www.gesa.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/raI8DLFCY8
Effective URL:
https://www.gesa.com/promotions/70th-birthday/
Submission: On June 29 via manual (June 29th 2023, 4:26:49 pm UTC) from US — Scanned from DE

Summary HTTP 171 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 64 IPs in 9 countries across 72 domains to perform 171 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.gesa.com. The Cisco Umbrella rank of the primary domain is 673262.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 16th 2023. Valid for: a year.

This is the only time www.gesa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
61	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	151.101.0.114 151.101.0.114	54113 (FASTLY) (FASTLY)
2	51.11.20.152 51.11.20.152	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.192.32 18.66.192.32	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:780... 2a02:26f0:780::210:a423	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	37.157.2.247 37.157.2.247	198622 (ADFORM) (ADFORM)
2	108.138.34.128 108.138.34.128	16509 (AMAZON-02) (AMAZON-02)
1	52.10.176.180 52.10.176.180	16509 (AMAZON-02) (AMAZON-02)
4	3.230.203.248 3.230.203.248	14618 (AMAZON-AES) (AMAZON-AES)
2	35.166.204.132 35.166.204.132	16509 (AMAZON-02) (AMAZON-02)
2	54.198.99.45 54.198.99.45	14618 (AMAZON-AES) (AMAZON-AES)
2	74.208.214.109 74.208.214.109	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	35.186.228.179 35.186.228.179	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	172.67.75.100 172.67.75.100	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.164.52.121 18.164.52.121	16509 (AMAZON-02) (AMAZON-02)
1 2	185.167.164.43 185.167.164.43	198622 (ADFORM) (ADFORM)
6	2600:9000:26d... 2600:9000:26db:1c00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.192.46 18.66.192.46	16509 (AMAZON-02) (AMAZON-02)
2	52.88.183.153 52.88.183.153	16509 (AMAZON-02) (AMAZON-02)
2 14	37.157.6.233 37.157.6.233	198622 (ADFORM) (ADFORM)
1	37.157.3.29 37.157.3.29	198622 (ADFORM) (ADFORM)
4	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	99.81.190.73 99.81.190.73	16509 (AMAZON-02) (AMAZON-02)
1	23.215.16.120 23.215.16.120	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	52.58.93.190 52.58.93.190	16509 (AMAZON-02) (AMAZON-02)
1	185.86.138.155 185.86.138.155	201081 (SMARTADSE...) (SMARTADSERVER)
1	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1	23.55.161.187 23.55.161.187	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	18.197.205.97 18.197.205.97	16509 (AMAZON-02) (AMAZON-02)
1 3	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 2	77.243.51.122 77.243.51.122	42697 (NETIC-AS) (NETIC-AS)
1 1	77.243.51.121 77.243.51.121	42697 (NETIC-AS) (NETIC-AS)
2	95.101.148.198 95.101.148.198	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.184.216.10 18.184.216.10	16509 (AMAZON-02) (AMAZON-02)
2 2	18.198.126.47 18.198.126.47	16509 (AMAZON-02) (AMAZON-02)
1	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	52.49.54.245 52.49.54.245	16509 (AMAZON-02) (AMAZON-02)
2	72.246.169.24 72.246.169.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 1	34.255.25.245 34.255.25.245	16509 (AMAZON-02) (AMAZON-02)
1	52.218.105.226 52.218.105.226	16509 (AMAZON-02) (AMAZON-02)
1 1	141.94.170.64 141.94.170.64	16276 (OVH) (OVH)
2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
4 5	217.79.187.54 217.79.187.54	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	139.162.141.41 139.162.141.41	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	193.135.9.128 193.135.9.128	48314 (IP-PROJECTS) (IP-PROJECTS)
3 3	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	52.50.46.27 52.50.46.27	16509 (AMAZON-02) (AMAZON-02)
2 3	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	198.47.127.205 198.47.127.205	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	18.66.192.99 18.66.192.99	16509 (AMAZON-02) (AMAZON-02)
2 3	52.72.63.169 52.72.63.169	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.211.126.31 52.211.126.31	16509 (AMAZON-02) (AMAZON-02)
1 1	3.69.98.172 3.69.98.172	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	35.156.85.133 35.156.85.133	16509 (AMAZON-02) (AMAZON-02)
1	69.169.86.38 69.169.86.38	29838 (AMC) (AMC)
1	141.95.33.111 141.95.33.111	16276 (OVH) (OVH)
2 2	35.190.24.218 35.190.24.218	15169 (GOOGLE) (GOOGLE)
1	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:245... 2600:9000:2450:b000:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	46.19.11.36 46.19.11.36	51790 (SIEL) (SIEL)
1 1	109.206.161.21 109.206.161.21	50245 (SERVEREL-AS) (SERVEREL-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	107.178.244.119 107.178.244.119	15169 (GOOGLE) (GOOGLE)
171	64

