www.express-scripts.com Open in urlscan Pro
167.211.52.57 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Submission: On September 30 via manual (September 30th 2021, 4:21:04 pm UTC) from US — Scanned from DE

Summary HTTP 64 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 14 domains to perform 64 HTTP transactions. The main IP is 167.211.52.57, located in United States and belongs to EXPRES, US. The main domain is www.express-scripts.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on August 19th 2021. Valid for: a year.

This is the only time www.express-scripts.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	167.211.52.57 167.211.52.57	5696 (EXPRES) (EXPRES)
5	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.171.163.246 54.171.163.246	16509 (AMAZON-02) (AMAZON-02)
1	13.33.242.110 13.33.242.110	16509 (AMAZON-02) (AMAZON-02)
3 5	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1	142.250.186.168 142.250.186.168	15169 (GOOGLE) (GOOGLE)
9 11	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	52.210.87.143 52.210.87.143	16509 (AMAZON-02) (AMAZON-02)
2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1	54.76.43.77 54.76.43.77	16509 (AMAZON-02) (AMAZON-02)
6 12	34.243.196.142 34.243.196.142	16509 (AMAZON-02) (AMAZON-02)
9 9	34.248.191.66 34.248.191.66	16509 (AMAZON-02) (AMAZON-02)
4	151.101.66.217 151.101.66.217	54113 (FASTLY) (FASTLY)
1	76.223.31.44 76.223.31.44	16509 (AMAZON-02) (AMAZON-02)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	162.247.242.21 162.247.242.21	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
2	54.236.93.196 54.236.93.196	14618 (AMAZON-AES) (AMAZON-AES)
64	19

10 167.211.52.57 (United States)

ASN5696 (EXPRES, US)

www.express-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.232.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.163.246 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.242.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-242-110.hel50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.102 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

11003711.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.185.66 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.87.143 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-87-143.eu-west-1.compute.amazonaws.com

expressscriptsholdingcompany.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

expressscripts.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.43.77 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-43-77.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.243.196.142 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-196-142.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.248.191.66 (Dublin, Ireland) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-191-66.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.66.217 (United States)

ASN54113 (FASTLY, US)

app.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.31.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: a1370dc23e25e46ce.awsglobalaccelerator.com

clientstream.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.21 (United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-9.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.236.93.196 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-93-196.compute-1.amazonaws.com

events.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	qualtrics.com zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com siteintercept.qualtrics.com	101 KB
21	everesttech.net cm.everesttech.net Failed pixel.everesttech.net	10 KB
14	doubleclick.net 12 redirects 11003711.fls.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net	3 KB
10	express-scripts.com www.express-scripts.com	1 MB
7	launchdarkly.com app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com	4 KB
5	adobedtm.com assets.adobedtm.com	99 KB
2	nr-data.net bam.nr-data.net	512 B
2	omtrdc.net expressscripts.sc.omtrdc.net	565 B
2	google.com adservice.google.com	711 B
2	demdex.net dpm.demdex.net expressscriptsholdingcompany.demdex.net	5 KB
1	newrelic.com js-agent.newrelic.com	15 KB
1	adsrvr.org insight.adsrvr.org	261 B
1	googletagmanager.com www.googletagmanager.com	37 KB
1	branch.io cdn.branch.io	24 KB
64	14

	Domain	Requested by
19	siteintercept.qualtrics.com	www.express-scripts.com
12	pixel.everesttech.net	6 redirects www.express-scripts.com
10	www.express-scripts.com	www.express-scripts.com
9	cm.g.doubleclick.net	9 redirects
9	cm.everesttech.net	www.express-scripts.com
5	assets.adobedtm.com	www.express-scripts.com
4	app.launchdarkly.com	www.express-scripts.com
3	11003711.fls.doubleclick.net	1 redirects www.express-scripts.com
2	events.launchdarkly.com	www.express-scripts.com
2	bam.nr-data.net	www.express-scripts.com
2	ad.doubleclick.net	2 redirects
2	expressscripts.sc.omtrdc.net	www.express-scripts.com assets.adobedtm.com
2	adservice.google.com	11003711.fls.doubleclick.net www.express-scripts.com
1	zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com	www.express-scripts.com
1	zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com	www.express-scripts.com
1	js-agent.newrelic.com	www.express-scripts.com
1	clientstream.launchdarkly.com	www.express-scripts.com
1	insight.adsrvr.org	www.express-scripts.com
1	expressscriptsholdingcompany.demdex.net	www.express-scripts.com
1	www.googletagmanager.com	www.express-scripts.com
1	cdn.branch.io	www.express-scripts.com
1	dpm.demdex.net	www.express-scripts.com
64	22

This site contains links to these domains. Also see Links.

Domain
www.accredo.com
insiderx.com
www.fda.gov
jobs.cigna.com

Subject Issuer	Validity	Valid
www.express-scripts.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-08-19` - `2022-09-19`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-10-29` - `2021-11-29`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.tmogul.com Amazon	`2021-07-16` - `2022-08-14`	a year	crt.sh
app.launchdarkly.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
clientstream.launchdarkly.com Amazon	`2021-09-21` - `2022-10-19`	a year	crt.sh
*.newrelic.com R3	`2021-09-17` - `2021-12-16`	3 months	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2020-10-26` - `2021-11-26`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
events.launchdarkly.com Amazon	`2021-09-19` - `2022-10-17`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Frame ID: C902F12E564013517FDDD0C8FE84A6CB
Requests: 53 HTTP requests in this frame

Frame: https://11003711.fls.doubleclick.net/activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418
Frame ID: 70EA58969E7EF8D266485427CECCBF56
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418;~oref=https://www.express-scripts.com/
Frame ID: B39BFADCD7784D90E3BA5C0FBDB3F330
Requests: 1 HTTP requests in this frame

Frame: https://expressscriptsholdingcompany.demdex.net/dest5.html?d_nsid=0
Frame ID: EA68EF466CA20454832E9F76314B4356
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Express Scripts

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

64
Requests

98 %
HTTPS

0 %
IPv6

14
Domains

22
Subdomains

19
IPs

5
Countries

1559 kB
Transfer

4439 kB
Size

13
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.accredo.com/
Title: Accredo Log In

Search URL Search Domain Scan URL

URL: https://insiderx.com/?source=expressscripts
Title: Inside RX

Search URL Search Domain Scan URL

URL: https://www.fda.gov/ForConsumers/ConsumerUpdates/ucm101653.htm
Title: Disposal of Medications

Search URL Search Domain Scan URL

URL: https://jobs.cigna.com/
Title: Careers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://11003711.fls.doubleclick.net/activityi;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418 HTTP 302
https://11003711.fls.doubleclick.net/activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418

Request Chain 18

https://ad.doubleclick.net/activity;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=754705060.1633018858;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080 HTTP 302
https://ad.doubleclick.net/activity;dc_pre=COv84aeNp_MCFXgQBgAdphUJuQ;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=754705060.1633018858;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080 HTTP 302
https://adservice.google.com/ddm/fls/z/dc_pre=COv84aeNp_MCFXgQBgAdphUJuQ;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080

Request Chain 22

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFBVnJETm1xZw&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WVZYajZnQUFBSVRpVVFRcA HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 23

