun 2020 18:30:23 GMT
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
content-length: 197
expires: -1

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/choozle/8151/ 29 KB
9 KB 160ms
56ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/8151/Bootstrap.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WFT4Z6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 670c1e1231b975ab1eb9aef5092176dd4697cdb2f81b5ddec865fb67fa7e705d

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
content-encoding: gzip
last-modified: Thu, 14 Nov 2019 22:08:23 GMT
server: nginx
etag: W/"5dcdd057-7212"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300

GET
H2 200 hotjar-1714144.js Show response
static.hotjar.com/c/ 4 KB
2 KB 149ms
47ms Script
application/javascript 147.75.102.199
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1714144.js?sv=6

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.102.199 Central, Hong Kong, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress10

Software

Resource Hash

1a38de0692129675b5b3c76dcc508dabdbb67a1df02ce06b5a630606aa5263c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
content-encoding: br
x-content-type-options: nosniff
section-io-tag: hotjarjs
age: 293
status: 200
section-io-cache: Hit
vary: Accept-Encoding
content-length: 1726
cache-control: max-age=60
etag: W/b562c3e1c6f52a53190244b02fae516c
access-control-max-age: 600
section-io-origin-status: 200
access-control-allow-origin: *
x-cache-hit: 1
section-io-origin-time-seconds: 0.020
section-io-id: 85e2f74f1ebd6059da27c09a651ce180
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 69 KB
27 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5PB3Q34&t=gtm3&cid=696442659.1591381823

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b1c93d55f28ba8cec0b2e2564de8a7fc6111cd2f0222921513b3868ccb092c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27847
x-xss-protection: 0
last-modified: Fri, 05 Jun 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Jun 2020 18:30:23 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1404928623&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DG...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_gid=1110695872.1591381823&gjid=643841889&_v=j82&z=576099459
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_v=j82&z=576099459
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_v=j82&z=576099459&slf_rd=1&random=3935190211

42 B
106 B

17ms
16ms

Image
image/gif

2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_v=j82&z=576099459&slf_rd=1&random=3935190211

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Jun 2020 18:30:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Jun 2020 18:30:23 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1161592757&_v=j82&z=576099459&slf_rd=1&random=3935190211
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfln154-k/ 68 KB
26 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfln154-k/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d26f7c010747e1726413f29d8e50f3487099881b4466ecaefabf0fbfcff887ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Jun 2020 17:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89122
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25698
x-xss-protection: 0
last-modified: Thu, 04 Jun 2020 16:13:26 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 12 Jun 2020 17:45:01 GMT

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 42 KB
11 KB 17ms
17ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.18

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d2be7803ce22ea4563d3577bf0d5bfa8de3e85a754cf233a65b8cd34a156807c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 10701
x-xss-protection: 0
pragma: public
x-fb-debug: e3b7p3CQGrEBSeyWE9CYmz2c1mWt0golfUNyXjZAVdcTCSTZGSyrCURxHkkOag42WARN+9uasgR499OM5sP4kQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 206080526490980 Show response
connect.facebook.net/signals/config/ 516 KB
129 KB 48ms
48ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/206080526490980?v=2.9.18&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1c71b9d39da6e88a7e701b1c8aaee4ae48bbba173abf32faaec5f96439792615

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 131687
x-xss-protection: 0
pragma: public
x-fb-debug: qWd+39W+vf/MC86ik2WO7wcl1VxCDphCCJoTkkGneZG5MPwou2nxOvxIKLewpq3Q0u95CGNFKPSiOb3goD3PKg==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 modules.c618ee7dde3b49023442.js Show response
script.hotjar.com/ 369 KB
70 KB 154ms
49ms Script
application/javascript 147.75.100.245
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.c618ee7dde3b49023442.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1714144.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.100.245 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress2
Software: /
Resource Hash: 33367bba4a5dc9b2654baae1da2442ce081f383578c475dccce533446f8286f6

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
content-encoding: br
age: 52984
status: 200
section-io-cache: Hit
content-length: 71542
last-modified: Thu, 04 Jun 2020 17:23:29 GMT
etag: "a4b4a9718154528979eaf019b61f30e6"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.130
section-io-id: a76279eb22e3f205d779ac53740b9e59
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/choozle/8151/ 399 B
541 B 60ms
60ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/8151/serverComponent.php?r=74904930.39146224&ClientID=923&PageID=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/8151/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fa767c8b41fbb675b1eabe10bdcfae9ca3540ef3ad47be488a299139c351f8ab