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.gesa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.114 (United States)

ASN54113 (FASTLY, US)

cdn.evgnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.11.20.152 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.node7seat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.192.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-32.muc50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:780::210:a423 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.2.247 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.34.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-34-128.muc50.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.10.176.180 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-176-180.us-west-2.compute.amazonaws.com

app.truconversion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.230.203.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-203-248.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.166.204.132 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-204-132.us-west-2.compute.amazonaws.com

app.leadsrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.198.99.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-198-99-45.compute-1.amazonaws.com

gesacu.us-1.evergage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.208.214.109 (United States)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ns1.marketplan.io

app.marketplan.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.228.179 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 179.228.186.35.bc.googleusercontent.com

google-analytics.bi.owox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.75.100 (United States)

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.52.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-52-121.cdg50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.167.164.43 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

a2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:26db:1c00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.192.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-46.muc50.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.88.183.153 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-88-183-153.us-west-2.compute.amazonaws.com

api.alpharank.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 37.157.6.233 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.3.29 (Denmark)

ASN198622 (ADFORM, DK)

a1.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.81.190.73 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-190-73.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.215.16.120 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-215-16-120.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.93.190 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-93-190.eu-central-1.compute.amazonaws.com

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.155 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.55.161.187 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-55-161-187.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.205.97 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-205-97.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.245.213 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.51.122 (Denmark) 2 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.243.51.121 (Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

se.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.148.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-148-198.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.216.10 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-216-10.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.126.47 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.54.245 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-54-245.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.246.169.24 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-169-24.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.25.245 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-25-245.eu-west-1.compute.amazonaws.com

api.adrtx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.218.105.226 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1.amazonaws.com

s3-eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.94.170.64 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-7.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 217.79.187.54 (Germany) 4 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: cm43.as.net

cm.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.141.41 (Frankfurt am Main, Germany) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: tags1.adsafety.net

tags.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.135.9.128 (Germany) 1 redirects

ASN48314 (IP-PROJECTS, DE)

ads.smartstream.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.2 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.46.27 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-46-27.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.21 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.205 (United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.192.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-99.muc50.r.cloudfront.net

pdw-adf.userreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.72.63.169 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-63-169.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.126.31 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-126-31.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.98.172 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-98-172.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.85.133 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-85-133.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.169.86.38 (United States)

ASN29838 (AMC, US)

global.ib-ibi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.33.111 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203177.ip-141-95-33.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.24.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.24.190.35.bc.googleusercontent.com

redirect.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.89.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2450:b000:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.19.11.36 (Slovenia)

ASN51790 (SIEL, SI)
PTR: ilog.vsn.si

match.contentexchange.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.206.161.21 (United States) 1 redirects

ASN50245 (SERVEREL-AS, US)
PTR: 109.206.161.21.serverel.net

sync.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.244.119 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 119.244.178.107.bc.googleusercontent.com