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFCUjZAS0ZiZA&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WVZYajZnQUFBRVctUXdRRQ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 24

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFCQW5GOWtOQA&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WVZYajZnQUFBTU5QSEFRQQ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 25

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFCWVlUdURPQA&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 26

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFBTU5QSEFRQQ&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 35

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFBTU5QSEFRQQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

64 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login Show response
www.express-scripts.com/ 31 KB
16 KB 633ms
236ms Document
text/html 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

a7f487a76954fd345b1786227eb8403c4ecf53d7d5b24b792b1a16a4eeff987e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.express-scripts.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Content-Type: text/html; charset=utf-8
Date: Thu, 30 Sep 2021 16:20:57 GMT
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Vcap-Request-Id: c1448589-b5a7-4fba-43eb-76d945741e0a
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Transfer-Encoding: chunked

GET
H/1.1 200
OK framework.e28acfee.css
www.express-scripts.com/frontend/consumer-login-ui/assets/css/ 13 KB
6 KB 120ms
119ms Stylesheet
text/css 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/framework.e28acfee.css

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

7f07fba3246e88d3ee93d416d967314959440c0aa154eebd9b5166719019f841

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 29 Jul 2021 15:17:30 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 30 Sep 2021 16:20:57 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
X-Vcap-Request-Id: d192a921-ccec-4ad4-62e5-802a6e562a34
Cache-Control: max-age=172800 public, no-transform
Transfer-Encoding: chunked
Etag: W/"6102c68a-bad"
Expires: Sat, 02 Oct 2021 16:20:57 GMT

GET
H/1.1 200
OK app.8ab3fae7.css
www.express-scripts.com/frontend/consumer-login-ui/assets/css/ 619 KB
153 KB 272ms
151ms Stylesheet
text/css 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

a55d734d45c5a948d2401fac5db9f9a611f6fe19b5340521239c1dd05a4ef46a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 29 Jul 2021 15:17:36 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 30 Sep 2021 16:20:57 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: text/css
X-Vcap-Request-Id: df3b1bb5-df97-4a91-44f3-4744bc37e696
Cache-Control: max-age=172800 public, no-transform
Transfer-Encoding: chunked
Etag: W/"6102c690-1917d"
Expires: Sat, 02 Oct 2021 16:20:57 GMT

GET
H2 200 launch-eab74f075d95.min.js Show response
assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/ 339 KB
83 KB 54ms
12ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/launch-eab74f075d95.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ae6891ae65eae4b6580f8c9467867e1d990a684bc2cbe5b4e55370ffefa19530

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:57 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 20:15:55 GMT
server: AkamaiNetStorage
etag: "9c13e7d12a469383b4116eb4831b2892:1632946555.535163"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 84794
expires: Thu, 30 Sep 2021 17:20:57 GMT

GET
H/1.1 200
OK framework.c7560572.js Show response
www.express-scripts.com/frontend/consumer-login-ui/assets/js/ 2 MB
628 KB 297ms
229ms Script
application/x-javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/js/framework.c7560572.js

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

f6ab27b955d51a00cb1e4f5083d102c38513d03683799c525c03a08707075f82

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 29 Jul 2021 15:17:30 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 30 Sep 2021 16:20:57 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-javascript
X-Vcap-Request-Id: a1935f4c-f6b4-4f57-6dda-c997d70ae367
Cache-Control: max-age=172800 public, no-transform
Transfer-Encoding: chunked
Etag: W/"6102c68a-69f44"
Expires: Sat, 02 Oct 2021 16:20:57 GMT

GET
H/1.1 200
OK react.c7560572.js Show response
www.express-scripts.com/frontend/consumer-login-ui/assets/js/ 127 KB
56 KB 134ms
134ms Script
application/x-javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/js/react.c7560572.js

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

5e8ebc856dedb6eaf5a2054e7b008c6d8310888c85eb0a10dcd203c4521509ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 29 Jul 2021 15:17:30 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 30 Sep 2021 16:20:58 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-javascript
X-Vcap-Request-Id: b5821521-c72f-4b93-7f10-46907e7aa2ab
Cache-Control: max-age=172800 public, no-transform
Transfer-Encoding: chunked
Etag: W/"6102c68a-970c"
Expires: Sat, 02 Oct 2021 16:20:58 GMT

GET
H/1.1 200
OK app.c7560572.js Show response
www.express-scripts.com/frontend/consumer-login-ui/assets/js/ 1013 KB
343 KB 236ms
236ms Script
application/x-javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/js/app.c7560572.js

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

28403a5e48d210665505fcfe641e40d585dc274d1d5f92efe9698009dc9a8e3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Cookie: AMCV_BCDA9CC055686E397F000101%40AdobeOrg=-1124106680%7CMCIDTS%7C18901%7CvVersion%7C5.2.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 29 Jul 2021 15:17:30 GMT
X-Frame-Options: SAMEORIGIN
Date: Thu, 30 Sep 2021 16:20:58 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/x-javascript
X-Vcap-Request-Id: 13144fc7-5a8f-41d6-52b3-d9ffe01969ed
Cache-Control: max-age=172800 public, no-transform
Transfer-Encoding: chunked
Etag: W/"6102c68a-36a65"
Expires: Sat, 02 Oct 2021 16:20:58 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
1 KB 171ms
43ms XHR
application/json 54.171.163.246
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=BCDA9CC055686E397F000101%40AdobeOrg&d_nsid=0&ts=1633018858258

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.163.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

Software

Resource Hash

2a45e5282a5714b814916f1bd685db999b6d1572b8afe30e6a616925252c32ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v018-011be732a.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: TCapWfhuRC0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.express-scripts.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 686
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/ 33 KB
12 KB 8ms
7ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:58 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 21:04:01 GMT
server: AkamaiNetStorage
etag: "4635bffccc756e9a52eae8011adb9137:1629320641.842128"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12188
expires: Thu, 30 Sep 2021 17:20:58 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/ 3 KB
2 KB 8ms
8ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0821bd2158b7c2d4165a43a999f30fdc1dc977c6f216ae950298b0237189c0e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:58 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 21:04:02 GMT
server: AkamaiNetStorage
etag: "8b210658d66894c896047ae490138f1c:1629320642.068491"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1593
expires: Thu, 30 Sep 2021 17:20:58 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 124ms
35ms Script
text/javascript 13.33.242.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.242.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-242-110.hel50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1f23d8732d8e2a4f2e983d5bf52c680226ec20d3b3453a7d8de4ef4e28aa7a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: JY0psBu036ThLrIRNRIc72jv8LxR45nr
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 21:28:14 GMT
server: AmazonS3
age: 184
etag: "494b4c270c41c5456742136e682b1007"
x-edge-origin-shield-skipped: 0
content-type: text/javascript
via: 1.1 228e9f9ffd3a938a52da99b2c67d587f.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Thu, 30 Sep 2021 16:17:55 GMT
x-cache: Hit from cloudfront
x-amz-cf-pop: HEL50-C1
content-length: 23861
x-amz-cf-id: 7xdLCpSM3onX_z8Xvj-A4IF7HdOeuyuW0GPG_HK0EnYhaEN43rbQNg==

GET
H2 200 RC85abe1d5a1f8403ab785b4a8c91097b3-source.min.js Show response
assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/a8d3c28663e9/ 1 KB
997 B 7ms
7ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/a8d3c28663e9/RC85abe1d5a1f8403ab785b4a8c91097b3-source.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99789b8b13b5911f4daf627828c7223f4379ecbba4e65d1b718b49347b1ca17b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:58 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 20:15:56 GMT
server: AkamaiNetStorage
etag: "a90ae9ecba2607a25357b6fafe9e96c0:1632946556.240015"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 726
expires: Thu, 30 Sep 2021 17:20:58 GMT

GET
H2

200

activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_... Show response
11003711.fls.doubleclick.net/ Frame 70EA
Redirect Chain

https://11003711.fls.doubleclick.net/activityi;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGD...
https://11003711.fls.doubleclick.net/activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgd...