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 05 Jun 2020 18:30:23 GMT
cache-control: no-cache, no-store
server: nginx
content-type: text/javascript
content-length: 399
expires: Fri, 05 Jun 2020 18:30:22 GMT

GET
H2 200 b22bb51fa34af6df47bd68272dfded6f.js Show response
nexus.ensighten.com/choozle/8151/code/ 1 KB
865 B 51ms
50ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/8151/code/b22bb51fa34af6df47bd68272dfded6f.js?conditionId0=4848152&conditionId1=4848157
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/8151/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4a708a3010997190375120453f3b9f8657dc9bc5ada4325c4f9cb45d59263d36

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
content-encoding: gzip
last-modified: Thu, 14 Nov 2019 22:08:23 GMT
server: nginx
etag: W/"5dcdd057-5c6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 ea56f93204fe867df462f8935ac9693e.js Show response
nexus.ensighten.com/choozle/8151/code/ 261 B
443 B 51ms
51ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/8151/code/ea56f93204fe867df462f8935ac9693e.js?conditionId0=421905
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/8151/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b003b4bb9f910d93e4f42f609cc96dff2fe12888d3caaf9dea8b17c6b0901c9a

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT
last-modified: Thu, 14 Nov 2019 22:08:23 GMT
server: nginx
etag: "5dcdd057-105"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 261

GET
H2 200 427130581176467 Show response
connect.facebook.net/signals/config/ 517 KB
129 KB 18ms
18ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/427130581176467?v=2.9.18&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d8a00caf71b945c76b24a4522d65d9bbf386b8396aaf08ec78fa781b2b21bc05

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 131707
x-xss-protection: 0
pragma: public
x-fb-debug: kBMmna1Z3Q+blI1ChExab3enouG/mc1XKeU8xlSgYwi5pzbP+Bntq/gXj22UNYFMbSUpTkD32lEfJicxslxVhQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
258 B 19ms
19ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=206080526490980&ev=PageView&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&rl=&if=false&ts=1591381823667&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=62&fbp=fb.1.1591381823666.422228783&it=1591381823438&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 05 Jun 2020 18:30:23 GMT

GET
H/1.1 200
OK 13853
cs.choozle.com/dp/chz/ 35 B
123 B 569ms
142ms Image
image/gif 23.21.83.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.choozle.com/dp/chz/13853?d=www.xanterra.com&cb=7968812934
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.83.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-83-205.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 236412366966438 Show response
connect.facebook.net/signals/config/ 516 KB
129 KB 20ms
20ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/236412366966438?v=2.9.18&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

72cb54e595c06719ddad137010d51703ae6c2912099dff2ef332020ca27f28dd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 131673
x-xss-protection: 0
pragma: public
x-fb-debug: fYa4HXr0OavmYNFcivXkUSu1GvdVGzBshBzF8vEf6jnVdoFQYdPDYvvmuD4kMP3slLqlsrIKP8jier48lIvinQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 19ms
19ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=427130581176467&ev=PageView&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&rl=&if=false&ts=1591381823715&sw=1600&sh=1200&v=2.9.18&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1591381823666.422228783&it=1591381823438&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 05 Jun 2020 18:30:23 GMT

GET
H2

200

/
cx.atdmt.com/
Redirect Chain

https://www.facebook.com/tr/?id=236412366966438&ev=PageView&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DX...
https://cx.atdmt.com/?c=15016065818521156487&f=AYw8eUA1svyT4ChdHFAObjQg6XINQ00Jupz19DKpUf5SL5mP3sqbsyejlxN7EM6TTKtBAXfHzr7rKcjc9OUtUdm6&id=236412366966438&l=3&v=0

42 B
329 B

102ms
64ms

Image
image/gif

2a03:2880:f007:2:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cx.atdmt.com/?c=15016065818521156487&f=AYw8eUA1svyT4ChdHFAObjQg6XINQ00Jupz19DKpUf5SL5mP3sqbsyejlxN7EM6TTKtBAXfHzr7rKcjc9OUtUdm6&id=236412366966438&l=3&v=0
Requested by: Host: www.xanterra.com
URL: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f007:2:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
content-type: image/gif
alt-svc: h3-27=":443"; ma=3600
content-length: 42
p3p: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"