pixel.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	gesa.com www.gesa.com — Cisco Umbrella Rank: 673262	1 MB
17	adform.net 3 redirects s2.adform.net — Cisco Umbrella Rank: 6835 a2.adform.net — Cisco Umbrella Rank: 9464 c1.adform.net — Cisco Umbrella Rank: 633 dmp.adform.net — Cisco Umbrella Rank: 3542	43 KB
7	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 stats.g.doubleclick.net — Cisco Umbrella Rank: 130 cm.g.doubleclick.net — Cisco Umbrella Rank: 254	5 KB
6	adsafety.net 5 redirects cm.adsafety.net — Cisco Umbrella Rank: 18007 tags.adsafety.net — Cisco Umbrella Rank: 82701	10 KB
6	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1031	2 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 414 www.linkedin.com — Cisco Umbrella Rank: 544 px4.ads.linkedin.com — Cisco Umbrella Rank: 6544	5 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	319 B
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3188	7 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	217 KB
3	audrte.com 2 redirects a.audrte.com — Cisco Umbrella Rank: 2962	2 KB
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 469	3 KB
3	exelator.com 2 redirects loadm.exelator.com — Cisco Umbrella Rank: 1652 load77.exelator.com — Cisco Umbrella Rank: 4313	2 KB
3	semasio.net 3 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1361 se.semasio.net — Cisco Umbrella Rank: 22664	2 KB
3	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	874 B
3	google.de www.google.de — Cisco Umbrella Rank: 4752	673 B
3	google.com www.google.com — Cisco Umbrella Rank: 10 region1.analytics.google.com — Cisco Umbrella Rank: 2556	818 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 390	13 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63 region1.google-analytics.com — Cisco Umbrella Rank: 1623	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	272 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 524	1 KB
2	weborama.fr 2 redirects redirect.frontend.weborama.fr — Cisco Umbrella Rank: 13096	632 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1044	1 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 218	2 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 383	531 B
2	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 662	649 B
2	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 1185	836 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	2 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	880 B
2	adscale.de 2 redirects ih.adscale.de — Cisco Umbrella Rank: 2932	696 B
2	rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 652 pixel.rubiconproject.com — Cisco Umbrella Rank: 374	453 B
2	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 670	853 B
2	alpharank.io api.alpharank.io — Cisco Umbrella Rank: 89089	848 B
2	marketplan.io app.marketplan.io — Cisco Umbrella Rank: 406623	2 KB
2	evergage.com gesacu.us-1.evergage.com — Cisco Umbrella Rank: 721566	485 B
2	leadsrx.com app.leadsrx.com — Cisco Umbrella Rank: 12268	19 KB
2	cloudfront.net d10lpsik1i8c69.cloudfront.net	95 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 914	6 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 753 script.hotjar.com — Cisco Umbrella Rank: 1081	73 KB
2	node7seat.com secure.node7seat.com — Cisco Umbrella Rank: 501189	24 KB
1	sojern.com pixel.sojern.com — Cisco Umbrella Rank: 6444	163 B
1	e-volution.ai 1 redirects sync.e-volution.ai — Cisco Umbrella Rank: 3135	464 B
1	contentexchange.me match.contentexchange.me — Cisco Umbrella Rank: 33798	50 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 822	242 B
1	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1425	165 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 423	1 KB
1	ib-ibi.com global.ib-ibi.com — Cisco Umbrella Rank: 2348	72 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1777	456 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 533	492 B
1	userreport.com pdw-adf.userreport.com — Cisco Umbrella Rank: 29485	444 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 797	474 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 620	339 B
1	smartstream.tv 1 redirects ads.smartstream.tv — Cisco Umbrella Rank: 25727	849 B
1	onaudience.com 1 redirects pixel.onaudience.com — Cisco Umbrella Rank: 3417	419 B
1	amazonaws.com s3-eu-west-1.amazonaws.com	390 B
1	adrtx.net 1 redirects api.adrtx.net — Cisco Umbrella Rank: 37472	407 B
1	openx.net eu-u.openx.net — Cisco Umbrella Rank: 2766	274 B
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 955	267 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 428	99 B
1	eyeota.net ps.eyeota.net — Cisco Umbrella Rank: 1132	344 B
1	stickyadstv.com ads.stickyadstv.com — Cisco Umbrella Rank: 643	637 B
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 338	126 B
1	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 623	163 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 3886	400 B
1	seadform.net a1.seadform.net — Cisco Umbrella Rank: 30524	468 B
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2696	259 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 9577	1 KB
1	owox.com google-analytics.bi.owox.com — Cisco Umbrella Rank: 87935	14 B
1	truconversion.com app.truconversion.com — Cisco Umbrella Rank: 86038	1 KB
1	evgnet.com cdn.evgnet.com — Cisco Umbrella Rank: 3987	47 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 5138	297 B
1	t.co t.co — Cisco Umbrella Rank: 511	546 B
0	1dmp.io Failed sync.1dmp.io Failed
171	72

