www.express-scripts.com Open in urlscan Pro
167.211.52.57 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Submission: On February 14 via api (February 14th 2022, 2:27:19 pm UTC) from US — Scanned from DE

Summary HTTP 50 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 16 IPs in 5 countries across 13 domains to perform 50 HTTP transactions. The main IP is 167.211.52.57, located in United States and belongs to EXPRES, US. The main domain is www.express-scripts.com. The Cisco Umbrella rank of the primary domain is 76619.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on August 19th 2021. Valid for: a year.

This is the only time www.express-scripts.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	167.211.52.57 167.211.52.57	5696 (EXPRES) (EXPRES)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
5	2600:9000:21f... 2600:9000:21f3:1e00:8:7fec:8380:21	16509 (AMAZON-02) (AMAZON-02)
3	2a02:26f0:6c0... 2a02:26f0:6c00:2b0::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	34.250.134.201 34.250.134.201	16509 (AMAZON-02) (AMAZON-02)
1	13.225.80.80 13.225.80.80	16509 (AMAZON-02) (AMAZON-02)
1	3.248.86.91 3.248.86.91	16509 (AMAZON-02) (AMAZON-02)
2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
7 7	34.248.191.66 34.248.191.66	16509 (AMAZON-02) (AMAZON-02)
1	52.18.193.194 52.18.193.194	16509 (AMAZON-02) (AMAZON-02)
6 12	34.246.234.200 34.246.234.200	16509 (AMAZON-02) (AMAZON-02)
9 9	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
16	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
50	16

8 167.211.52.57 (United States)

ASN5696 (EXPRES, US)

www.express-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21f3:1e00:8:7fec:8380:21 (United States)

ASN16509 (AMAZON-02, US)

d1sasz49lqpqtq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:2b0::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.250.134.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-134-201.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.80.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-80.fra2.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.86.91 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-86-91.eu-west-1.compute.amazonaws.com

expressscriptsholdingcompany.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

expressscripts.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.248.191.66 (Dublin, Ireland) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-191-66.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.193.194 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-193-194.eu-west-1.compute.amazonaws.com

expressscriptsholdin.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.246.234.200 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.98 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	everesttech.net 13 redirects cm.everesttech.net — Cisco Umbrella Rank: 881 pixel.everesttech.net — Cisco Umbrella Rank: 2907	9 KB
17	qualtrics.com zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com — Cisco Umbrella Rank: 153327 zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com — Cisco Umbrella Rank: 148019 siteintercept.qualtrics.com — Cisco Umbrella Rank: 1020	99 KB
9	doubleclick.net 9 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 175	2 KB
8	express-scripts.com www.express-scripts.com — Cisco Umbrella Rank: 76619	193 KB
5	cloudfront.net d1sasz49lqpqtq.cloudfront.net	136 KB
3	omtrdc.net expressscripts.sc.omtrdc.net — Cisco Umbrella Rank: 108282 expressscriptsholdin.tt.omtrdc.net — Cisco Umbrella Rank: 134991	1 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 187 expressscriptsholdingcompany.demdex.net — Cisco Umbrella Rank: 133910	6 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 505	131 KB
1	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 311	715 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 306	18 KB
1	branch.io cdn.branch.io — Cisco Umbrella Rank: 899	24 KB
1	gstatic.com fonts.gstatic.com	30 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
50	13

	Domain	Requested by
15	siteintercept.qualtrics.com	www.express-scripts.com
12	pixel.everesttech.net	6 redirects
9	cm.g.doubleclick.net	9 redirects
8	www.express-scripts.com	www.express-scripts.com
7	cm.everesttech.net	7 redirects
5	d1sasz49lqpqtq.cloudfront.net	www.express-scripts.com
3	assets.adobedtm.com	www.express-scripts.com
2	expressscripts.sc.omtrdc.net	www.express-scripts.com assets.adobedtm.com
2	dpm.demdex.net	www.express-scripts.com
1	bam-cell.nr-data.net	www.express-scripts.com
1	zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com	www.express-scripts.com
1	zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com	www.express-scripts.com
1	js-agent.newrelic.com	www.express-scripts.com
1	expressscriptsholdin.tt.omtrdc.net	www.express-scripts.com
1	expressscriptsholdingcompany.demdex.net	www.express-scripts.com
1	cdn.branch.io	www.express-scripts.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.express-scripts.com
50	18

This site contains links to these domains. Also see Links.

Domain
accredo.com
insiderx.com
www.fda.gov
jobs.cigna.com

Subject Issuer	Validity	Valid
www.express-scripts.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-08-19` - `2022-09-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
*.sc.omtrdc.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-10-05` - `2022-03-04`	5 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-11` - `2022-10-12`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-24` - `2022-09-24`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Frame ID: 11E5BCB77571E9210A46AC7B079ED4D7
Requests: 46 HTTP requests in this frame

Frame: https://expressscriptsholdingcompany.demdex.net/dest5.html?d_nsid=0
Frame ID: 9A7641A60378CB2D1F785B9A3256EF2D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page not found | Express ScriptsWarning iconExpress Scripts Logo

Detected technologies

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

50
Requests

86 %
HTTPS

24 %
IPv6

13
Domains

18
Subdomains

16
IPs

5
Countries

643 kB
Transfer

2245 kB
Size

13
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://accredo.com/
Title: Accredo Log In

Search URL Search Domain Scan URL

URL: https://insiderx.com/?source=expressscripts
Title: Inside RX

Search URL Search Domain Scan URL

URL: https://www.fda.gov/ForConsumers/ConsumerUpdates/ucm101653.htm
Title: Disposal of Medications

Search URL Search Domain Scan URL

URL: https://jobs.cigna.com/
Title: Careers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22

https://cm.everesttech.net/cm/dd?d_uuid=57761321009620757543484672550899062206 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YgpmwgAAAEzt2QQz

Request Chain 24

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_tc= HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEFIKSle1XWV9W_nMIjDjhXw&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 25

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_tc= HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEAUVx89YqIO_UDepAdu3gfM&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 27

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060&google_tc= HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060&google_gid=CAESEKcgTXCbo3xqTnYMNTdKPls&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 32

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782&google_gid=CAESEFIKSle1XWV9W_nMIjDjhXw&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 35

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEKcgTXCbo3xqTnYMNTdKPls&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 38

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEKcgTXCbo3xqTnYMNTdKPls&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