Redirect headers

pragma: no-cache
date: Fri, 05 Jun 2020 18:30:23 GMT, Fri, 05 Jun 2020 18:30:23 GMT
server: proxygen-bolt
status: 302
content-type: text/plain
location: https://cx.atdmt.com/?c=15016065818521156487&f=AYw8eUA1svyT4ChdHFAObjQg6XINQ00Jupz19DKpUf5SL5mP3sqbsyejlxN7EM6TTKtBAXfHzr7rKcjc9OUtUdm6&id=236412366966438&l=3&v=0
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=3600
content-length: 0
expires: 0

GET
H/1.1 200
OK admin-ajax.php Show response
www.xanterra.com/wp/wp-admin/ 7 KB
7 KB 272ms
218ms XHR
application/json 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/wp/wp-admin/admin-ajax.php?id=&post_id=8967&slug=gratitude-contest&canonical_url=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F&posts_per_page=5&page=0&offset=0&post_type=post,%20stories&repeater=template_3&seo_start_page=1&preloaded=false&preloaded_amount=0&taxonomy=ctax_story_category&taxonomy_terms=roam-from-home&taxonomy_operator=IN&author=orderby=modified&order=desc&orderby=date&action=alm_get_posts&query_type=standard

Requested by

Host: www.xanterra.com
URL: https://www.xanterra.com/content/plugins/ajax-load-more/core/dist/js/ajax-load-more.min.js?ver=5.1.4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

aca3995f89fa87798b21036e1c62bc2237f9d8020eb9b25ae99cc6a65238dddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Jun 2020 18:30:24 GMT
Strict-Transport-Security: max-age=63072000;
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: Keep-Alive
X-Robots-Tag: noindex
Keep-Alive: timeout=5, max=94
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
97 B 6ms
6ms Image
image/gif 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j82&a=1404928623&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&ul=en-us&de=UTF-8&dt=%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=613&el=10%25&_u=aGDAAEADQ~&jid=&gjid=&cid=696442659.1591381823&tid=UA-1085772-1&_gid=1110695872.1591381823&gtm=2wg5r05WFT4Z6&z=667598722

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 May 2020 05:28:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688522
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 Events Show response
xanwebrpi.rphelios.net/api/ 0
24 B 207ms
206ms XHR
text/plain 13.64.150.232
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://xanwebrpi.rphelios.net/api/Events
Requested by: Host: xanwebrpi.rphelios.net
URL: https://xanwebrpi.rphelios.net/RPIFormValidation/shared/js/rpiweblib_v4.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.64.150.232 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

status: 204
pragma: no-cache
date: Fri, 05 Jun 2020 18:30:23 GMT
cache-control: no-cache
access-control-allow-origin: *
expires: -1

GET
H/1.1

200
OK

iframe
d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/ Frame 5E89
Redirect Chain

https://insight.adsrvr.org/tags/j5ww479/3qz8qrq/iframe
https://d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/iframe

0
0

1129ms
68ms

Document
text/html

13.225.83.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/iframe
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/8151/code/b22bb51fa34af6df47bd68272dfded6f.js?conditionId0=4848152&conditionId1=4848157
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.83.200 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-83-200.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Host: d1eoo1tco6rr5e.cloudfront.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D

Response headers

Content-Type: text/html
Content-Length: 133
Connection: keep-alive
Date: Fri, 05 Jun 2020 18:28:01 GMT
Last-Modified: Thu, 28 Mar 2019 20:30:30 GMT
ETag: "c77595942217824decd2fa0186340568"
Cache-Control: max-age=86400
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 216b2e0a8a27f8fca1b540a1c4ea6922.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: cARsgisSmiuHif2QnCZdawmr_ccng1WrjROXYw2ZbUyZbR_3G7ZnJg==
Age: 145

Redirect headers

status: 303
date: Fri, 05 Jun 2020 18:30:24 GMT
content-type: text/html; charset=UTF-8
content-length: 183
location: https://d1eoo1tco6rr5e.cloudfront.net/j5ww479/3qz8qrq/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 840D 0
0 154ms
50ms Document
text/html 147.75.100.245
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1714144.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.100.245 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress2
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D