	Domain	Requested by
61	www.gesa.com	t.co www.gesa.com
11	c1.adform.net	2 redirects a2.adform.net c1.adform.net
6	cdn.linkedin.oribi.io	snap.licdn.com
5	cm.adsafety.net	4 redirects c1.adform.net
4	www.facebook.com	www.gesa.com
4	tags.srv.stackadapt.com	t.co tags.srv.stackadapt.com
4	connect.facebook.net	t.co connect.facebook.net
3	dmp.adform.net	c1.adform.net
3	a.audrte.com	2 redirects c1.adform.net
3	secure.adnxs.com	2 redirects c1.adform.net
3	cm.g.doubleclick.net	3 redirects
3	eb2.3lift.com	1 redirects c1.adform.net
3	px.ads.linkedin.com	3 redirects
3	www.google.de	www.gesa.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.gesa.com
3	www.googletagmanager.com	www.gesa.com www.googletagmanager.com www.google-analytics.com
2	pixel.tapad.com	2 redirects
2	redirect.frontend.weborama.fr	2 redirects
2	pm.w55c.net	2 redirects
2	dpm.demdex.net	2 redirects
2	match.adsrvr.org	c1.adform.net
2	tags.bluekai.com	c1.adform.net
2	loadm.exelator.com	2 redirects
2	pixel.mathtag.com	c1.adform.net
2	uipglob.semasio.net	2 redirects
2	dsum-sec.casalemedia.com	1 redirects c1.adform.net
2	x.bidswitch.net	2 redirects
2	ih.adscale.de	2 redirects
2	ad.360yield.com	1 redirects c1.adform.net
2	api.alpharank.io	www.googletagmanager.com api.alpharank.io
2	a2.adform.net	1 redirects www.gesa.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	www.google.com	www.gesa.com
2	app.marketplan.io	www.googletagmanager.com app.marketplan.io
2	gesacu.us-1.evergage.com	cdn.evgnet.com
2	app.leadsrx.com	t.co app.leadsrx.com
2	d10lpsik1i8c69.cloudfront.net	t.co d10lpsik1i8c69.cloudfront.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	secure.node7seat.com	www.gesa.com secure.node7seat.com
1	pixel.sojern.com	c1.adform.net
1	pixel.rubiconproject.com	c1.adform.net
1	sync.e-volution.ai	1 redirects
1	match.contentexchange.me	c1.adform.net
1	s.ad.smaato.net	c1.adform.net
1	sync.teads.tv	c1.adform.net
1	id5-sync.com	c1.adform.net
1	global.ib-ibi.com	c1.adform.net
1	dsp.adfarm1.adition.com	1 redirects
1	aa.agkn.com	1 redirects
1	pdw-adf.userreport.com	c1.adform.net
1	simage2.pubmatic.com	c1.adform.net
1	beacon.krxd.net	c1.adform.net
1	ads.smartstream.tv	1 redirects
1	tags.adsafety.net	1 redirects
1	pixel.onaudience.com	1 redirects
1	s3-eu-west-1.amazonaws.com	c1.adform.net
1	api.adrtx.net	1 redirects
1	eu-u.openx.net	c1.adform.net
1	sync.crwdcntrl.net	c1.adform.net
1	idsync.rlcdn.com	c1.adform.net
1	load77.exelator.com	c1.adform.net
1	ps.eyeota.net	c1.adform.net
1	se.semasio.net	1 redirects
1	ads.stickyadstv.com	c1.adform.net
1	ups.analytics.yahoo.com	c1.adform.net
1	rtb-csync.smartadserver.com	c1.adform.net
1	token.rubiconproject.com	c1.adform.net
1	ad.yieldlab.net	c1.adform.net
1	a1.seadform.net	www.gesa.com
1	vc.hotjar.io	script.hotjar.com
1	region1.google-analytics.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.gesa.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	region1.analytics.google.com	www.googletagmanager.com
1	google-analytics.bi.owox.com	www.gesa.com
1	app.truconversion.com	t.co
1	s2.adform.net	t.co
1	static.hotjar.com	www.googletagmanager.com
1	cdn.evgnet.com	www.gesa.com
1	bit.ly	1 redirects
1	t.co
0	sync.1dmp.io Failed	c1.adform.net
171	86

This site contains links to these domains. Also see Links.

Domain
applyonline.gesa.com
onlinexpress.gesa.com
www.facebook.com
www.instagram.com
twitter.com
vimeo.com
www.linkedin.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
www.gesa.com Cloudflare Inc ECC CA-3	`2023-06-16` - `2024-06-14`	a year	crt.sh
cdn.evergage.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-06` - `2024-03-04`	a year	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2023-06-07` - `2024-07-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-08` - `2023-07-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
www.truconversion.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-11` - `2023-10-14`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-02-27` - `2023-11-07`	8 months	crt.sh
*.leadsrx.com GeoTrust TLS ECC CA G1	`2023-05-02` - `2024-06-01`	a year	crt.sh
*.us-1.evergage.com Amazon RSA 2048 M02	`2023-02-23` - `2023-09-02`	6 months	crt.sh
app.marketplan.io R3	`2023-06-08` - `2023-09-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
google-analytics.bi.owox.com GTS CA 1D4	`2023-06-02` - `2023-08-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-30` - `2024-04-29`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
api.alpharank.io R3	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.seadform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-20` - `2023-11-09`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-15`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
*.ads.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-16` - `2024-04-16`	a year	crt.sh
eyeota.net GoGetSSL RSA DV CA	`2023-03-08` - `2024-04-07`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-08`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2023-04-14` - `2024-04-12`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.userreport.com Amazon RSA 2048 M02	`2023-02-22` - `2024-01-18`	a year	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.ib-ibi.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-21` - `2024-04-02`	a year	crt.sh
*.id5-sync.com R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
s.ad.smaato.net Amazon RSA 2048 M02	`2023-02-27` - `2023-09-20`	7 months	crt.sh
*.contentexchange.me Sectigo RSA Domain Validation Secure Server CA	`2023-05-29` - `2024-06-04`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-17` - `2024-02-17`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.gesa.com/promotions/70th-birthday/
Frame ID: 06892DAE3DB3D4470DDFEAF11A1E0DDE
Requests: 132 HTTP requests in this frame

Frame: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Frame ID: AB485BABED0D3B1800B9E582A82D6AFA
Requests: 47 HTTP requests in this frame

Frame: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Frame ID: 07BF8E29101FDC4180F7A4794D1D15FD
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 5C46E26B322AFEFBEB2FAC05FC465CB2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