577 B
605 B

19ms
19ms

Document
text/html

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11003711.fls.doubleclick.net/activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418?

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

7d2a4108cc6b839da6be122e30361d4b1a44170d9e6c11cbff1a69f34a945fe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 11003711.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.express-scripts.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 30 Sep 2021 16:20:58 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 428
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 30-Sep-2021 16:35:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 30 Sep 2021 16:20:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://11003711.fls.doubleclick.net/activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 RC01770bd976f749859c1d55ae1a6df18a-source.min.js Show response
assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/a8d3c28663e9/ 1 KB
962 B 7ms
7ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/a8d3c28663e9/RC01770bd976f749859c1d55ae1a6df18a-source.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 92d5bd540058caec4d86efe7040ceebe1d01e867a0c5cc7ec9d2114a92083175

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:58 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 20:15:56 GMT
server: AkamaiNetStorage
etag: "a90ae9ecba2607a25357b6fafe9e96c0:1632946556.240015"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 691
expires: Thu, 30 Sep 2021 17:20:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 72ms
31ms Script
application/javascript 142.250.186.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11003711

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3316a63539c9717a12b5a268f9020a5b3b1438fe59dda6dfe685edb6b090268

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:58 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37517
x-xss-protection: 0
last-modified: Thu, 30 Sep 2021 15:37:07 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Sep 2021 16:20:58 GMT

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;g... Frame B39B 194 B
648 B 42ms
19ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418;~oref=https://www.express-scripts.com/

Requested by

Host: 11003711.fls.doubleclick.net
URL: https://11003711.fls.doubleclick.net/activityi;dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CMus26eNp_MCFQ2XUQod6QwBcQ;src=11003711;type=expre0;cat=expre008;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;xx=$%7BGDPR%7Dgdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5989195751855.418;~oref=https://www.express-scripts.com/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://11003711.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11003711.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 30 Sep 2021 16:20:58 GMT
expires: Thu, 30 Sep 2021 16:20:58 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dest5.html Show response
expressscriptsholdingcompany.demdex.net/ Frame EA68 7 KB
3 KB 139ms
32ms Document
text/html 52.210.87.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscriptsholdingcompany.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.210.87.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-210-87-143.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: expressscriptsholdingcompany.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.express-scripts.com/
Accept-Encoding: gzip, deflate, br
Cookie: demdex=21791521004262689871133524422709263796
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Thu, 30 Sep 2021 16:20:58 GMT
DCS: dcs-prod-irl1-1-v018-01743d76c.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 23 Sep 2021 11:49:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: QpDVNEG2TW0=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
expressscripts.sc.omtrdc.net/ 2 B
322 B 55ms
16ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscripts.sc.omtrdc.net/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=BCDA9CC055686E397F000101%40AdobeOrg&mid=21762982531278759541131866431526896125&ts=1633018858439

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Sep 2021 16:20:58 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-567564d5d5-vm2qg
vary: Origin
x-c: main-1531.I2ae8be.M0-520
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET dd
cm.everesttech.net/cm/ 0
0

GET
H3

200

dc_pre=COv84aeNp_MCFXgQBgAdphUJuQ;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsit...
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/activity;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=754705060.1633018858;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3Frouting...
https://ad.doubleclick.net/activity;dc_pre=COv84aeNp_MCFXgQBgAdphUJuQ;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=754705060.1633018858;ps=1;~oref=https%3A%2F%2Fwww.exp...
https://adservice.google.com/ddm/fls/z/dc_pre=COv84aeNp_MCFXgQBgAdphUJuQ;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com...

42 B
63 B

35ms
19ms

Image
image/gif

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COv84aeNp_MCFXgQBgAdphUJuQ;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Sep 2021 16:20:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Sep 2021 16:20:58 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/dc_pre=COv84aeNp_MCFXgQBgAdphUJuQ;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activityi;register_conversion=1;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=754705060.1633018858;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage...
11003711.fls.doubleclick.net/ 0
0 22ms
22ms Image
text/html 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://11003711.fls.doubleclick.net/activityi;register_conversion=1;src=11003711;type=expre0;cat=expre008;ord=2858916638401;gtm=2od9r0;auiddc=754705060.1633018858;ps=1;~oref=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080?
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
261 B 101ms
30ms Image
image/gif 54.76.43.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=is0b4j8&ct=0:y18azwd&fmt=3
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.43.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-43-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Sep 2021 16:20:58 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK rubik-v4-latin-regular.33f60a04.woff2
www.express-scripts.com/frontend/consumer-login-ui/assets/fonts/ 20 KB
22 KB 115ms
115ms Font
font/woff2 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/fonts/rubik-v4-latin-regular.33f60a04.woff2

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

10439ba665bcdffc1e727bc74c0c4b64c8ac0e8f8981fcdaa8d49e672b78d8b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.express-scripts.com
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css
Cookie: AMCVS_BCDA9CC055686E397F000101%40AdobeOrg=1; AMCV_BCDA9CC055686E397F000101%40AdobeOrg=-1124106680%7CMCIDTS%7C18901%7CMCMID%7C21762982531278759541131866431526896125%7CMCAAMLH-1633623658%7C6%7CMCAAMB-1633623658%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1633026058s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.754705060.1633018858
Connection: keep-alive
Referer: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css
Origin: https://www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Last-Modified: Thu, 29 Jul 2021 15:17:30 GMT
Etag: "6102c68a-50bc"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
X-Vcap-Request-Id: 2246cec6-ae51-4a98-40ec-af43757807b3
Cache-Control: max-age=172800 public, no-transform
Date: Thu, 30 Sep 2021 16:20:58 GMT
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Content-Length: 20668
X-Xss-Protection: 1; mode=block
Expires: Sat, 02 Oct 2021 16:20:58 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EA68
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFBVnJETm1xZw&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WVZYajZnQUFBSVRpVVFRcA
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1
https://pixel.everesttech.net/1x1

128 B
796 B

30ms
30ms

Image
image/png

34.243.196.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.196.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-196-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 30 Sep 2021 16:20:58 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 30 Sep 2021 16:20:58 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EA68
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFCUjZAS0ZiZA&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEM...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WVZYajZnQUFBRVctUXdRRQ
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1
https://pixel.everesttech.net/1x1