Response headers

status: 200
date: Fri, 05 Jun 2020 18:30:24 GMT
content-type: text/html
content-length: 851
last-modified: Thu, 04 Jun 2020 17:23:25 GMT
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.120
section-origin-responded: true
age: 41649
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: c63370ce89c5d1a05fc109fa979d0eaf

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 20ms
19ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=206080526490980&ev=Microdata&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&rl=&if=false&ts=1591381824171&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.xanterra.com%2Fcontent%2Fuploads%2F2020%2F04%2F20200417-cta2.jpg%22%2C%22og%3Asite_name%22%3A%22Xanterra%22%2C%22article%3Apublished_time%22%3A%222020-05-30T01%3A22%3A08Z%22%2C%22article%3Amodified_time%22%3A%222020-06-01T16%3A03%3A43Z%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.18&r=stable&ec=1&o=62&fbp=fb.1.1591381823666.422228783&it=1591381823438&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:24 GMT, Fri, 05 Jun 2020 18:30:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 05 Jun 2020 18:30:24 GMT

GET
H/1.1 200
OK GettyImages-644951494-634x380.jpg
www.xanterra.com/content/uploads/2020/05/ 52 KB
52 KB 150ms
149ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/GettyImages-644951494-634x380.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

2f639b4ec1a6dcef91191bbce537fbcd71e406d37095096b419a6bdb08013dd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Wed, 20 May 2020 11:43:00 GMT
Server: Apache
ETag: "d048-5a612e5e61aeb"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 53320
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK GettyImages-183763953-858x380.jpg
www.xanterra.com/content/uploads/2020/05/ 82 KB
82 KB 131ms
131ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/05/GettyImages-183763953-858x380.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

097f37e011bf4740b9120c4a524c0ff2ec02548edc060b9360c6dd2c95644455

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 15 May 2020 13:49:59 GMT
Server: Apache
ETag: "14617-5a5b016db6c21"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 83479
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 20200417-cta1.jpg
www.xanterra.com/content/uploads/2020/04/ 125 KB
125 KB 135ms
135ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2020/04/20200417-cta1.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

6e5b8fa9e54e0f681ea76503f7dcdf063a851d05521b26d50c5ed9c454fb6343

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Fri, 17 Apr 2020 15:53:39 GMT
Server: Apache
ETag: "1f242-5a37e8d856e63"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 127554
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK shutterstock_143503156-858x380.jpg
www.xanterra.com/content/uploads/2018/04/ 97 KB
97 KB 151ms
151ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2018/04/shutterstock_143503156-858x380.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

e26a973f2faa2391e7e25f26d33ab0bd32db6c1391d603f9980f99d0f77dd7d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Wed, 04 Apr 2018 21:24:22 GMT
Server: Apache
ETag: "183cf-5690c72523435"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 99279
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK BryceZionGrandCanyon_shutterstock_131847782-858x380.jpg
www.xanterra.com/content/uploads/2019/07/ 76 KB
77 KB 135ms
135ms Image
image/jpeg 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.xanterra.com/content/uploads/2019/07/BryceZionGrandCanyon_shutterstock_131847782-858x380.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

a9fb4610e544780718cd9d75cc370928b8a6d4c3351b53b0da203cdcb977f7b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Tue, 02 Jul 2019 16:53:46 GMT
Server: Apache
ETag: "131ba-58cb59694a084"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 78266
X-XSS-Protection: 1; mode=block

GET
H2 200 wlprgwHKFkZgtmSR3NB0oRJfajCOD-NS_LVtfaKv.woff2
fonts.gstatic.com/s/crimsontext/v10/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/crimsontext/v10/wlprgwHKFkZgtmSR3NB0oRJfajCOD-NS_LVtfaKv.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e4951be532872aa35950413d5146374a68961e2bfd39907785fe8d7105910905

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Crimson+Text:400,400i,600,600i,700,700i|Roboto:300,300i,400,400i,700,700i
Origin: https://www.xanterra.com