50 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request Aeonik-LightItalic.woff' Show response
www.express-scripts.com/art/email/ 93 KB
40 KB 419ms
119ms Document
text/html 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

ec99eaf3e4e7deccf349af3a7da0aff58ce5b191782360bb830968e06f82a4a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .express-scripts.com d1sasz49lqpqtq.cloudfront.net .qualtrics.com .omtrdc.net .demdex.net .googlesyndication.com .instagram.com .linkedin.com px.ads.linkedin.com snap.licdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1sasz49lqpqtq.cloudfront.net .adobedtm.com .fontawesome.com .qualtrics.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .google.com .gstatic.com .facebook.net .ads-twitter.com .twitter.com .brightcove.com .brightcove.net vjs.zencdn.net .s3.amazonaws.com snap.licdn.com .googletagmanager.com .express-scripts.com activitymap.adobe.com .branch.io app.link js-agent.newrelic.com bam-cell.nr-data.net insight.adsrvr.org .facebook.com .twitter.com .linkedin.com px.ads.linkedin.com snap.licdn.com; object-src 'self' .s3.amazonaws.com .brightcove.net d1sasz49lqpqtq.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com .express-scripts.com .cloudflare.com .fontawesome.com .s3.amazonaws.com d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com; img-src 'self' data: .qualtrics.com .omtrdc.net expressscripts.sc.omtrdc.net .everesttech.net .demdex.net .facebook.com t.co .s3.amazonaws.com .brightcove.com .prod.boltdns.net .google.com openbadges.blob.core.windows.net d1sasz49lqpqtq.cloudfront.net .express-scripts.com .llnwd.net .linkedin.com .doubleclick.net .branch.io .adsrvr.org .googletagmanager.com .addthis.com .pinsightmedia.com .mookie1.com .advertising.com .scorecardresearch.com .linksynergy.com .casalemedia.com .insightexpressai.com .media6degrees.com .analytics.yahoo.com mid.rkdms.com match.sync.ad.cpe.dotomi.com aa.agkn.com ib.adnxs.com io.narrative.io cm.pos.baidu.com x.bidswitch.net tags.bluekai.com cs.adingo.jp ml314.com loadm.exelator.com global.ib-ibi.com ckm.iqiyi.com usermatch.krxd.net i.liadm.com idsync.rlcdn.com simage2.pubmatic.com e.nexac.com cm.mediav.com pixel.rubiconproject.com uipglob.semasio.net match.sharethrough.com s.thebrighttag.com eb2.3lift.com pixel.tapad.com cm.l.qq.com dmp.truoptik.com c.yes.youku.com; media-src 'self' blob: .express-scripts.com .s3.amazonaws.com .brightcove.com .prod.boltdns.net d1sasz49lqpqtq.cloudfront.net .akamaihd.net; frame-src 'self' .s3.amazonaws.com .qualtrics.com .youtube.com .omtrdc.net .demdex.net .google.com d1sasz49lqpqtq.cloudfront.net .fls.doubleclick.net activitymap.adobe.com .omniture.com .facebook.com; child-src 'self' blob: .express-scripts.com .s3.amazonaws.com .youtube.com d1sasz49lqpqtq.cloudfront.net; font-src 'self' data: .express-scripts.com fonts.googleapis.com fonts.gstatic.com .s3.amazonaws.com .amazonaws.com d1sasz49lqpqtq.cloudfront.net; connect-src 'self' .express-scripts.com .qualtrics.com .adobedtm.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .brightcove.com .prod.boltdns.net .akamaihd.net d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com .llnwd.net .mktoresp.com di-tag.express-scripts.com .branch.io app.link wss://.express-scripts.com bam-cell.nr-data.net .cigna.com default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=25286, public, s-maxage=0
Content-Language: en
Content-Security-Policy: default-src 'self' data: *.express-scripts.com d1sasz49lqpqtq.cloudfront.net *.qualtrics.com *.omtrdc.net *.demdex.net *.googlesyndication.com *.instagram.com *.linkedin.com px.ads.linkedin.com snap.licdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1sasz49lqpqtq.cloudfront.net *.adobedtm.com *.fontawesome.com *.qualtrics.com *.everestjs.net *.omtrdc.net *.marketo.net *.demdex.net *.google.com *.gstatic.com *.facebook.net *.ads-twitter.com *.twitter.com *.brightcove.com *.brightcove.net vjs.zencdn.net *.s3.amazonaws.com snap.licdn.com *.googletagmanager.com *.express-scripts.com activitymap.adobe.com *.branch.io app.link js-agent.newrelic.com bam-cell.nr-data.net insight.adsrvr.org *.facebook.com *.twitter.com *.linkedin.com px.ads.linkedin.com snap.licdn.com; object-src 'self' *.s3.amazonaws.com *.brightcove.net d1sasz49lqpqtq.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.express-scripts.com *.cloudflare.com *.fontawesome.com *.s3.amazonaws.com d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com; img-src 'self' data: *.qualtrics.com *.omtrdc.net expressscripts.sc.omtrdc.net *.everesttech.net *.demdex.net *.facebook.com t.co *.s3.amazonaws.com *.brightcove.com *.prod.boltdns.net *.google.com openbadges.blob.core.windows.net d1sasz49lqpqtq.cloudfront.net *.express-scripts.com *.llnwd.net *.linkedin.com *.doubleclick.net *.branch.io *.adsrvr.org *.googletagmanager.com *.addthis.com *.pinsightmedia.com *.mookie1.com *.advertising.com *.scorecardresearch.com *.linksynergy.com *.casalemedia.com *.insightexpressai.com *.media6degrees.com *.analytics.yahoo.com mid.rkdms.com match.sync.ad.cpe.dotomi.com aa.agkn.com ib.adnxs.com io.narrative.io cm.pos.baidu.com x.bidswitch.net tags.bluekai.com cs.adingo.jp ml314.com loadm.exelator.com global.ib-ibi.com ckm.iqiyi.com usermatch.krxd.net i.liadm.com idsync.rlcdn.com simage2.pubmatic.com e.nexac.com cm.mediav.com pixel.rubiconproject.com uipglob.semasio.net match.sharethrough.com s.thebrighttag.com eb2.3lift.com pixel.tapad.com cm.l.qq.com dmp.truoptik.com c.yes.youku.com; media-src 'self' blob: *.express-scripts.com *.s3.amazonaws.com *.brightcove.com *.prod.boltdns.net d1sasz49lqpqtq.cloudfront.net *.akamaihd.net; frame-src 'self' *.s3.amazonaws.com *.qualtrics.com *.youtube.com *.omtrdc.net *.demdex.net *.google.com d1sasz49lqpqtq.cloudfront.net *.fls.doubleclick.net activitymap.adobe.com *.omniture.com *.facebook.com; child-src 'self' blob: *.express-scripts.com *.s3.amazonaws.com *.youtube.com d1sasz49lqpqtq.cloudfront.net; font-src * 'self' data: *.express-scripts.com fonts.googleapis.com fonts.gstatic.com *.s3.amazonaws.com *.amazonaws.com d1sasz49lqpqtq.cloudfront.net; connect-src 'self' *.express-scripts.com *.qualtrics.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.marketo.net *.demdex.net *.brightcove.com *.prod.boltdns.net *.akamaihd.net d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com *.llnwd.net *.mktoresp.com di-tag.express-scripts.com *.branch.io app.link wss://*.express-scripts.com bam-cell.nr-data.net *.cigna.com default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Type: text/html; charset=UTF-8
Date: Mon, 14 Feb 2022 14:27:13 GMT
Etag: "1644848367"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
From-Origin: same
Last-Modified: Mon, 14 Feb 2022 14:19:27 GMT
Link: <https://www.express-scripts.com/>; rel="canonical", <https://www.express-scripts.com/>; rel="shortlink" <https://www.express-scripts.com/>; rel="canonical", <https://www.express-scripts.com/>; rel="shortlink"
Permissions-Policy: interest-cohort=()
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Newrelic-App-Data: PxQFU1JaCgIJR1BSBAIOUlEIBgpASkE1VQBsEFlWR1NQEVAOXz0cIwdCXg4IPxdDUQMEPVRQVA4BExoDTFZRUARTFFIWCAcLAVYVTABNEVBVUwZUUVUKA1FcAgNTAgJESFdXXxEDPg==
X-Ua-Compatible: IE=edge
X-Vcap-Request-Id: 74156e54-f919-4022-4856-c5168737fe0c
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Transfer-Encoding: chunked