128 B
796 B

32ms
32ms

Image
image/png

34.243.196.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.196.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-196-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 30 Sep 2021 16:20:58 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 30 Sep 2021 16:20:58 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EA68
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFCQW5GOWtOQA&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%25...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D26...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WVZYajZnQUFBTU5QSEFRQQ
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEMep9YoPYOsIXEZxJiFFV80&google_cver=1
https://pixel.everesttech.net/1x1

128 B
691 B

46ms
33ms

Image
image/png

34.243.196.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.196.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-196-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 30 Sep 2021 16:20:59 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b51c-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 30 Sep 2021 16:20:58 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EA68
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFCWVlUdURPQA&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpir...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2...
https://pixel.everesttech.net/1x1

128 B
691 B

31ms
30ms

Image
image/png

34.243.196.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.196.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-196-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 30 Sep 2021 16:20:59 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b516-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 30 Sep 2021 16:20:58 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EA68
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFBTU5QSEFRQQ&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fv...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggyb...
https://pixel.everesttech.net/1x1

128 B
691 B

30ms
30ms

Image
image/png

34.243.196.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.196.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-196-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 30 Sep 2021 16:20:59 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 30 Sep 2021 16:20:59 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

OPTIONS
H2 200 5d2863f9d635a906a61defd3
app.launchdarkly.com/sdk/goals/ Frame 0
0 34ms
7ms Preflight 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5d2863f9d635a906a61defd3

Protocol

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-launchdarkly-user-agent
Origin: https://www.express-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
allow: GET, OPTIONS, HEAD
content-encoding: gzip
ld-region: us-east-1
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Thu, 30 Sep 2021 16:20:59 GMT
via: 1.1 varnish
x-served-by: cache-hhn4065-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1633018859.390064,VS0,VE1
vary: Accept-Encoding
age: 0
content-length: 23

OPTIONS
H2 200 eyJrZXkiOiIxY2Y3YzY1Yi1mMzlmLTQ4NDMtYmMxMy1mYTc4NjAzNmVlY2EiLCJhbm9ueW1vdXMiOmZhbHNlfQ
app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/ Frame 0
0 7ms
6ms Preflight 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/eyJrZXkiOiIxY2Y3YzY1Yi1mMzlmLTQ4NDMtYmMxMy1mYTc4NjAzNmVlY2EiLCJhbm9ueW1vdXMiOmZhbHNlfQ

Protocol

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-launchdarkly-user-agent
Origin: https://www.express-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
allow: GET, OPTIONS, HEAD
content-encoding: gzip
ld-region: us-east-1
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Thu, 30 Sep 2021 16:20:59 GMT
via: 1.1 varnish
x-served-by: cache-hhn4065-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1633018859.450225,VS0,VE1
vary: Accept-Encoding
age: 0
content-length: 23

GET
H2 200 5d2863f9d635a906a61defd3 Show response
app.launchdarkly.com/sdk/goals/ 2 B
176 B 7ms
7ms XHR
application/json 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5d2863f9d635a906a61defd3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
X-LaunchDarkly-User-Agent: JSClient/2.10.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
content-md5: d751713988987e9331980363e24189ce
age: 0
x-cache: HIT
access-control-max-age: 300
date: Thu, 30 Sep 2021 16:20:59 GMT
content-length: 26
x-served-by: cache-hhn4065-HHN
access-control-allow-origin: *
ld-region: us-east-1
x-timer: S1633018859.397416,VS0,VE1
etag: "d751713988987e9331980363e24189ce"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0
accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
x-cache-hits: 1

GET
H/1.1 200
OK rubik-v4-latin-300.33665eb3.woff2
www.express-scripts.com/frontend/consumer-login-ui/assets/fonts/ 19 KB
21 KB 123ms
123ms Font
font/woff2 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/fonts/rubik-v4-latin-300.33665eb3.woff2

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

e1f0170bfa576680866e1a4a4ee59a9f081789ba145394a7608f9accb2784045

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.express-scripts.com
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css
Cookie: AMCVS_BCDA9CC055686E397F000101%40AdobeOrg=1; _gcl_au=1.1.754705060.1633018858; AMCV_BCDA9CC055686E397F000101%40AdobeOrg=-1124106680%7CMCIDTS%7C18901%7CMCMID%7C21762982531278759541131866431526896125%7CMCAAMLH-1633623658%7C6%7CMCAAMB-1633623658%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1633026058s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.2.0; launchDarklyUserKey=1cf7c65b-f39f-4843-bc13-fa786036eeca
Connection: keep-alive
Referer: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css
Origin: https://www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Last-Modified: Thu, 29 Jul 2021 15:17:30 GMT
Etag: "6102c68a-4af8"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
X-Vcap-Request-Id: 1ba8104c-fa67-4619-4d1b-aaf795b9383d
Cache-Control: max-age=172800 public, no-transform
Date: Thu, 30 Sep 2021 16:20:59 GMT
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Content-Length: 19192
X-Xss-Protection: 1; mode=block
Expires: Sat, 02 Oct 2021 16:20:59 GMT

GET
H/1.1 200
OK rubik-v4-latin-500.66e3e817.woff2
www.express-scripts.com/frontend/consumer-login-ui/assets/fonts/ 21 KB
23 KB 121ms
121ms Font
font/woff2 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontend/consumer-login-ui/assets/fonts/rubik-v4-latin-500.66e3e817.woff2

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

e2a8ec71e33019fe9e07569cf37719ba098e22d914e571c2b60ebb91a7bf5cff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.express-scripts.com
Accept-Encoding: gzip, deflate, br
Host: www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css
Cookie: AMCVS_BCDA9CC055686E397F000101%40AdobeOrg=1; _gcl_au=1.1.754705060.1633018858; AMCV_BCDA9CC055686E397F000101%40AdobeOrg=-1124106680%7CMCIDTS%7C18901%7CMCMID%7C21762982531278759541131866431526896125%7CMCAAMLH-1633623658%7C6%7CMCAAMB-1633623658%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1633026058s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.2.0; launchDarklyUserKey=1cf7c65b-f39f-4843-bc13-fa786036eeca
Connection: keep-alive
Referer: https://www.express-scripts.com/frontend/consumer-login-ui/assets/css/app.8ab3fae7.css
Origin: https://www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net app.link *.branch.io *.google.com *.gstatic.com *.nr-data.net *.newrelic.com *.launchdarkly.com *.medco.com *.express-scripts.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.googletagmanager.com *.doubleclick.net *.facebook.net *.facebook.com *.instagram.com *.googlesyndication.com *.evernorthcloud.com; font-src 'self' data: *.qualtrics.com; img-src 'self' *.express-scripts.com data: *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.branch.io *.doubleclick.net *.facebook.net *.facebook.com insight.adsrvr.org *.google.com *.pinsightmedia.com *.scorecardresearch.com *.linksynergy.com *.rkdms.com *.dotomi.com *.demdex.net *.agkn.com *.advertising.com *.addthis.com *.adnxs.com *.narrative.io *.baidu.com *.bidswitch.net *.bluekai.com *.adingo.jp *.casalemedia.com *.ml314.com *.exelator.com *.ib-ibi.com *.insightexpressai.com *.iqiyi.com *.krxd.net *.liadm.com *.rlcdn.com *.mookie1.com *.pubmatic.com *.nexac.com *.mediav.com *.yahoo.com *.rubiconproject.com *.semasio.net *.sharethrough.com *.thebrighttag.com *.3lift.com *.tapad.com *.qq.com *.truoptik.com *.media6degrees.com *.youku.com; default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Last-Modified: Thu, 29 Jul 2021 15:17:30 GMT
Etag: "6102c68a-52e4"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
X-Vcap-Request-Id: 76edca78-4ef3-4282-548d-318a5c23b17c
Cache-Control: max-age=172800 public, no-transform
Date: Thu, 30 Sep 2021 16:20:59 GMT
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Content-Length: 21220
X-Xss-Protection: 1; mode=block
Expires: Sat, 02 Oct 2021 16:20:59 GMT