Response headers

date: Tue, 19 May 2020 04:32:08 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:20:45 GMT
server: sffe
age: 1519096
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15200
x-xss-protection: 0
expires: Wed, 19 May 2021 04:32:08 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 19ms
19ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=427130581176467&ev=Microdata&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&rl=&if=false&ts=1591381824243&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.xanterra.com%2Fcontent%2Fuploads%2F2020%2F04%2F20200417-cta2.jpg%22%2C%22og%3Asite_name%22%3A%22Xanterra%22%2C%22article%3Apublished_time%22%3A%222020-05-30T01%3A22%3A08Z%22%2C%22article%3Amodified_time%22%3A%222020-06-01T16%3A03%3A43Z%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.18&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1591381823666.422228783&it=1591381823438&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:24 GMT, Fri, 05 Jun 2020 18:30:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 05 Jun 2020 18:30:24 GMT

GET
H/1.1 206
Partial Content Untitled.mp4
www.xanterra.com/content/uploads/2020/06/ 38 KB
38 KB 135ms
135ms Media
video/mp4 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/uploads/2020/06/Untitled.mp4

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

ac0370262401b9d1db3ae4ab192613081351fab33eac4c16e4eea93989433662

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=26574848-

Response headers

Date: Fri, 05 Jun 2020 18:30:24 GMT
Last-Modified: Mon, 01 Jun 2020 16:03:15 GMT
Server: Apache
ETag: "1961700-5a707eeb5d634"
X-Frame-Options: SAMEORIGIN
Content-Type: video/mp4
Content-Range: bytes 26574848-26613503/26613504
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 38656
X-XSS-Protection: 1; mode=block

POST
H2 204 1714144 Show response
vc.hotjar.io/sessions/ 0
116 B 172ms
69ms XHR
text/plain 147.75.102.13
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/1714144?s=0.25
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.c618ee7dde3b49023442.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.13 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress3
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 05 Jun 2020 18:30:24 GMT
access-control-allow-origin: *
section-io-id: e922d13906cebbfafb54535d6e0cb0a8
section-origin-responded: true

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 19ms
19ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=236412366966438&ev=Microdata&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&rl=&if=false&ts=1591381824329&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.xanterra.com%2Fcontent%2Fuploads%2F2020%2F04%2F20200417-cta2.jpg%22%2C%22og%3Asite_name%22%3A%22Xanterra%22%2C%22article%3Apublished_time%22%3A%222020-05-30T01%3A22%3A08Z%22%2C%22article%3Amodified_time%22%3A%222020-06-01T16%3A03%3A43Z%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.18&r=stable&ec=1&o=30&fbp=fb.1.1591381823666.422228783&it=1591381823438&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f107:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 18:30:24 GMT, Fri, 05 Jun 2020 18:30:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 05 Jun 2020 18:30:24 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 6ms
6ms Image
image/gif 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j82&a=1404928623&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3DGuest%26utm_campaign%3DXAN_200605_TacNews_Explore_guest_FNAME-6%26PID%3D56799938%26PN_email%3DE2Wx5Sepj%252FYqk9yhsQ5jTQfMz5w4%252FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%252BPEoEHDH5LBwEE%253D&ul=en-us&de=UTF-8&dt=%23OneWeekofGratitude%20Sweepstakes%20%7C%20Xanterra&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=750&el=10%25&_u=aGDAAEADQ~&jid=&gjid=&cid=696442659.1591381823&tid=UA-1085772-1&_gid=1110695872.1591381823&gtm=2wg5r05WFT4Z6&z=2027459194

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 May 2020 05:28:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688522
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 206
Partial Content Untitled.mp4
www.xanterra.com/content/uploads/2020/06/ 24 MB
0 141ms
141ms Media
video/mp4 192.99.20.144
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xanterra.com/content/uploads/2020/06/Untitled.mp4

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

192.99.20.144 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

xanterra3.vsrv.io

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=294912-

Response headers

Date: Fri, 05 Jun 2020 18:30:25 GMT
Last-Modified: Mon, 01 Jun 2020 16:03:15 GMT
Server: Apache
ETag: "1961700-5a707eeb5d634"
X-Frame-Options: SAMEORIGIN
Content-Type: video/mp4
Content-Range: bytes 294912-26613503/26613504
Connection: Keep-Alive
Strict-Transport-Security: max-age=63072000;
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 26318592
X-XSS-Protection: 1; mode=block

GET
H2 200 popUpModalEndpoint
cdn.hypemarks.com/raw/ Frame 6C46 0
0 91ms
24ms Document
text/html 2600:9000:2156:5000:9:6a30:ebc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.hypemarks.com/raw/popUpModalEndpoint