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 269ms
46ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500&display=swap&text=1234567890ABCDEFGHIJKLMONPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0%2C%2E%27%3B%5D%5B%3A%22%7B%7D%3E%3C%3F%2F%29%28%2A%26%5E%25%24%23%40%21%C2%A9%C2%AE%E2%84%A2%7E%60%7C%5C%3D%2D%2B%5F%E2%80%99%C2%AB%C2%BB%C2%BF%C2%A1%C3%81%C3%89%C3%8D%C3%93%C3%9A%C3%91%C3%9C%C3%A1%C3%A9%C3%AD%C3%B3%C3%BA%C3%B1%C3%BC

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4db8e8de80e0eb5430a4855a53889d9dfc7b0758ef3c760c84dbace74f032363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 14:27:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Feb 2022 14:27:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Feb 2022 14:27:14 GMT

GET
H2 200 css_CrAzfmDGVeFOp6ZcEYycJlYSVdtwLq8lR2XP85DcZhI.css
d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/ 7 KB
2 KB 27ms
8ms Stylesheet
text/css 2600:9000:21f3:1e00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/css_CrAzfmDGVeFOp6ZcEYycJlYSVdtwLq8lR2XP85DcZhI.css
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1e00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0ab0337e60c655e14ea7a65c118c9c26561255db702eaf254765cff390dc6612

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 12:35:01 GMT
content-encoding: gzip
last-modified: Tue, 08 Feb 2022 21:21:15 GMT
server: AmazonS3
age: 6734
etag: W/"f10a3d43fa457c24383aeee20049e540"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: HlzZmhhW_YtTt_D-nr6H5WITMFy3TlmR8GuXjjsWFBOfwqDYtA-8jA==

GET
H2 200 css_6cPAVWeZc_Ym0un6PkiDGSv1q1dfJCL0xokNBTGGXiQ.css
d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/ 485 KB
46 KB 29ms
10ms Stylesheet
text/css 2600:9000:21f3:1e00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/css_6cPAVWeZc_Ym0un6PkiDGSv1q1dfJCL0xokNBTGGXiQ.css
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1e00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e9c3c055679973f626d2e9fa3e4883192bf5ab575f2422f4c6890d0531865e24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 03:34:19 GMT
content-encoding: br
last-modified: Tue, 08 Feb 2022 21:14:51 GMT
server: AmazonS3
age: 39176
etag: W/"7e453628f7905037f2ba1ca43f6d96d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 8MomuG2-xOUn00AXjnyBga7R_EC_pGrxOTsKP4bO7DUD-DhBl9bbXA==

GET
H/1.1 200
OK redirect_login_overpanel.js Show response
www.express-scripts.com/themes/custom/dsf/js/dist/ 533 B
1 KB 212ms
116ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/themes/custom/dsf/js/dist/redirect_login_overpanel.js?r73tvz

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

d81f286a9e6132bbcabbfb9551eae08b1783da9b4ca6a242ab5f8a93a2da8f06

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding
Content-Length: 533
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 07 Feb 2022 19:16:18 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 14 Feb 2022 14:27:14 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 7e5a6316-311e-4d4d-769b-ca67f16941dc
Cache-Control: max-age=315360000
Etag: "62017002-215"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.express-scripts.com/core/assets/vendor/modernizr/ 7 KB
4 KB 304ms
111ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.11.7

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Connection: Keep-Alive
Vary: Accept-Encoding, Accept-Encoding
Content-Length: 3564
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 07 Feb 2022 19:16:13 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 14 Feb 2022 14:27:14 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: ba8665b9-b0e4-471b-7bf4-02bc0a516d62
Cache-Control: max-age=315360000
Etag: "62016ffd-1c42"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK modernizr-additional-tests.js Show response
www.express-scripts.com/core/misc/ 652 B
2 KB 312ms
118ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/core/misc/modernizr-additional-tests.js?v=3.11.7

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

9b7b5d56054f5bab6ea5dfd9472ceb900f406a8a35a3df5b17b606521a411a35

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding
Content-Length: 652
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 07 Feb 2022 19:16:14 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 14 Feb 2022 14:27:14 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 39ddfa6b-6cc0-4a68-69c2-c8badbcec8e9
Cache-Control: max-age=315360000
Etag: "62016ffe-28c"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK esi_ddl_schema_header.js Show response
www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/ 13 KB
5 KB 304ms
109ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/esi_ddl_schema_header.js?v=2.3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

b30ac9164fcafdb91f5bdc13895d25e694e01d213887b792833fdc00bbfbcd2e

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Connection: Keep-Alive
Vary: Accept-Encoding, Accept-Encoding
Content-Length: 4633
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 07 Feb 2022 19:16:17 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 14 Feb 2022 14:27:14 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: bbd4f7e0-864d-439f-4478-0c51044c50f1
Cache-Control: max-age=315360000
Etag: "62017001-33ab"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 launch-eab74f075d95.min.js Show response
assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/ 448 KB
117 KB 29ms
8ms Script
application/x-javascript 2a02:26f0:6c00:2b0::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/launch-eab74f075d95.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 95f31afd0332fd269465a774449c3257fe41718b391621e3c6dd5d704bfd317e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:14 GMT
content-encoding: gzip
last-modified: Fri, 11 Feb 2022 21:28:28 GMT
server: AkamaiNetStorage
etag: "af67598e2632e0be85e6b0d62414571c:1644614908.623605"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 119185
expires: Mon, 14 Feb 2022 15:27:14 GMT