GET
H2 200 eyJrZXkiOiIxY2Y3YzY1Yi1mMzlmLTQ4NDMtYmMxMy1mYTc4NjAzNmVlY2EiLCJhbm9ueW1vdXMiOmZhbHNlfQ Show response
app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/ 19 KB
3 KB 29ms
29ms XHR
application/json 151.101.66.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/eyJrZXkiOiIxY2Y3YzY1Yi1mMzlmLTQ4NDMtYmMxMy1mYTc4NjAzNmVlY2EiLCJhbm9ueW1vdXMiOmZhbHNlfQ
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0e9f6ae7b1b647eff79c9d6a8a4f0377c365987580af3edf9e9891c8014bcd8a

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
X-LaunchDarkly-User-Agent: JSClient/2.10.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: gzip
vary: Authorization, Accept-Encoding
age: 0
x-cache: MISS
content-length: 2785
x-served-by: cache-hhn4065-HHN
access-control-allow-origin: *
x-timer: S1633018859.457714,VS0,VE22
etag: "2193dbb"
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, GET
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0
accept-ranges: bytes
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-Requested-With, X-LD-Private, X-LD-AccountId, X-LD-EnvId, X-LD-PrjId, X-LaunchDarkly-Event-Schema, X-LaunchDarkly-User-Agent, X-LaunchDarkly-Wrapper, Ld-Api-Version
x-cache-hits: 0

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97ab5efe680c4e9a239e6199a8ae8b2d938d5a9dd7e3e360ce954eefe5362dd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK ip Show response
www.express-scripts.com/frontendservice/consumeraccount/1/ 26 B
580 B 146ms
145ms XHR
application/json 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontendservice/consumeraccount/1/ip

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

8767fc1a5c12a03dccdd4ae94e0c45183c752285be69d40eec9b79766cb1a667

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
tracestate: 2039469@nr=0-1-2249219-816955554-ebef3ea0a3e25361----1633018859451
Accept-Language: de-DE,de;q=0.9
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjIyNDkyMTkiLCJhcCI6IjgxNjk1NTU1NCIsImlkIjoiZWJlZjNlYTBhM2UyNTM2MSIsInRyIjoiZTQ4ZTdiNzQzNTZiZmZiY2FkNDQ1ODJiYmZiYjQ4NTAiLCJ0aSI6MTYzMzAxODg1OTQ1MSwidGsiOiIyMDM5NDY5In19
Sec-Fetch-Dest: empty
Cookie: AMCVS_BCDA9CC055686E397F000101%40AdobeOrg=1; _gcl_au=1.1.754705060.1633018858; AMCV_BCDA9CC055686E397F000101%40AdobeOrg=-1124106680%7CMCIDTS%7C18901%7CMCMID%7C21762982531278759541131866431526896125%7CMCAAMLH-1633623658%7C6%7CMCAAMB-1633623658%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1633026058s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.2.0; launchDarklyUserKey=1cf7c65b-f39f-4843-bc13-fa786036eeca
Connection: keep-alive
Pragma: no-cache
Host: www.express-scripts.com
traceparent: 00-e48e7b74356bffbcad44582bbfbb4850-ebef3ea0a3e25361-01
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Sec-Fetch-Site: same-origin
Accept: application/json, text/plain, */*
Referer: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
tracestate: 2039469@nr=0-1-2249219-816955554-ebef3ea0a3e25361----1633018859451
traceparent: 00-e48e7b74356bffbcad44582bbfbb4850-ebef3ea0a3e25361-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjIyNDkyMTkiLCJhcCI6IjgxNjk1NTU1NCIsImlkIjoiZWJlZjNlYTBhM2UyNTM2MSIsInRyIjoiZTQ4ZTdiNzQzNTZiZmZiY2FkNDQ1ODJiYmZiYjQ4NTAiLCJ0aSI6MTYzMzAxODg1OTQ1MSwidGsiOiIyMDM5NDY5In19

Response headers

Pragma: no-cache
Date: Thu, 30 Sep 2021 16:20:59 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-Vcap-Request-Id: 9e6e15e4-8ba1-484d-4591-6720e07ff891
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security: max-age=31536000
Esrx-Request-Id: 1d1db7bb-6200-4f7e-b713-096fb9bb5317
Vary: Accept-Encoding
Content-Length: 26
X-Xss-Protection: 1; mode=block
Expires: 0

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EA68
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVZYajZnQUFBTU5QSEFRQQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_...
https://pixel.everesttech.net/1x1

128 B
691 B

32ms
32ms

Image
image/png

34.243.196.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.196.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-196-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 30 Sep 2021 16:20:59 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b51c-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 30 Sep 2021 16:20:59 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK eyJrZXkiOiIxY2Y3YzY1Yi1mMzlmLTQ4NDMtYmMxMy1mYTc4NjAzNmVlY2EiLCJhbm9ueW1vdXMiOmZhbHNlfQ
clientstream.launchdarkly.com/eval/5d2863f9d635a906a61defd3/ 19 KB
0 98ms
34ms EventSource
text/event-stream 76.223.31.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://clientstream.launchdarkly.com/eval/5d2863f9d635a906a61defd3/eyJrZXkiOiIxY2Y3YzY1Yi1mMzlmLTQ4NDMtYmMxMy1mYTc4NjAzNmVlY2EiLCJhbm9ueW1vdXMiOmZhbHNlfQ

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.31.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a1370dc23e25e46ce.awsglobalaccelerator.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 30 Sep 2021 16:20:59 GMT
Ld-Region: eu-west-1
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: GET,OPTIONS
Content-Type: text/event-stream; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 300
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper

GET
H2 200 nr-spa-1198.min.js Show response
js-agent.newrelic.com/ 38 KB
15 KB 29ms
6ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1198.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8ec272b76ebdf8756da8e60cbec342b26e1e314d223b828e34b02aedea5d6d5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: "498f8d87fcfe5e90fda6a3ae4c47c6b0"
x-amz-request-id: K794E69J7DE4F7NG
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14594
x-amz-id-2: Bm/a2qqYBq/nyZsIUN4OQ4DNqM+9H/hL1X81kllB0Tp3JNjnuTjNxjngJwI39/SXVqNjNMv72mQ=
x-served-by: cache-fra19167-FRA
last-modified: Fri, 29 Jan 2021 19:19:10 GMT
server: AmazonS3
x-timer: S1633018860.559626,VS0,VE0
date: Thu, 30 Sep 2021 16:20:59 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 13