Requested by

Host: www.tintup.com
URL: https://www.tintup.com/public/js/modules/tintembed.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:5000:9:6a30:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cdn.hypemarks.com
:scheme: https
:path: /raw/popUpModalEndpoint
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D

Response headers

status: 200
content-type: text/html; charset=UTF-8
server: nginx
date: Fri, 05 Jun 2020 18:30:04 GMT
x-xss-protection: 0
x-backend-server: ip-172-30-0-196.ec2.internal
x-cache: Hit from cloudfront
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: WBKmwcgfJLTRpM3GKxTnOU3aYRpu4AoY716zYMBAwnx8toWkXX989g==
age: 22

GET
H2 200 xanterra
cdn.hypemarks.com/t/ Frame 3873 0
0 444ms
382ms Document
text/html 2600:9000:2156:5000:9:6a30:ebc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.hypemarks.com/t/xanterra?width=1600&expand=true&clickForMore=true&personalization_id=725549

Requested by

Host: www.tintup.com
URL: https://www.tintup.com/public/js/modules/tintembed.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:5000:9:6a30:ebc0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cdn.hypemarks.com
:scheme: https
:path: /t/xanterra?width=1600&expand=true&clickForMore=true&personalization_id=725549
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D

Response headers

status: 200
content-type: text/html; charset=UTF-8
server: nginx
date: Fri, 05 Jun 2020 18:30:26 GMT
x-xss-protection: 0
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
x-backend-server: ip-172-30-0-196.ec2.internal
x-cache: Miss from cloudfront
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: qH-JYkLLap2Dv1hbWvzpz_0yW4NRk4U5fg040SYYgQi5UR0_Vn61mQ==

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1404928623&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.xanterra.com%2Fgratitude-contest%2F%3Futm_source%3DRPI%26utm_medium%3Demail%26utm_content%3...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_gid=112676629.1591381834&gjid=1286153499&_v=j82&z=1667273532
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_v=j82&z=1667273532
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_v=j82&z=1667273532&slf_rd=1&random=2607244916

42 B
106 B

17ms
17ms

Image
image/gif

2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_v=j82&z=1667273532&slf_rd=1&random=2607244916

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xanterra.com/gratitude-contest/?utm_source=RPI&utm_medium=email&utm_content=Guest&utm_campaign=XAN_200605_TacNews_Explore_guest_FNAME-6&PID=56799938&PN_email=E2Wx5Sepj%2FYqk9yhsQ5jTQfMz5w4%2FDXAqzrkNQAdHMgbwBvxDkVLMHq9GjtKYvhCpLsGGYhm4hbZ86vJpEdImAATGXIND%2BPEoEHDH5LBwEE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Jun 2020 18:30:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Jun 2020 18:30:34 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1085772-1&cid=696442659.1591381823&jid=1236062368&_v=j82&z=1667273532&slf_rd=1&random=2607244916
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