GET
H2 200 js_54Z_ih2zwnH7CC60A5nu1fcuLfHAnnklNchdaZSH4ws.js Show response
d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/ 44 KB
16 KB 28ms
11ms Script
application/javascript 2600:9000:21f3:1e00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/js_54Z_ih2zwnH7CC60A5nu1fcuLfHAnnklNchdaZSH4ws.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1e00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7867f8a1db3c271fb082eb40399eed5f72e2df1c09e792535c85d699487e30b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 02:53:21 GMT
content-encoding: gzip
last-modified: Thu, 20 Jan 2022 21:32:39 GMT
server: AmazonS3
age: 41634
etag: W/"1514c0ae9e089379182abf21120e3efa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: KRKYL0eWDlI9kHIvv6B0ApbvE_xDAI2woLdJEn66CWNuOjVAYOlDJA==

GET
H2 200 js_XxiSxem5fIKphexcoYSLo7PDXvsc3rh0MmKqWM5HMlU.js Show response
d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/ 143 KB
47 KB 9ms
8ms Script
application/javascript 2600:9000:21f3:1e00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/js_XxiSxem5fIKphexcoYSLo7PDXvsc3rh0MmKqWM5HMlU.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1e00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5f1892c5e9b97c82a985ec5ca1848ba3b3c35efb1cdeb8743262aa58ce473255

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 08:22:09 GMT
content-encoding: br
last-modified: Tue, 08 Feb 2022 21:16:17 GMT
server: AmazonS3
age: 21906
etag: W/"c69b3c2b768ca3aadbb145e029702487"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 2OsSrJ2Y525C-FjAiAq8MHV3-qKNAUZZZMNwZ-n4Lq90dQ6QGqo3cg==

GET
H/1.1 200
OK esi_ddl_schema_footer.js Show response
www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/ 372 KB
134 KB 335ms
231ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/esi_ddl_schema_footer.js?v=2.3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

107bfc17e5d3b3d3226bad6c056b25bef80450863c6a4b7cbe71059217650d7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding, Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 07 Feb 2022 19:16:52 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 14 Feb 2022 14:27:14 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 002107db-0c14-4870-61a8-6ca780714ffc
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Etag: "62017024-5ce4d"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK satellite.js Show response
www.express-scripts.com/modules/contrib/esi_ddl_schema/js/ 25 B
930 B 231ms
115ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/modules/contrib/esi_ddl_schema/js/satellite.js?v=1.x

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

f83561d28369539e28ed8b4527479118dbd6af4b302ab2c7caca4fbf1f535381

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding
Content-Length: 25
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 07 Feb 2022 19:16:17 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 14 Feb 2022 14:27:14 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 14b7dedc-75c5-4bdc-71c8-2914c8dd38d9
Cache-Control: max-age=315360000
Etag: "62017001-19"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_QoqI9P8g8nXldPFTbMfcqkm_9Armq56b6f2eDfE3sr8.js Show response
d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/ 99 KB
26 KB 8ms
8ms Script
application/javascript 2600:9000:21f3:1e00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/js_QoqI9P8g8nXldPFTbMfcqkm_9Armq56b6f2eDfE3sr8.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:1e00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 428a88f4ff20f275e574f1536cc7dcaa49bff40ae6ab9e9be9fd9e0df137b2bf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 14:33:26 GMT
content-encoding: gzip
last-modified: Tue, 08 Feb 2022 21:16:41 GMT
server: AmazonS3
age: 86029
etag: W/"b59d38e5d8ab815584e0aec23a298d90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: xGRfRbkGb4C159NNPwe-bZT3ceqSRtm-N6RKP0i_vMWw6JJ2vxK_Fg==

GET
H2 200 font
fonts.gstatic.com/l/ 30 KB
30 KB 128ms
40ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/l/font?kit=iJWKBXyIfDnIV4nDv8iY8Ef9yK1Y6OO8ek4ccqniobR9CJmRUV4rwf-mb2EQuHEVB1C2kD8rf9t5D52cHWw1-O7znokAoH8736LabBXQd9L3q_Yr2YmdQ6E0A5_jovlI1poL33Dvy1mHnJCqZxkIXNClyzxV8zGElMl7Im1M93eE8hGh9n-U7eCgBRlvs6PLW2ZgM5n9XUtm1hGL3hzljqu_yo51gyE5nXEtkWhwBOxwOkZP7uwUm9OMuKulDIs_UaunCo1Jluj67WbTL1jikBgSGj5HktLgaSluveNjQxgBVZ4z6MJjV-3fdk3Ltxx8n_-MYs4tPC4HY04q37_HXcD3R7Cr4wdqY5oL6sJrn6mniLZS7EBTBRecwX32UuQD-fQ2N9wTuJOe1ZDXm0AbTdQ3MzS_kTQZGKkKbazGb-I&skey=cee854e66788286d&v=v18

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500&display=swap&text=1234567890ABCDEFGHIJKLMONPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0%2C%2E%27%3B%5D%5B%3A%22%7B%7D%3E%3C%3F%2F%29%28%2A%26%5E%25%24%23%40%21%C2%A9%C2%AE%E2%84%A2%7E%60%7C%5C%3D%2D%2B%5F%E2%80%99%C2%AB%C2%BB%C2%BF%C2%A1%C3%81%C3%89%C3%8D%C3%93%C3%9A%C3%91%C3%9C%C3%A1%C3%A9%C3%AD%C3%B3%C3%BA%C3%B1%C3%BC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f0dc611132a4691c54ce96a2ec08bc5bc7791a4c0b5dfaef9de2e3f3a6a43d39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sun, 13 Feb 2022 16:31:19 GMT
x-content-type-options: nosniff
age: 78955
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="font.woff2"; filename*=UTF-8''font.woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30220
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 19:16:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
expires: Sun, 13 Feb 2022 16:31:19 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
1 KB 116ms
32ms XHR
application/json 34.250.134.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=BCDA9CC055686E397F000101%40AdobeOrg&d_nsid=0&ts=1644848834408