GET
H2 200 / Show response
zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 88ms
39ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_3EtDzVv330Bnajr&Q_LOC=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080&t=1633018859535

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

808892304fd4cba5ec38737ce3bec972fb88bc99f9e050e460c8b9ad4d2cc33b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56179
cf-polished: origSize=8383
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
timing-allow-origin: *
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"20bf-oMh3wEMMkCvaSZpl8V057hHtqcM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 696ec8206f385ca4-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 / Show response
zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 104ms
54ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_7QCHNY5hadKsvMV&Q_LOC=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080&t=1633018859536

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a9d614132a55b4e1dc49fb94f072005d8b68176409a706000f1131b8a405aa31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56179
cf-polished: origSize=8383
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
timing-allow-origin: *
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"20bf-fsb+VgkriimHfYgUBkf1XDQqpG0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 696ec8206cbc4abd-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

POST
H2 200 s55742505419199
expressscripts.sc.omtrdc.net/b/ss/expresscomprod/1/JS-2.22.1-LBWB/ 43 B
243 B 16ms
16ms Ping
image/gif 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscripts.sc.omtrdc.net/b/ss/expresscomprod/1/JS-2.22.1-LBWB/s55742505419199?AQB=1&ndh=1&pf=1&t=30%2F8%2F2021%2016%3A20%3A59%204%200&mid=21762982531278759541131866431526896125&aamlh=6&ce=UTF-8&pageName=Login%3AMain&g=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080&cc=USD&ch=Access&v0=eml%3ABOB%3AFSA_2021%3A%3A1%3A10080&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=Login%3AMain&v1=Login%3AMain&v3=Launch&c23=ESIWeb&c37=www.express-scripts.com%2Flogin&v37=www.express-scripts.com%2Flogin&c43=1633018859455&c49=React&c50=Login&v50=https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080&v68=21762982531278759541131866431526896125&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=BCDA9CC055686E397F000101%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
x-content-type-options: nosniff
x-c: main-1531.I2ae8be.M0-520
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 01 Oct 2021 16:20:59 GMT
server: jag
xserver: anedge-567564d5d5-44grd
etag: 3506881297371299840-4619529341963223979
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
expires: Wed, 29 Sep 2021 16:20:59 GMT

GET
H/1.1 200
OK a73afcb621 Show response
bam.nr-data.net/1/ 57 B
322 B 429ms
106ms Script
text/javascript 162.247.242.21
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/a73afcb621?a=816955554&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=2692&ck=1&ref=https://www.express-scripts.com/login&be=664&fe=2654&dc=2577&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1633018856880,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:96,%22c%22:96,%22s%22:194,%22ce%22:398,%22rq%22:398,%22rp%22:634,%22rpe%22:636,%22dl%22:638,%22di%22:1390,%22ds%22:2578,%22de%22:2578,%22dc%22:2654,%22l%22:2654,%22le%22:2657%7D,%22navigation%22:%7B%7D%7D&fp=1689&fcp=1689&jsonp=NREUM.setToken
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.21 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-9.nr-data.net
Software: /
Resource Hash: 5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript;charset=iso-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 11.b48251b2521bf5ae5dfb.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 55 KB
17 KB 41ms
32ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/11.b48251b2521bf5ae5dfb.chunk.js?Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&Q_BRANDID=www.express-scripts.com

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0688987cf82d39f8dd72117fa3b5e7422fb59a2ca7256ab77209c0d541944904

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57328
cf-polished: origSize=57116
cf-ray: 696ec820bd5e4abd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
last-modified: Wed, 22 Sep 2021 18:25:26 GMT
server: cloudflare
x-powered-by: Express
etag: W/"df1c-17c0ec15df0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1 KB 118ms
117ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3EtDzVv330Bnajr&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e973cf66d6ed6005d9bc161de3fa51a430a7713b2933cf9797db5e4910fe765

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5
trace-id: 83eb741348d9df1d
cf-ray: 696ec8211e0c4abd-FRA
vary: Accept-Encoding

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 11 KB
2 KB 131ms
131ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_7QCHNY5hadKsvMV&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d5ee96fcdc5b0eff9c161eca7781db8cf274d7e827566e513487f4cf0278054

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 10
trace-id: 60ce7bd29dd30750
cf-ray: 696ec8211e194abd-FRA
vary: Accept-Encoding

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 99 KB
31 KB 29ms
28ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

f5e9f8af2b56cdc55e6b99815370665abf86efe4882c1ae9ca3a95bbf61bbbfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57333
cf-polished: origSize=101807
cf-ray: 696ec821ffd04abd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
last-modified: Wed, 22 Sep 2021 18:25:26 GMT
server: cloudflare
x-powered-by: Express
etag: W/"18daf-17c0ec15df0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 2.4c79ed6728cc3054bba2.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
916 B 24ms
24ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/2.4c79ed6728cc3054bba2.chunk.js?Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0904efaf7c18759e6b7590bed6ae665eb0d461ab8e7d3f86280044e360592d27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57332
cf-polished: origSize=2539
cf-ray: 696ec82248704abd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 46
vary: Accept-Encoding
last-modified: Wed, 22 Sep 2021 18:25:26 GMT
server: cloudflare
x-powered-by: Express
etag: W/"9eb-17c0ec15df0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 1.a4037f4820369ddf14c3.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 26 KB
6 KB 31ms
31ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.a4037f4820369ddf14c3.chunk.js?Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

35adf986433c26753aa013ad11466e0e802c4c67ed25567d433214de75aea562

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57332
cf-polished: origSize=27226
cf-ray: 696ec82248714abd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 20
vary: Accept-Encoding
last-modified: Wed, 22 Sep 2021 18:25:26 GMT
server: cloudflare
x-powered-by: Express
etag: W/"6a5a-17c0ec15df0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 LinkModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
892 B 24ms
24ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/LinkModule.js?Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57014
cf-polished: origSize=2547
cf-ray: 696ec82248724abd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
last-modified: Wed, 22 Sep 2021 18:25:26 GMT
server: cloudflare
x-powered-by: Express
etag: W/"9f3-17c0ec15df0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 EmbeddedTargetModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 7 KB
3 KB 26ms
26ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57010
cf-polished: origSize=8462
cf-ray: 696ec82248734abd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 22 Sep 2021 18:25:26 GMT
server: cloudflare
x-powered-by: Express
etag: W/"210e-17c0ec15df0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 64 KB
23 KB 29ms
29ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57310
cf-polished: origSize=66052
cf-ray: 696ec82248744abd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 12
vary: Accept-Encoding
last-modified: Wed, 22 Sep 2021 18:25:26 GMT
server: cloudflare
x-powered-by: Express
etag: W/"10204-17c0ec15df0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 45ms
28ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0i8wwbn7arJBkP3&Version=6&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c55125aec65d70fb72ca1745a14a0c0d7579c614d9487088e00082f6a77fca0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 80066
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bc54e07-FRA
servershortname
expires: Sat, 27 Sep 2031 18:06:33 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 232 B
252 B 49ms
33ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_efdXiD6QLnAyAdL&Version=1&Q_InterceptID=SI_0i8wwbn7arJBkP3&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