70th Birthday Cash Giveaway | Washington Credit Union | Loans | Savings Accounts | Gesa

Page URL History Show full URLs

https://t.co/raI8DLFCY8 Page URL
https://bit.ly/3CCUUTc HTTP 301
https://www.gesa.com/promotions/70th-birthday/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

wp-content/plugins/weglot

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

171
Requests

87 %
HTTPS

18 %
IPv6

72
Domains

86
Subdomains

64
IPs

9
Countries

2292 kB
Transfer

6370 kB
Size

105
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://applyonline.gesa.com/VirtualCapture/Products?ProductSubCategory=Savings
Title: Join Gesa

Search URL Search Domain Scan URL

URL: https://onlinexpress.gesa.com/Banking/SignIn.aspx?_ga=2.96584154.430563279.1655709506-952612437.1653896675
Title: Log In

Search URL Search Domain Scan URL

URL: https://applyonline.gesa.com/VirtualCapture/Products?ProductSubCategory=Checking
Title: Apply Now

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GesaCU
Title: Facebook-f

Search URL Search Domain Scan URL

URL: https://www.instagram.com/gesacu/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/GesaCU
Title: Twitter

Search URL Search Domain Scan URL

URL: http://vimeo.com/gesacu
Title: Vimeo .cls-1{fill:none;}.cls-2{fill:#31414f;}

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/gesa-credit-union
Title: Linkedin

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/raI8DLFCY8 Page URL
https://bit.ly/3CCUUTc HTTP 301
https://www.gesa.com/promotions/70th-birthday/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=571245771082&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&CPref=https%3A%2F%2Ft.co%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24 HTTP 302
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=571245771082&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&CPref=https%3A%2F%2Ft.co%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24

Request Chain 117

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4860388%26time%3D1688056003416%26url%3Dhttps%253A%252F%252Fwww.gesa.com%252Fpromotions%252F70th-birthday%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQK_Y1VsjG4fTwAAAYkH-n0QnpLnUhUwEDPviD990pzpzh5EmDZXQ3-MFvVXN0Xp

Request Chain 133

https://ad.360yield.com/match?publisher_dsp_id=42&external_user_id=6376785185978518235&Expiration=1689265603 HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=6376785185978518235&Expiration=1689265603

Request Chain 136

https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=6376785185978518235&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__ HTTP 302
https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=6376785185978518235&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__&nut&uu=66f013386d824bfe939dd0a32d47709b HTTP 307
https://c1.adform.net/serving/cookie/match?party=9&uid=ee21093e3ce43accb35d6e8e105341bcecfe3c70621a3353c5a39fbbe316c404

Request Chain 140

https://x.bidswitch.net/sync?dsp_id=70&user_id=6376785185978518235 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=70&user_id=6376785185978518235 HTTP 302
https://eb2.3lift.com/xuid?mid=2409&xuid=83bb9835-f6a2-4ccd-bc59-fd530c06d828&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=2409&xuid=83bb9835-f6a2-4ccd-bc59-fd530c06d828&dongle=d3d3&gdpr=0&cmp_cs=&us_privacy=

Request Chain 141

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=6376785185978518235&expiration=1689265603 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=6376785185978518235&expiration=1689265603&C=1

Request Chain 142

https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=6376785185978518235&sInitiator=external HTTP 302
https://uipglob.semasio.net/adform/1/info2?sType=sync&sExtCookieId=6376785185978518235&sInitiator=external HTTP 302
https://se.semasio.net/sync/1/16266044?sExtCookieId=6376785185978518235&gdpr=&sInitiator=external HTTP 302
https://pixel.mathtag.com/sync/img?mt_exid=10041&gdpr=&redir=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F14876172%3FsExtCookieId%3D%5BMM_UUID%5D%26sInitiator%3Dinternal

Request Chain 144

https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=6376785185978518235 HTTP 302
https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=6376785185978518235&xl8blockcheck=1 HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 149

https://api.adrtx.net/thirdparty/click?p=adfo HTTP 302
https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif

Request Chain 150

https://pixel.onaudience.com/?mapped=6376785185978518235&partner=68 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1

Request Chain 151

https://cm.adsafety.net/?_cmsrc=adformx&idt=100&did=6376785185978518235 HTTP 302
https://tags.adsafety.net/v1/cm?cm_uid=CM1202306291635c08195e886e0c0a27&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Dcommon%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D&gdpr=0&gdpr_consent= HTTP 302
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=common&idt=100&did=d7261d77f9ccc1caec01cded73c46872 HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=cm&cm_uid=CM1202306291635c08195e886e0c0a27&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dstv%26_chainsrc%3Dcommon&gdpr_consent= HTTP 302
https://cm.adsafety.net/?_cmsrc=stv&_chainsrc=common&idt=100&did=d7261d77f9ccc1caec01cded73c46872&idt_did_status=added&gdpr_consent=&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dataxtrade_dmp&google_cm&google_hm=Q00xMjAyMzA2MjkxNjM1YzA4MTk1ZTg4NmUwYzBhMjc&gdpr_consent=&gdpr=0 HTTP 302
https://cm.adsafety.net/?_cmsrc=dbmx&midt=100&mdid=CAESEMTl2VnA8H2mdBLepvF9yHs&gdpr_consent=&gdpr=0&google_cver=1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=28&cid=CM1202306291635c08195e886e0c0a27 HTTP 302
https://cm.adsafety.net/?_cmsrc=adform&idt=100&did=6376785185978518235