168 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 23) Message: [Facebook Pixel] - An invalid email address was specified for 'em'. This data will not be sent with any events for this Pixel.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.hypemarks.com
code.jquery.com
connect.facebook.net
cs.choozle.com
cx.atdmt.com
d1eoo1tco6rr5e.cloudfront.net
d36hc0p18k1aoc.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
insight.adsrvr.org
links.email3.xanterra.net
nexus.ensighten.com
s.ytimg.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
vc.hotjar.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.tintup.com
www.xanterra.com
www.youtube.com
xanwebrpi.rphelios.net
13.225.83.200
13.64.150.232
147.75.100.245
147.75.102.13
147.75.102.199
18.195.42.228
192.99.20.144
209.197.3.24
23.21.83.205
2600:9000:2093:3e00:5:227c:1300:21
2600:9000:2156:5000:9:6a30:ebc0:93a1
2600:9000:2182:be00:17:7ae0:4480:93a1
2606:4700:20::681a:2dd
2a00:1450:4001:800::2003
2a00:1450:4001:802::2003
2a00:1450:4001:808::200e
2a00:1450:4001:809::200e
2a00:1450:4001:815::200a
2a00:1450:4001:81b::200a
2a00:1450:4001:81c::2008
2a00:1450:4001:81d::200e
2a00:1450:4001:81e::2004
2a00:1450:400c:c00::9c
2a03:2880:f007:2:face:b00c:0:1
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f107:83:face:b00c:0:25de
52.209.184.21
00136ae44dda7f576212b8625b052ca50c4f32178d7598968d5a258209530de6
04725573aa44a4e96f03019266c876d127c4ba1b50a0ec6745c82437413b75e7
097f37e011bf4740b9120c4a524c0ff2ec02548edc060b9360c6dd2c95644455
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0dc61a927a1081bb47bd3e4c23bc33e40cb171fa001f13a3d6fc7fb6e388576f
0e055a370a180fadee54d2b7e87c0bed2ce1281aad2261b561d2de6cda5f5d37
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14cf40bc69ccd46f166fc3c4ef6a79b86ecde4de1e1e10ffebbee739bae75d78
1a38de0692129675b5b3c76dcc508dabdbb67a1df02ce06b5a630606aa5263c4
1c71b9d39da6e88a7e701b1c8aaee4ae48bbba173abf32faaec5f96439792615
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
23b73a52d88ee0c1bdbdb7f9936ad05d3c867a38e9c4de887ce7d674447d5261
24fc5aebddfeff69c83b569ccfb05a14259852c8e5c7b6eae6f46e89d44bd1eb
262da2472a5aed6abc8f3e62201ef0a598965243fd9e5da84371e92a141651b0
2e9ae0bfcb0f6620519d4b3e01f9143615e24f844a6c913a37081b751dd9f1fe
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
2f616972a6d28131cfaa7b934c1b7314d5dd28b89fe6df3c856bcb0e384822b8
2f639b4ec1a6dcef91191bbce537fbcd71e406d37095096b419a6bdb08013dd5
313788fc2ff99aec1b6adab0d4b49421a088fe147e391b9a7266c1fdcdccda31
33367bba4a5dc9b2654baae1da2442ce081f383578c475dccce533446f8286f6
38f8582352e684ca0d4a55f406ace67c4fb1914f975cfdd31f939f2421b85914
3e2bad60fb2ae83313f3f98a04893164c2a6a0aeada301b785210b56fb111dc1
3edefaa76df5db9537e355ed87a450f910154f9c76ee2a0b9462b8a7a31d95b1
3f3ad98917349696edf712f3b48143121926a1fc9cf90cad488c3476bbd4ce7a
3ff904565543981d78679d6e90aaaded0d29dfb47198f711f2bc16c43dc57d89
449a906d6b2ab46252e1ae6a93424fe8ac608ae9dbc2c10428d797520fc704f0
44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0
4a708a3010997190375120453f3b9f8657dc9bc5ada4325c4f9cb45d59263d36
4bcc80b636a61b36149ef6a4ec7081ca873e68782396f5f0e2d988c854322d8b
4c575d67f22342308c6bdc002dce3d2bf2eb03c3434846dd8aeb4b2b74b43d43
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
4ea4de94b05caf25349848cbcd53119ee2fe36a8b23a4a3d7f8ca1f2303b73a5
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d
5316e0ab38a57f2c981b785d6d43dbab7d485dce10bd1ce9eb5623aaa6fd8a5e
5620211c4c35f09da08d61208503e16ee7aef74043a8e785a97a1c879e780bb7
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6701141ade0b13657f1339ecad529f40dab31125c5700fc90506b259758abf48
670c1e1231b975ab1eb9aef5092176dd4697cdb2f81b5ddec865fb67fa7e705d
6890d0206a75ab7bccfe291de59a8f80cbb6272a8f6f89b258523a2d7d65096d