979afa7870c4eee8a246e4024d68170fc571cd3527f2c601127c592475b895b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501173
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bd04e07-FRA
servershortname
expires: Mon, 22 Sep 2031 21:08:06 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 56ms
41ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0oHy3lnW2BdfrL0&Version=4&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c65a1698d7b3e3683b714a1ee2e43d2bc2c36810470edf4d932edba81f6d7fe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 80066
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 31
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bd64e07-FRA
servershortname
expires: Sat, 27 Sep 2031 18:06:33 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 232 B
241 B 45ms
31ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_efdXiD6QLnAyAdL&Version=1&Q_InterceptID=SI_0oHy3lnW2BdfrL0&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

979afa7870c4eee8a246e4024d68170fc571cd3527f2c601127c592475b895b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501173
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bcb4e07-FRA
servershortname
expires: Mon, 22 Sep 2031 21:08:06 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 43ms
30ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_87gv7D6QVcbj04B&Version=11&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

439cb5050285f4944b28562634ee58ed5a551a4ca8bafc7fc72acf122cb7af1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 172485
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bd34e07-FRA
servershortname
expires: Fri, 26 Sep 2031 16:26:14 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
665 B 45ms
32ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_aXGRHT9deChbnUO&Version=6&Q_InterceptID=SI_87gv7D6QVcbj04B&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

537e2a21d6c6063aa2e2cf2542ccdc02f73b260bbb6975af1c96b1f22d216668

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 172485
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bd54e07-FRA
servershortname
expires: Fri, 26 Sep 2031 16:26:14 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 16 KB
2 KB 45ms
33ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_eznJ7JJ2gtxcty5&Version=9&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

525c8e3edad21c44cbfb3de556490dd233c83965d0c586e5d6b1fdd77e2bd8ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 304998
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bc84e07-FRA
servershortname
expires: Thu, 25 Sep 2031 03:37:41 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 220 B
264 B 42ms
29ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_7aEyhXOE6dHOF8x&Version=4&Q_InterceptID=SI_eznJ7JJ2gtxcty5&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1afdfe6ce4ad01e843007105d64d70468158c7a43c6944718922ffb7dc6169eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501173
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 696ec8226bca4e07-FRA
servershortname
expires: Mon, 22 Sep 2031 21:08:06 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
245 B 133ms
133ms XHR
text/plain 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_aXGRHT9deChbnUO&Q_SIID=SI_87gv7D6QVcbj04B&Q_ASID=AS_3KIqEDWJ9XmKaix&Q_CLIENTVERSION=1.61.0&Q_CLIENTTYPE=web&r=1633018859962

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Sep 2021 16:21:00 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
trace-id: c0ca778fc3748b62
cf-ray: 696ec822cc864e07-FRA
vary: Accept-Encoding
content-length: 45

GET
H2 200 wr-dialog-close-btn-white.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 254 B
512 B 21ms
21ms Image
image/png 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 16:20:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16571118
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
cf-bgj: imgq:85,h2pri
vary: Accept-Encoding
content-length: 254
last-modified: Wed, 10 Mar 2021 21:25:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 696ec822c95e4abd-FRA
servershortname
expires: Thu, 20 Mar 2031 21:15:41 GMT

POST
H/1.1 200
OK a73afcb621 Show response
bam.nr-data.net/events/1/ 24 B
190 B 111ms
111ms XHR
image/gif 162.247.242.21
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/a73afcb621?a=816955554&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=3164&ck=1&ref=https://www.express-scripts.com/login
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.21 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-9.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.express-scripts.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

OPTIONS
H/1.1 204
No Content 5d2863f9d635a906a61defd3
events.launchdarkly.com/events/bulk/ Frame 0
0 314ms
101ms Preflight
application/json 54.236.93.196
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5d2863f9d635a906a61defd3

Protocol

HTTP/1.1

Server

54.236.93.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-236-93-196.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-launchdarkly-event-schema,x-launchdarkly-user-agent
Origin: https://www.express-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Thu, 30 Sep 2021 16:21:01 GMT
Content-Type: application/json
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
Access-Control-Allow-Methods: POST,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Access-Control-Max-Age: 300
Strict-Transport-Security: max-age=31536000

POST
H/1.1 202
Accepted 5d2863f9d635a906a61defd3 Show response
events.launchdarkly.com/events/bulk/ 0
509 B 202ms
202ms XHR
application/json 54.236.93.196
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5d2863f9d635a906a61defd3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.236.93.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-236-93-196.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.express-scripts.com/
X-LaunchDarkly-Event-Schema: 3
Accept-Language: de-DE,de;q=0.9
X-LaunchDarkly-User-Agent: JSClient/2.10.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Sep 2021 16:21:02 GMT
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: POST,OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 300
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
Content-Length: 0
Access-Control-Expose-Headers: Date

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.everesttech.net
URL: https://cm.everesttech.net/cm/dd?d_uuid=21791521004262689871133524422709263796