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.250.134.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-134-201.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3b289efdffc72994ced4095747d5075ed4324153a680f8c17445c417add97778

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v027-029e195ca.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 1qAFaakQQAo=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.express-scripts.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 687
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ 33 KB
12 KB 8ms
7ms Script
application/x-javascript 2a02:26f0:6c00:2b0::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:14 GMT
content-encoding: gzip
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
server: AkamaiNetStorage
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12243
expires: Mon, 14 Feb 2022 15:27:14 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ 3 KB
2 KB 9ms
8ms Script
application/x-javascript 2a02:26f0:6c00:2b0::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:14 GMT
content-encoding: gzip
last-modified: Wed, 19 Jan 2022 22:18:27 GMT
server: AkamaiNetStorage
etag: "9355415074dbdbd216a19b61ce931ab2:1642630707.219535"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1599
expires: Mon, 14 Feb 2022 15:27:14 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 26ms
7ms Script
text/javascript 13.225.80.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-80.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 221
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 debe291145dc27044f50d04bac101cd8.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Mon, 14 Feb 2022 14:23:34 GMT
x-amz-cf-pop: FRA2-C2
content-length: 23872
x-amz-cf-id: 7nl8oUWwVPfMxMMG16xS1qZTnjs2WR_PQAL1-QYzFPnPpJc8tT_mzg==

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85ae621f97ae0e47dc5409c1ce197505bbfe6021b6381d1686463084a13913ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82250dc6a2179c77f937827f5bc063e133fe0349eac7655cf4beee2320656577

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK dest5.html Show response
expressscriptsholdingcompany.demdex.net/ Frame 9A76 7 KB
3 KB 121ms
31ms Document
text/html 3.248.86.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscriptsholdingcompany.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.86.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-86-91.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 14 Feb 2022 14:27:14 GMT
DCS: dcs-prod-irl1-1-v027-010f8de1e.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 19 Jan 2022 13:28:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: Kd9UYjK3RjI=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
expressscripts.sc.omtrdc.net/ 2 B
322 B 52ms
17ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscripts.sc.omtrdc.net/id?d_visid_ver=5.3.0&d_fieldgroup=A&mcorgid=BCDA9CC055686E397F000101%40AdobeOrg&mid=57755382996634480993481898005826480631&ts=1644848834535

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Feb 2022 14:27:14 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-cdfbd77b-6rb7x
vary: Origin
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YgpmwgAAAEzt2QQz
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=57761321009620757543484672550899062206
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YgpmwgAAAEzt2QQz

42 B
945 B

30ms
29ms

Image
image/gif

34.250.134.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YgpmwgAAAEzt2QQz

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Server

34.250.134.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-134-201.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v027-04a59c0b5.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: msDo4BHtSN8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YgpmwgAAAEzt2QQz
Date: Mon, 14 Feb 2022 14:27:14 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
expressscriptsholdin.tt.omtrdc.net/rest/v1/ 363 B
605 B 96ms
37ms XHR
application/json 52.18.193.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://expressscriptsholdin.tt.omtrdc.net/rest/v1/delivery?client=expressscriptsholdin&sessionId=af279221d54044aba932beec45ff00ef&version=2.6.1
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.193.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-193-194.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a9a085caeb4aac0d5f8a588b77216a5d297156ae66e90edd211a97360f4b885b

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 14 Feb 2022 14:27:14 GMT
content-encoding: gzip
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.express-scripts.com
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: 52452eec58bb1df5ec90c2eb2c09ff47

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 9A76
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_tc=
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEFIKSle1XWV9W_nMIjDjhXw&google_cver=1
https://pixel.everesttech.net/1x1

128 B
691 B

28ms
28ms

Image
image/png

34.246.234.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 34.246.234.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 14 Feb 2022 14:27:15 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b516-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 14 Feb 2022 14:27:15 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 9A76
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%2...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEA...
https://pixel.everesttech.net/1x1

128 B
796 B

29ms
29ms

Image
image/png

34.246.234.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 34.246.234.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 14 Feb 2022 14:27:15 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 14 Feb 2022 14:27:14 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK lazysizes.min.js Show response
www.express-scripts.com/libraries/lazysizes/ 8 KB
5 KB 118ms
117ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/libraries/lazysizes/lazysizes.min.js

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

6e61be2f374a0122510025578940baf7ef8dbbcaf3ecc5f5535cfc81bd1cfd39

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Connection: Keep-Alive
Vary: Accept-Encoding, Accept-Encoding
Content-Length: 4088
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 07 Feb 2022 19:16:17 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 14 Feb 2022 14:27:14 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 6fc76d75-cb77-406e-6b68-3b615985c0e2
Cache-Control: max-age=315360000
Etag: "62017001-1ed1"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 9A76
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%25...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D26...
https://pixel.everesttech.net/1x1

128 B
691 B

36ms
29ms

Image
image/png

34.246.234.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 34.246.234.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 14 Feb 2022 14:27:15 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 14 Feb 2022 14:27:15 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 s02524778718906
expressscripts.sc.omtrdc.net/b/ss/expresscomprod/1/JS-2.22.4-LBWB/ 43 B
220 B 18ms
18ms Ping
image/gif 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscripts.sc.omtrdc.net/b/ss/expresscomprod/1/JS-2.22.4-LBWB/s02524778718906?AQB=1&ndh=1&pf=1&t=14%2F1%2F2022%2014%3A27%3A14%201%200&sdid=6944F2897E00DF6E-267AD4EB5BBAC29D&mid=57755382996634480993481898005826480631&aamlh=6&ce=UTF-8&pageName=PageNotFound%3AESI&g=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-LightItalic.woff%27&cc=USD&ch=Pre-Login%20Landing%20Page&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=PageNotFound%3AESI&v1=PageNotFound%3AESI&v3=Launch&c23=ESIWeb&c37=www.express-scripts.com%2Fart%2Femail%2FAeonik-LightItalic.woff%27&v37=www.express-scripts.com%2Fart%2Femail%2FAeonik-LightItalic.woff%27&c43=1644848834821&c49=Drupal&c50=Homepage&v50=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-LightItalic.woff%27&v68=57755382996634480993481898005826480631&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=BCDA9CC055686E397F000101%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:14 GMT
x-content-type-options: nosniff
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 15 Feb 2022 14:27:14 GMT
server: jag
xserver: anedge-cdfbd77b-5qbnb
etag: 3532285976240455680-4619846756359053302
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
expires: Sun, 13 Feb 2022 14:27:14 GMT