692582a00b906aa94494f27a7677a0df112cc04fd4c0d79ef8cea20ae71567e6
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e5b8fa9e54e0f681ea76503f7dcdf063a851d05521b26d50c5ed9c454fb6343
71fd12d97b9f9aecaf7da4de60c8fdbf77596dc869bcb3562fb3fca82f2b4bdb
72cb54e595c06719ddad137010d51703ae6c2912099dff2ef332020ca27f28dd
7840b882c40dbf74ed59a55fa03d3045829b3c09db856ad6e08ac4ae8d3b5bff
7b7ce130a306561a4101914e820186deaf9e9e012255c96667706129853c1084
8024503814728804ec2295622a1d6af76dd587f7e64d5e6bbd6882df71172cc9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85f6f8ecfdd120e04473bc328330881b35ff0a19dafda75a435480a71b09fd66
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9269ff76d988110a8697d64cd9dfe41e5d4b08533c0c2ea05761f285046a4fdb
9c122c0753856bc192046422b9ad40de75f1c3b86796a1a329d76b57d72fd5ac
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9f7ee1126aee7616c59ef5ce2b6c48561957562a826de7927c21b4b23e13f9cd
a20dcef4408f3c8db458622d83e689a0469dcc3b5aaf59bd74844bcd325703d6
a837b5638a560791e164cd48fd8ac950598fe3fc7b20794a4ea242634427aa08
a9affa6765ae0b7fabb07f8cf27652be75aa0f7df76a85e30ab75cf390ecc249
a9fb4610e544780718cd9d75cc370928b8a6d4c3351b53b0da203cdcb977f7b9
aa76658ff2b923f33dcf516e0edd23012c7e8424d0a63adf1d96b22472bb65bb
ac0370262401b9d1db3ae4ab192613081351fab33eac4c16e4eea93989433662
aca3995f89fa87798b21036e1c62bc2237f9d8020eb9b25ae99cc6a65238dddd
ad64f002f7ba8f35d8fbab8d5d8e3854c42aa15f1c862feb939a763458244be7
b003b4bb9f910d93e4f42f609cc96dff2fe12888d3caaf9dea8b17c6b0901c9a
b8df767477cd173b1af6251cdfd4d23d184b1185d8e7a4e6aa71fcc05b31d973
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c928fdb51385041f3f674421c855f81de6dbb21b0085a3d003073cb810bc5208
ccf346ddeb31feec2f3b98f4bebe61394413fa93165fb52960d3bc93451ca333
ce4a6115677a67977af8657165097b465b8aa68453524a323620024c274c6620
cf840f7686a215613e6390777e77faa985ecea3c2f0fed5cd1b7ffa8bf42e2e1
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
d26f7c010747e1726413f29d8e50f3487099881b4466ecaefabf0fbfcff887ff
d2be7803ce22ea4563d3577bf0d5bfa8de3e85a754cf233a65b8cd34a156807c
d60783c7e640b8e7f0867fdad3ef108a1ee9be4a6b2e0862d7bbcd5139e160ce
d630df8a89d2ec3c590c3b036b610c60fda3df53b3a4c81f3a9e5c94a0de5929
d8a00caf71b945c76b24a4522d65d9bbf386b8396aaf08ec78fa781b2b21bc05
d9cc52a209daecff6624cb3fceed5c9121042849d7710881f947988a1a1a348b
dc463bbb21a41c0ab117254c5024a8b0b76ec538b8f2f0482d1b90cf3ef3b5a9
e0659211bfa7b3c645b368825acc728a29a25e6f424a04dbdd24add7baf73960
e26a973f2faa2391e7e25f26d33ab0bd32db6c1391d603f9980f99d0f77dd7d8
e2f08eb7b2b2f2d4b2d071b3da887c5e13554f7748488cd168331a2c62b249a0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b1c93d55f28ba8cec0b2e2564de8a7fc6111cd2f0222921513b3868ccb092c
e4951be532872aa35950413d5146374a68961e2bfd39907785fe8d7105910905
edb77397f34ad796c93a40c9f0d86beb3a2d4418045743b8b048a6f1fc30f22b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f29bcb61e16acf81997f5e0cb5136f7946f993981c43a2e6416fd9284453318a
fa767c8b41fbb675b1eabe10bdcfae9ca3540ef3ad47be488a299139c351f8ab
fe89f7a270664ccebaf60f89dc237b7aa911e25c6ec8893daa7c96cc02ee714a

www.xanterra.com Open in urlscan Pro 192.99.20.144 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

101 Requests

100 %HTTPS

63 %IPv6

24 Domains

28 Subdomains

23 IPs

6 Countries

24743 kBTransfer

52198 kBSize

0 Cookies

30 Outgoing links

Page URL History

Redirected requests

101 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

www.xanterra.com Open in urlscan Pro
192.99.20.144 Public Scan

Screenshot
Live screenshot

Full Image

101
Requests

100 %
HTTPS

63 %
IPv6

24
Domains

28
Subdomains

23
IPs

6
Countries

24743 kB
Transfer

52198 kB
Size

0
Cookies

101 HTTP transactions
2 data transactions