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_cm&google_ula=1641347&party=1&google_hm=NjM3Njc4NTE4NTk3ODUxODIzNQ HTTP 302
https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGlhGURfkIwF1QvF2sUcmN4&google_cver=1&google_ula=1641347,0

Request Chain 154

https://secure.adnxs.com/getuid?https://c1.adform.net/serving/cookie/match?party=3&id=$UID&redirect=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3Fparty%3D3%26id%3D%24UID%26redirect%3D1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=3&id=7348588133628944346&redirect=1 HTTP 302
https://secure.adnxs.com/setuid?entity=91&code=6376785185978518235

Request Chain 158

https://a.audrte.com/a?adform_uid=6376785185978518235 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZDhsb3kzN1YteE1RdG1MTVdxU0tnRk9EQQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/p

Request Chain 159

https://dpm.demdex.net/ibs:dpid=1586&dpuuid=6376785185978518235&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1586&dpuuid=6376785185978518235&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=1007&cid=70011814581782628561760229417187338702&noredirect=1

Request Chain 160

https://aa.agkn.com/adscores/g.pixel?sid=9212269628&_puid=6376785185978518235 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1014&cid=216613104562003575639

Request Chain 161

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1049%26cid%3D%25%25COOKIE%25%25 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7250145331007060121

Request Chain 164

https://pm.w55c.net/ping_match.gif?st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_ HTTP 302
https://c1.adform.net/serving/cookie/match?party=1084&cid=iyWPqAMy1QeUtK5

Request Chain 168

https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D HTTP 307
https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D&bounce=1&random=393586205 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1145&cid=RfOJlVQmsO20rBSWP/86AO

Request Chain 172

https://pixel.tapad.com/idsync/ex/receive?partner_id=2032&partner_device_id=6376785185978518235&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2032&partner_device_id=6376785185978518235&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://c1.adform.net/serving/cookie/match?party=2007&cid=873492ab-4379-4fb7-bb02-de8275ed9ab0

Request Chain 175

https://sync.e-volution.ai/296800c6dbd7f8eb22cf034b9927d719.gif?puid=6376785185978518235 HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=

171 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 raI8DLFCY8
t.co/ 221 B
546 B 160ms
127ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/raI8DLFCY8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 173
content-type: text/html; charset=utf-8
date: Thu, 29 Jun 2023 16:26:40 GMT
expires: Thu, 29 Jun 2023 16:31:41 GMT
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: eafb12aaed9ce5a56f62902879a82bac7638359b27e4d67639882bb443746150
x-response-time: 119
x-transaction-id: 99c2a2713d433260
x-xss-protection: 0

GET
H2

200

Primary Request / Show response
www.gesa.com/promotions/70th-birthday/
Redirect Chain

https://bit.ly/3CCUUTc
https://www.gesa.com/promotions/70th-birthday/

363 KB
39 KB

317ms
185ms

Document
text/html

141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/promotions/70th-birthday/

Requested by

Host: t.co
URL: https://t.co/raI8DLFCY8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

e311a4dee7448c00e49f6accc51fd1c81d4603eb9b224523ef54ea4ea883eb54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://t.co/raI8DLFCY8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7def885dcd3d91d2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 29 Jun 2023 16:26:42 GMT
link: <https://www.gesa.com/wp-json/>; rel="https://api.w.org/" <https://www.gesa.com/?p=20966>; rel=shortlink
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
referrer-policy: origin
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 2
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=90
content-length: 133
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Thu, 29 Jun 2023 16:26:42 GMT
location: https://www.gesa.com/promotions/70th-birthday/
referrer-policy: unsafe-url
server: nginx
via: 1.1 google

GET
H2 200 classic-themes.min.css
www.gesa.com/wp-includes/css/ 291 B
319 B 21ms
20ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/css/classic-themes.min.css?ver=6.2.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 901735
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 13 Feb 2023 20:50:19 GMT
server: cloudflare
etag: W/"63eaa28b-123"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885efe6a91d2-FRA

GET
H2 200 styles.min.css
www.gesa.com/wp-content/plugins/wp-store-locator/css/ 15 KB
4 KB 22ms
21ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a2adf4c1187ff44afb6596a750c078a97b07717364daade11a8c337771832e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1955060
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-3a83"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885efe6c91d2-FRA