GET
H2 200 nr-spa-1215.min.js Show response
js-agent.newrelic.com/ 47 KB
18 KB 22ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1215.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: zcmP9QP8YWQtiPZETZozJGQXbXQvWuWT
content-encoding: gzip
etag: "7e1862f7a390ed9fc02c299216395547"
x-amz-request-id: 0KA7PXHHARZ8QVCT
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 17465
x-amz-id-2: MbA+td3GafLd7T4d47uLv9VuXLw53QMYFrbqJ/XlbMx0w86EvH4yHOoF/nDDaxQNiTXeUtQ2hnI=
x-served-by: cache-hhn4061-HHN
last-modified: Mon, 24 Jan 2022 22:13:54 GMT
server: AmazonS3
x-timer: S1644848835.972283,VS0,VE0
date: Mon, 14 Feb 2022 14:27:14 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2828

GET
H2 200 / Show response
zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 93ms
70ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_3EtDzVv330Bnajr&Q_LOC=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-LightItalic.woff%27&t=1644848834955

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c31f0b8dc100c519c30c438dc45d7700625418a4f4a0d67ace5949d9f9cc961

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243528
cf-polished: origSize=8435
cf-ray: 6dd6f9e2ac8e9079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 6
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-DAYghc3D7izHf5g15MQsJV16IkI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 / Show response
zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 89ms
67ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_7QCHNY5hadKsvMV&Q_LOC=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-LightItalic.woff%27&t=1644848834955

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed4837f44e586a284c276e3ba4ad3d4690ea0fbda32c0e80da958b0ab3fd8a49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 397505
cf-polished: origSize=8435
cf-ray: 6dd6f9e29cc692a7-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-ostFu05VG+fm8NY62ot8sf/cBaY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 9A76
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpir...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2...
https://pixel.everesttech.net/1x1

128 B
691 B

50ms
29ms

Image
image/png

34.246.234.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 34.246.234.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 14 Feb 2022 14:27:15 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 14 Feb 2022 14:27:15 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK a73afcb621 Show response
bam-cell.nr-data.net/1/ 49 B
715 B 295ms
275ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/a73afcb621?a=1033945909&v=1215.1253ab8&to=ZFQGYRZTXUoEUUJRDl0eJVYQW1xXSkJXXwRsUgVWDFc%3D&rst=1433&ck=1&ref=https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff%27&qt=22&ap=39&be=523&fe=1403&dc=1281&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1644848833551,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:99,%22ce%22:300,%22rq%22:300,%22rp%22:419,%22rpe%22:615,%22dl%22:423,%22di%22:1277,%22ds%22:1277,%22de%22:1285,%22dc%22:1402,%22l%22:1402,%22le%22:1405%7D,%22navigation%22:%7B%7D%7D&fp=929&fcp=929&at=SBMFF15JTkQ%3D&jsonp=NREUM.setToken
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 14 Feb 2022 14:27:15 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6dd6f9e2e94190a3-FRA

GET
H2 200 11.00f5dbb614ff0ba9bcba.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 57 KB
18 KB 49ms
49ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/11.00f5dbb614ff0ba9bcba.chunk.js?Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&Q_BRANDID=www.express-scripts.com

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cae995b0ab65bfc285051cc7adeab246869ed0aa88fe016b17764f2612d7cd4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 476896
cf-polished: origSize=59349
cf-ray: 6dd6f9e30daa9079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 31 Jan 2022 18:42:52 GMT
server: cloudflare
etag: W/"e7d5-17eb17267e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 9A76
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fv...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggyb...
https://pixel.everesttech.net/1x1

128 B
691 B

29ms
29ms

Image
image/png

34.246.234.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 34.246.234.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 14 Feb 2022 14:27:15 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 14 Feb 2022 14:27:15 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 11 KB
2 KB 189ms
188ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_7QCHNY5hadKsvMV&Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b76f2155818d5d2d98d6c7b2e89aee7e824ecfa7333ec2eb3f52ec0dffad97b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 11
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: 1648d6f74d076bd5
cf-ray: 6dd6f9e36e6e9079-FRA

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 3 KB
1 KB 151ms
151ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3EtDzVv330Bnajr&Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9869c68cb232d1641aefee70d0b767bc4edddca81f04355808cfab205092eac1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 5
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: d65874e5faa18134
cf-ray: 6dd6f9e36e749079-FRA

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 9A76
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWdwbXdnQUFBRXp0MlFReg&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_...
https://pixel.everesttech.net/1x1

128 B
691 B

30ms
29ms

Image
image/png

34.246.234.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 34.246.234.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 14 Feb 2022 14:27:15 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b51f-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 14 Feb 2022 14:27:15 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9458fde8fcfcf7cd851aee40e681fa944f69f0c14337bfd737bb070966f0e19b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 101 KB
31 KB 49ms
49ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b60af31f4402255b9fe3e40e493adfde0b7fdb8a71891151c04c51ca788e79eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 476875
cf-polished: origSize=103870
cf-ray: 6dd6f9e4a8e29079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 16
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 31 Jan 2022 18:42:52 GMT
server: cloudflare
etag: W/"195be-17eb17267e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 4.806f08f742b81afc3693.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
897 B 73ms
72ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/4.806f08f742b81afc3693.chunk.js?Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6fd7d505ec3dda45209f6209743f6288de77545d256a2808c019e13d948896b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 476894
cf-polished: origSize=2539
cf-ray: 6dd6f9e51a0c9079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 17
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 31 Jan 2022 18:42:52 GMT
server: cloudflare
etag: W/"9eb-17eb17267e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 1.7f19def3b50f19a5628c.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
6 KB 49ms
48ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.7f19def3b50f19a5628c.chunk.js?Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a75101f8884d477aa9a48ce8a3313de35f4d0e0d6a06c7613800828d2c4d6081

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 476894
cf-polished: origSize=29269
cf-ray: 6dd6f9e51a159079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 17
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 31 Jan 2022 18:42:52 GMT
server: cloudflare
etag: W/"7255-17eb17267e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 64 KB
23 KB 49ms
49ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 476865
cf-polished: origSize=66052
cf-ray: 6dd6f9e51a169079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 31 Jan 2022 18:42:52 GMT
server: cloudflare
etag: W/"10204-17eb17267e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 EmbeddedTargetModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 7 KB
3 KB 50ms
50ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 476603
cf-polished: origSize=8462
cf-ray: 6dd6f9e51a199079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 31 Jan 2022 18:42:52 GMT
server: cloudflare
etag: W/"210e-17eb17267e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 LinkModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
904 B 63ms
63ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/LinkModule.js?Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 476607
cf-polished: origSize=2547
cf-ray: 6dd6f9e51a1a9079-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 31 Jan 2022 18:42:52 GMT
server: cloudflare
etag: W/"9f3-17eb17267e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 56ms
38ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_87gv7D6QVcbj04B&Version=17&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b55ef56d8f298f75bdd35d5a8376840f7df2794b6762987b23b620c8a6dc242