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-20 01:56:10	Name: demdex Value: 21791521004262689871133524422709263796
.express-scripts.com/	1969-12-31 23:59:59	Name: AMCVS_BCDA9CC055686E397F000101%40AdobeOrg Value: 1
.express-scripts.com/	1970-01-19 23:46:34	Name: _gcl_au Value: 1.1.754705060.1633018858
.doubleclick.net/	1970-01-20 15:08:10	Name: IDE Value: AHWqTUmfY0HK2pL5gdBbvDj-wW5i1oh6gZx0qkxmj4VR1b_kV_ZPiGfeVz9QtY8Y
.express-scripts.com/	1970-01-20 15:08:10	Name: AMCV_BCDA9CC055686E397F000101%40AdobeOrg Value: -1124106680%7CMCIDTS%7C18901%7CMCMID%7C21762982531278759541131866431526896125%7CMCAAMLH-1633623658%7C6%7CMCAAMB-1633623658%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1633026058s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.2.0
.everesttech.net/	1970-01-20 06:22:34	Name: everest_g_v2 Value: g_surferid~YVXj6gAAAMNPHAQA
.everesttech.net/	1970-01-19 22:21:37	Name: ev_sync_ax Value: 20210930
.everesttech.net/	1969-12-31 23:59:59	Name: everest_session_v2 Value: YVXj6gAAAC8TvGta
.express-scripts.com/	1970-01-20 06:22:34	Name: launchDarklyUserKey Value: 1cf7c65b-f39f-4843-bc13-fa786036eeca
.demdex.net/	1970-01-20 01:56:10	Name: dextp Value: 1083-1-1633018858609\|1085-1-1633018858710\|1086-1-1633018858812\|1087-1-1633018858913\|1088-1-1633018859014\|19913-1-1633018859482
.express-scripts.com/	1969-12-31 23:59:59	Name: s_cc Value: true
www.express-scripts.com/	1969-12-31 23:59:59	Name: QSI_HistorySession Value: https%3A%2F%2Fwww.express-scripts.com%2Flogin%3FroutingPage%3Dconsumer%2Fsite%2Fpcl%26om_mid%3D10080%26om_rid%3D487033615%26CID%3Deml%3ABOB%3AFSA_2021%3A%3A1%3A10080~1633018859812
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 2664f72411e726c2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.express-scripts.com/login?routingPage=consumer/site/pcl&om_mid=10080&om_rid=487033615&CID=eml:BOB:FSA_2021::1:10080 Message: Refused to load the image 'https://cm.everesttech.net/cm/dd?d_uuid=21791521004262689871133524422709263796' because it violates the following Content Security Policy directive: "img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' .demdex.net app.link .branch.io .google.com .gstatic.com .nr-data.net .newrelic.com .launchdarkly.com .medco.com .express-scripts.com .accredo.com .adobedtm.com .everestjs.net .omtrdc.net .qualtrics.com .cigna.com .googletagmanager.com .doubleclick.net .facebook.net .facebook.com .instagram.com .googlesyndication.com .evernorthcloud.com; font-src 'self' data: .qualtrics.com; img-src 'self' .express-scripts.com data: .omtrdc.net .destinationrx.com .qualtrics.com openbadges.blob.core.windows.net .branch.io .doubleclick.net .facebook.net .facebook.com insight.adsrvr.org .google.com .pinsightmedia.com .scorecardresearch.com .linksynergy.com .rkdms.com .dotomi.com .demdex.net .agkn.com .advertising.com .addthis.com .adnxs.com .narrative.io .baidu.com .bidswitch.net .bluekai.com .adingo.jp .casalemedia.com .ml314.com .exelator.com .ib-ibi.com .insightexpressai.com .iqiyi.com .krxd.net .liadm.com .rlcdn.com .mookie1.com .pubmatic.com .nexac.com .mediav.com .yahoo.com .rubiconproject.com .semasio.net .sharethrough.com .thebrighttag.com .3lift.com .tapad.com .qq.com .truoptik.com .media6degrees.com .youku.com; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11003711.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
app.launchdarkly.com
assets.adobedtm.com
bam.nr-data.net
cdn.branch.io
clientstream.launchdarkly.com
cm.everesttech.net
cm.g.doubleclick.net
dpm.demdex.net
events.launchdarkly.com
expressscripts.sc.omtrdc.net
expressscriptsholdingcompany.demdex.net
insight.adsrvr.org
js-agent.newrelic.com
pixel.everesttech.net
siteintercept.qualtrics.com
www.express-scripts.com
www.googletagmanager.com
zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com
zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com
cm.everesttech.net
104.17.208.240
104.17.209.240
13.33.242.110
142.250.185.66
142.250.186.102
142.250.186.168
15.236.176.210
151.101.130.137
151.101.66.217
162.247.242.21
167.211.52.57
2.18.232.23
34.243.196.142
34.248.191.66
52.210.87.143
54.171.163.246
54.236.93.196
54.76.43.77
76.223.31.44
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0688987cf82d39f8dd72117fa3b5e7422fb59a2ca7256ab77209c0d541944904
0821bd2158b7c2d4165a43a999f30fdc1dc977c6f216ae950298b0237189c0e2
0904efaf7c18759e6b7590bed6ae665eb0d461ab8e7d3f86280044e360592d27
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0e9f6ae7b1b647eff79c9d6a8a4f0377c365987580af3edf9e9891c8014bcd8a
10439ba665bcdffc1e727bc74c0c4b64c8ac0e8f8981fcdaa8d49e672b78d8b2
1afdfe6ce4ad01e843007105d64d70468158c7a43c6944718922ffb7dc6169eb
28403a5e48d210665505fcfe641e40d585dc274d1d5f92efe9698009dc9a8e3d
2a45e5282a5714b814916f1bd685db999b6d1572b8afe30e6a616925252c32ac
35adf986433c26753aa013ad11466e0e802c4c67ed25567d433214de75aea562
3e973cf66d6ed6005d9bc161de3fa51a430a7713b2933cf9797db5e4910fe765
439cb5050285f4944b28562634ee58ed5a551a4ca8bafc7fc72acf122cb7af1d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
525c8e3edad21c44cbfb3de556490dd233c83965d0c586e5d6b1fdd77e2bd8ce
537e2a21d6c6063aa2e2cf2542ccdc02f73b260bbb6975af1c96b1f22d216668
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
5e8ebc856dedb6eaf5a2054e7b008c6d8310888c85eb0a10dcd203c4521509ba
6d5ee96fcdc5b0eff9c161eca7781db8cf274d7e827566e513487f4cf0278054
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7d2a4108cc6b839da6be122e30361d4b1a44170d9e6c11cbff1a69f34a945fe6
7f07fba3246e88d3ee93d416d967314959440c0aa154eebd9b5166719019f841
808892304fd4cba5ec38737ce3bec972fb88bc99f9e050e460c8b9ad4d2cc33b
8767fc1a5c12a03dccdd4ae94e0c45183c752285be69d40eec9b79766cb1a667
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec272b76ebdf8756da8e60cbec342b26e1e314d223b828e34b02aedea5d6d5a
92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84
92d5bd540058caec4d86efe7040ceebe1d01e867a0c5cc7ec9d2114a92083175
979afa7870c4eee8a246e4024d68170fc571cd3527f2c601127c592475b895b3
97ab5efe680c4e9a239e6199a8ae8b2d938d5a9dd7e3e360ce954eefe5362dd6
99789b8b13b5911f4daf627828c7223f4379ecbba4e65d1b718b49347b1ca17b
a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc
a55d734d45c5a948d2401fac5db9f9a611f6fe19b5340521239c1dd05a4ef46a
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
a7f487a76954fd345b1786227eb8403c4ecf53d7d5b24b792b1a16a4eeff987e
a9d614132a55b4e1dc49fb94f072005d8b68176409a706000f1131b8a405aa31
ae6891ae65eae4b6580f8c9467867e1d990a684bc2cbe5b4e55370ffefa19530
b1f23d8732d8e2a4f2e983d5bf52c680226ec20d3b3453a7d8de4ef4e28aa7a5
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
c55125aec65d70fb72ca1745a14a0c0d7579c614d9487088e00082f6a77fca0a
c65a1698d7b3e3683b714a1ee2e43d2bc2c36810470edf4d932edba81f6d7fe2
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
e1f0170bfa576680866e1a4a4ee59a9f081789ba145394a7608f9accb2784045
e2a8ec71e33019fe9e07569cf37719ba098e22d914e571c2b60ebb91a7bf5cff
e3316a63539c9717a12b5a268f9020a5b3b1438fe59dda6dfe685edb6b090268
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f5e9f8af2b56cdc55e6b99815370665abf86efe4882c1ae9ca3a95bbf61bbbfa
f6ab27b955d51a00cb1e4f5083d102c38513d03683799c525c03a08707075f82

www.express-scripts.com Open in urlscan Pro 167.211.52.57 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

64 Requests

98 %HTTPS

0 %IPv6

14 Domains

22 Subdomains

19 IPs

5 Countries

1559 kBTransfer

4439 kBSize

13 Cookies

4 Outgoing links

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

www.express-scripts.com Open in urlscan Pro
167.211.52.57 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

98 %
HTTPS

0 %
IPv6

14
Domains

22
Subdomains

19
IPs

5
Countries

1559 kB
Transfer

4439 kB
Size

13
Cookies

64 HTTP transactions
1 data transactions