GET
H3 200 front-css.css
www.gesa.com/wp-content/plugins/weglot/dist/css/ 51 KB
6 KB 33ms
33ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 901735
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 15 Jun 2023 15:45:46 GMT
server: cloudflare
etag: W/"648b322a-cca5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1ed392a2-FRA

GET
H3 200 new-flags.css
www.gesa.com/wp-content/plugins/weglot/app/styles/ 86 KB
4 KB 45ms
43ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/app/styles/new-flags.css?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1115621
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 15 Jun 2023 15:45:46 GMT
server: cloudflare
etag: W/"648b322a-15817"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1ed792a2-FRA

GET
H3 200 elementor-icons.min.css
www.gesa.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 42ms
41ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

83059e4c1a5c210e5585d96779fe655170817193d43e247c78dffaae7b7ba3a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1223587
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:43 GMT
server: cloudflare
etag: W/"6480cc5b-4b4f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1ed892a2-FRA

GET
H3 200 frontend.min.css
www.gesa.com/wp-content/plugins/elementor/assets/css/ 158 KB
20 KB 40ms
39ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1875537
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:46 GMT
server: cloudflare
etag: W/"6480cc5e-27687"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1ed992a2-FRA

GET
H3 200 frontend.min.css
www.gesa.com/wp-content/plugins/elementor-pro/assets/css/ 483 KB
45 KB 39ms
39ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b10604af435fcda6674878212b06d1b8d557aee0f5c877dc5befab22ebf71c9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1223587
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:39 GMT
server: cloudflare
etag: W/"6480cc57-78c7d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1eda92a2-FRA

GET
H3 200 default.min.css
www.gesa.com/wp-content/plugins/tablepress/css/ 5 KB
2 KB 38ms
38ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1358914
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:13 GMT
server: cloudflare
etag: W/"6480cc3d-13e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1edb92a2-FRA

GET
H3 200 responsive.css
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 30 KB
4 KB 37ms
36ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1223587
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-764b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1edc92a2-FRA

GET
H3 200 foundation.css
www.gesa.com/wp-content/themes/gesa/assets/css/ 167 KB
18 KB 52ms
51ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/css/foundation.css?ver=6.5.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e77dafe902b5371d42c7e236b778a91874bfb8bdb2dc82b3ee3d4803d20fd9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1955060
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-29dfd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1edd92a2-FRA

GET
H3 200 custom.css
www.gesa.com/wp-content/themes/gesa/assets/css/ 353 KB
46 KB 50ms
49ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

715684990a3c7057390ecbe7a06712fc61e73187001f7e95a5c20c3ee910a264

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1955060
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 30 May 2023 09:23:44 GMT
server: cloudflare
etag: W/"6475c0a0-582a5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1ede92a2-FRA

GET
H3 200 style.css
www.gesa.com/wp-content/themes/gesa/ 975 B
888 B 181ms
181ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/style.css?ver=1688054892

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b05b02a2907b12c3509e09755f9959c91b2cd50ceaa3bf643e73d129c29ca9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 16 May 2023 10:31:05 GMT
server: cloudflare
etag: W/"64635b69-3cf"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1edf92a2-FRA

GET
H3 200 front-js.js Show response
www.gesa.com/wp-content/plugins/weglot/dist/ 4 KB
2 KB 53ms
53ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/dist/front-js.js?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

14ab9d038257f517c4e1b485d7a9228fe500c0ebfa571350232f73f2c1c8e991

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 277243
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 15 Jun 2023 15:45:46 GMT
server: cloudflare
etag: W/"648b322a-1124"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f1ee092a2-FRA

GET
H3 200 jquery.min.js Show response
www.gesa.com/wp-includes/js/jquery/ 88 KB
32 KB 51ms
38ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 277243
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
server: cloudflare
etag: W/"6408d5ed-15ed7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3ef992a2-FRA

GET
H2 200 evergage.min.js Show response
cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/ 189 KB
47 KB 179ms
91ms Script
application/javascript 151.101.0.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.114 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a797cb4ee387df9b7eadadb28483dc749011ae6c326938ea0a466c40333bcffe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: a5Y4Of17I4Eo1KNPZ2vVwNVFlOj.jkoA
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Thu, 29 Jun 2023 16:26:42 GMT
x-amz-request-id: NXAT7465KHQBTB42
age: 113
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-replication-status: COMPLETED
content-length: 47177
x-amz-id-2: 4Rijt8yHtGYTCwJ2zLcf/8Cd3fiTyjzCP8bBf/pRlRUySK35UXflvdaz+3dEC2Rv0rGdO6tawNA=
x-served-by: cache-iad-kcgs7200023-IAD, cache-fra-etou8220083-FRA
x-amz-meta-evergage-sum: 0336987b934137df7a195110c650c4b8b543360f
last-modified: Thu, 01 Jun 2023 22:33:17 GMT
server: AmazonS3
x-timer: S1688056003.506559,VS0,VE88
etag: "dd9703559e6672cc389733c09eb57bad"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-evergage-beacon-ver: 16
x-cache-hits: 60430, 1