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 320817
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 14
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 10 Feb 2022 21:20:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Sun, 08 Feb 2032 21:20:18 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6dd6f9e53a698fd0-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
722 B 67ms
50ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_aXGRHT9deChbnUO&Version=7&Q_InterceptID=SI_87gv7D6QVcbj04B&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac6769aeda5a8b002e699c70ac13539a4d32ba0ed1736f7cfff0d863e6f5fe04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 93209
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 12
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 13 Feb 2022 12:33:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Wed, 11 Feb 2032 12:33:46 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6dd6f9e53a6d8fd0-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 16 KB
2 KB 238ms
221ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_eznJ7JJ2gtxcty5&Version=9&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

525c8e3edad21c44cbfb3de556490dd233c83965d0c586e5d6b1fdd77e2bd8ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 44250
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 14
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 14 Feb 2022 02:09:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Thu, 12 Feb 2032 02:09:45 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6dd6f9e53a6c8fd0-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 220 B
290 B 78ms
61ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_7aEyhXOE6dHOF8x&Version=4&Q_InterceptID=SI_eznJ7JJ2gtxcty5&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1afdfe6ce4ad01e843007105d64d70468158c7a43c6944718922ffb7dc6169eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 217916
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 18
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 12 Feb 2022 01:55:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Tue, 10 Feb 2032 01:55:19 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6dd6f9e53a6b8fd0-FRA
servershortname

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
215 B 233ms
232ms XHR
text/plain 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_aXGRHT9deChbnUO&Q_SIID=SI_87gv7D6QVcbj04B&Q_ASID=AS_3KIqEDWJ9XmKaix&Q_CLIENTVERSION=1.66.0&Q_CLIENTTYPE=web&r=1644848835628

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: a920d6b6a26cdf9e
cf-ray: 6dd6f9e6ae9c8fd0-FRA

GET
H2 200 wr-dialog-close-btn-white.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 254 B
604 B 61ms
61ms Image
image/png 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 14:27:15 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1751556
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time: 7
cf-bgj: imgq:85,h2pri
vary: Accept-Encoding
content-length: 254
accept-ranges: bytes
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jan 2022 17:59:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=315360000, public
trace-id: 180683539c906c04
cf-ray: 6dd6f9e6ae609079-FRA
servershortname
expires: Fri, 23 Jan 2032 07:54:39 GMT

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.express-scripts.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 05:13:20	Name: demdex Value: 57761321009620757543484672550899062206
.express-scripts.com/	1969-12-31 23:59:59	Name: AMCVS_BCDA9CC055686E397F000101%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 09:39:44	Name: everest_g_v2 Value: g_surferid~YgpmwgAAAEzt2QQz
.express-scripts.com/	1970-01-20 18:28:13	Name: mbox Value: session#af279221d54044aba932beec45ff00ef#1644850695\|PC#af279221d54044aba932beec45ff00ef.37_0#1708093635
.dpm.demdex.net/	1970-01-20 05:13:20	Name: dpm Value: 57761321009620757543484672550899062206
.express-scripts.com/	1970-01-20 18:25:20	Name: AMCV_BCDA9CC055686E397F000101%40AdobeOrg Value: -2121179033%7CMCIDTS%7C19038%7CMCMID%7C57755382996634480993481898005826480631%7CMCAAMLH-1645453634%7C6%7CMCAAMB-1645453634%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1644856034s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19045%7CvVersion%7C5.3.0
.express-scripts.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.everesttech.net/	1970-01-20 01:38:47	Name: ev_sync_ax Value: 20220214
.doubleclick.net/	1970-01-20 10:15:44	Name: IDE Value: AHWqTUn44NGYrLu9_-ISDMMrETCWnfEC87TZcY-J9AABc_YBze6v808lFjMgvq_5dtI
.everesttech.net/	1969-12-31 23:59:59	Name: everest_session_v2 Value: YgpmwwAABKSzqn0b
.demdex.net/	1970-01-20 05:13:20	Name: dextp Value: 1083-1-1644848834670\|1085-1-1644848834771\|1086-1-1644848834872\|1087-1-1644848834973\|1088-1-1644848835074\|19913-1-1644848835174
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: e1c5e23d6a68a15d

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network	error	URL: https://www.express-scripts.com/art/email/Aeonik-LightItalic.woff' Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: .express-scripts.com d1sasz49lqpqtq.cloudfront.net .qualtrics.com .omtrdc.net .demdex.net .googlesyndication.com .instagram.com .linkedin.com px.ads.linkedin.com snap.licdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1sasz49lqpqtq.cloudfront.net .adobedtm.com .fontawesome.com .qualtrics.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .google.com .gstatic.com .facebook.net .ads-twitter.com .twitter.com .brightcove.com .brightcove.net vjs.zencdn.net .s3.amazonaws.com snap.licdn.com .googletagmanager.com .express-scripts.com activitymap.adobe.com .branch.io app.link js-agent.newrelic.com bam-cell.nr-data.net insight.adsrvr.org .facebook.com .twitter.com .linkedin.com px.ads.linkedin.com snap.licdn.com; object-src 'self' .s3.amazonaws.com .brightcove.net d1sasz49lqpqtq.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com .express-scripts.com .cloudflare.com .fontawesome.com .s3.amazonaws.com d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com; img-src 'self' data: .qualtrics.com .omtrdc.net expressscripts.sc.omtrdc.net .everesttech.net .demdex.net .facebook.com t.co .s3.amazonaws.com .brightcove.com .prod.boltdns.net .google.com openbadges.blob.core.windows.net d1sasz49lqpqtq.cloudfront.net .express-scripts.com .llnwd.net .linkedin.com .doubleclick.net .branch.io .adsrvr.org .googletagmanager.com .addthis.com .pinsightmedia.com .mookie1.com .advertising.com .scorecardresearch.com .linksynergy.com .casalemedia.com .insightexpressai.com .media6degrees.com .analytics.yahoo.com mid.rkdms.com match.sync.ad.cpe.dotomi.com aa.agkn.com ib.adnxs.com io.narrative.io cm.pos.baidu.com x.bidswitch.net tags.bluekai.com cs.adingo.jp ml314.com loadm.exelator.com global.ib-ibi.com ckm.iqiyi.com usermatch.krxd.net i.liadm.com idsync.rlcdn.com simage2.pubmatic.com e.nexac.com cm.mediav.com pixel.rubiconproject.com uipglob.semasio.net match.sharethrough.com s.thebrighttag.com eb2.3lift.com pixel.tapad.com cm.l.qq.com dmp.truoptik.com c.yes.youku.com; media-src 'self' blob: .express-scripts.com .s3.amazonaws.com .brightcove.com .prod.boltdns.net d1sasz49lqpqtq.cloudfront.net .akamaihd.net; frame-src 'self' .s3.amazonaws.com .qualtrics.com .youtube.com .omtrdc.net .demdex.net .google.com d1sasz49lqpqtq.cloudfront.net .fls.doubleclick.net activitymap.adobe.com .omniture.com .facebook.com; child-src 'self' blob: .express-scripts.com .s3.amazonaws.com .youtube.com d1sasz49lqpqtq.cloudfront.net; font-src 'self' data: .express-scripts.com fonts.googleapis.com fonts.gstatic.com .s3.amazonaws.com .amazonaws.com d1sasz49lqpqtq.cloudfront.net; connect-src 'self' .express-scripts.com .qualtrics.com .adobedtm.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .brightcove.com .prod.boltdns.net .akamaihd.net d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com .llnwd.net .mktoresp.com di-tag.express-scripts.com .branch.io app.link wss://.express-scripts.com bam-cell.nr-data.net .cigna.com default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
bam-cell.nr-data.net
cdn.branch.io
cm.everesttech.net
cm.g.doubleclick.net
d1sasz49lqpqtq.cloudfront.net
dpm.demdex.net
expressscripts.sc.omtrdc.net
expressscriptsholdin.tt.omtrdc.net
expressscriptsholdingcompany.demdex.net
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
pixel.everesttech.net
siteintercept.qualtrics.com
www.express-scripts.com
zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com
zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com
104.17.208.240
104.17.209.240
13.225.80.80
142.250.186.98
15.236.176.210
151.101.2.137
162.247.243.146
167.211.52.57
2600:9000:21f3:1e00:8:7fec:8380:21
2a00:1450:4001:803::200a
2a00:1450:4001:812::2003
2a02:26f0:6c00:2b0::1e80
3.248.86.91
34.246.234.200
34.248.191.66
34.250.134.201
52.18.193.194
055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873
0ab0337e60c655e14ea7a65c118c9c26561255db702eaf254765cff390dc6612
107bfc17e5d3b3d3226bad6c056b25bef80450863c6a4b7cbe71059217650d7a
1afdfe6ce4ad01e843007105d64d70468158c7a43c6944718922ffb7dc6169eb
1b76f2155818d5d2d98d6c7b2e89aee7e824ecfa7333ec2eb3f52ec0dffad97b
3b289efdffc72994ced4095747d5075ed4324153a680f8c17445c417add97778
3c31f0b8dc100c519c30c438dc45d7700625418a4f4a0d67ace5949d9f9cc961
428a88f4ff20f275e574f1536cc7dcaa49bff40ae6ab9e9be9fd9e0df137b2bf
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4b55ef56d8f298f75bdd35d5a8376840f7df2794b6762987b23b620c8a6dc242
4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95
4db8e8de80e0eb5430a4855a53889d9dfc7b0758ef3c760c84dbace74f032363
525c8e3edad21c44cbfb3de556490dd233c83965d0c586e5d6b1fdd77e2bd8ce
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
5f1892c5e9b97c82a985ec5ca1848ba3b3c35efb1cdeb8743262aa58ce473255
6e61be2f374a0122510025578940baf7ef8dbbcaf3ecc5f5535cfc81bd1cfd39
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
82250dc6a2179c77f937827f5bc063e133fe0349eac7655cf4beee2320656577
85ae621f97ae0e47dc5409c1ce197505bbfe6021b6381d1686463084a13913ce
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353
9458fde8fcfcf7cd851aee40e681fa944f69f0c14337bfd737bb070966f0e19b
95f31afd0332fd269465a774449c3257fe41718b391621e3c6dd5d704bfd317e
9869c68cb232d1641aefee70d0b767bc4edddca81f04355808cfab205092eac1
9b7b5d56054f5bab6ea5dfd9472ceb900f406a8a35a3df5b17b606521a411a35
a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
a75101f8884d477aa9a48ce8a3313de35f4d0e0d6a06c7613800828d2c4d6081
a9a085caeb4aac0d5f8a588b77216a5d297156ae66e90edd211a97360f4b885b
ac6769aeda5a8b002e699c70ac13539a4d32ba0ed1736f7cfff0d863e6f5fe04
b30ac9164fcafdb91f5bdc13895d25e694e01d213887b792833fdc00bbfbcd2e
b60af31f4402255b9fe3e40e493adfde0b7fdb8a71891151c04c51ca788e79eb
b6fd7d505ec3dda45209f6209743f6288de77545d256a2808c019e13d948896b
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
cae995b0ab65bfc285051cc7adeab246869ed0aa88fe016b17764f2612d7cd4b
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4
d81f286a9e6132bbcabbfb9551eae08b1783da9b4ca6a242ab5f8a93a2da8f06
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66
e7867f8a1db3c271fb082eb40399eed5f72e2df1c09e792535c85d699487e30b
e9c3c055679973f626d2e9fa3e4883192bf5ab575f2422f4c6890d0531865e24
ec99eaf3e4e7deccf349af3a7da0aff58ce5b191782360bb830968e06f82a4a9
ed4837f44e586a284c276e3ba4ad3d4690ea0fbda32c0e80da958b0ab3fd8a49
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0dc611132a4691c54ce96a2ec08bc5bc7791a4c0b5dfaef9de2e3f3a6a43d39
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f83561d28369539e28ed8b4527479118dbd6af4b302ab2c7caca4fbf1f535381

www.express-scripts.com Open in urlscan Pro 167.211.52.57 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

86 %HTTPS

24 %IPv6

13 Domains

18 Subdomains

16 IPs

5 Countries

643 kBTransfer

2245 kBSize

13 Cookies

4 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

www.express-scripts.com Open in urlscan Pro
167.211.52.57 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

86 %
HTTPS

24 %
IPv6

13
Domains

18
Subdomains

16
IPs

5
Countries

643 kB
Transfer

2245 kB
Size

13
Cookies

50 HTTP transactions
3 data transactions