GET
H/1.1 200
OK 219777.js Show response
secure.node7seat.com/js/ 24 KB
24 KB 161ms
28ms Script
text/javascript 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.node7seat.com/js/219777.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3a1a46ac2072c8217552fbe3507fee9174920951334bc15761ba2fd8974673f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:42 GMT
Content-Type: text/javascript
Cache-Control: no-store, must-revalidate
Connection: keep-alive
Content-Length: 24465
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20

GET
H3 200 animations.min.css
www.gesa.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 55ms
42ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1358914
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-4824"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3efc92a2-FRA

GET
H3 200 frontend-script.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/ 40 B
432 B 56ms
42ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289678
alt-svc: h3=":443"; ma=86400
content-length: 40
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: "647f71b8-28"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def885f3efe92a2-FRA

GET
H3 200 widget-scripts.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 134 KB
37 KB 88ms
74ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-2193f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3eff92a2-FRA

GET
H3 200 core.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 89ms
76ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: cloudflare
etag: W/"63dbe690-53be"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3f0092a2-FRA

GET
H3 200 menu.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 10 KB
3 KB 55ms
41ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc50c28f1db50dbce579d4738a0e55001a5f954df3307ca5d502f42202d1d05c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: cloudflare
etag: W/"63dbe690-2782"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3f0192a2-FRA

GET
H3 200 selectmenu.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 9 KB
3 KB 57ms
43ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/selectmenu.min.js?ver=1.13.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6816ba59d3757e525880fbf568b3faf808ffc743411d46ebfb33a543247ad628

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 19 Sep 2022 18:04:09 GMT
server: cloudflare
etag: W/"6328af19-2483"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3f0292a2-FRA

GET
H3 200 foundation.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/ 46 KB
16 KB 76ms
62ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/foundation.min.js?ver=6.5.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

58a752f5a1298d0757f7953670951352ab722958e4332e1f1f20a315f836e6e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-b835"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3f0392a2-FRA

GET
H3 200 slick.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 52 KB
12 KB 57ms
44ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/slick.min.js?ver=1.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6c39ab37a92035619ffbf66dd293f6d6980fc1bebdaeb9a0b922775abc32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-d13f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f3f0692a2-FRA

GET
H3 200 lazyload.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 8 KB
3 KB 69ms
55ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/lazyload.min.js?ver=12.4.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7866661e9747c63d27963b389bd0bbc19c29dc5255cf7393b727368927e9b06c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-1f24"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f0792a2-FRA

GET
H3 200 jquery.matchHeight-min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 3 KB
2 KB 69ms
55ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/jquery.matchHeight-min.js?ver=0.7.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

246faa0aca51a7be47ae13827bffdec1f0e69699d291c727646b56e83ee1fd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-d39"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f0992a2-FRA

GET
H3 200 jquery.fancybox.v3.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 67 KB
22 KB 69ms
55ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/jquery.fancybox.v3.js?ver=3.5.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4961dda4383b1a3727e5aa981024c40cb07005f89e3264a3ab423eb356380f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-10aa1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f0b92a2-FRA

GET
H3 200 global.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/ 41 KB
11 KB 69ms
56ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/global.js?ver=1.0.15

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

69e44c375709f3cb0fdb9f09b3a7a2ff406685331b4dabc487dba60c1b763081

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 08 May 2023 09:59:37 GMT
server: cloudflare
etag: W/"6458c809-a369"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f0c92a2-FRA

GET
H3 200 jquery.smartmenus.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/ 25 KB
8 KB 72ms
59ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:37 GMT
server: cloudflare
etag: W/"647f71b1-6272"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f0d92a2-FRA

GET
H3 200 webpack-pro.runtime.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 72ms
59ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc65806adf6c251323693c9b7adb6b97e19879aa2f5428f2f05c0f08fca18404

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:38 GMT
server: cloudflare
etag: W/"6480cc56-1472"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f0f92a2-FRA

GET
H3 200 webpack.runtime.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 72ms
59ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6eb858ead7f15dcd18541c5433714e0c0966d81b8d009a2d49e5a181e548fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:45 GMT
server: cloudflare
etag: W/"6480cc5d-135d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1092a2-FRA

GET
H3 200 frontend-modules.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 32 KB
11 KB 72ms
59ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d80f13fd7524318f81eb1301170d4d0fbee242c12403c01f3a06c9f681192c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:44 GMT
server: cloudflare
etag: W/"6480cc5c-80b3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1192a2-FRA

GET
H3 200 wp-polyfill-inert.min.js Show response
www.gesa.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 74ms
61ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: cloudflare
etag: W/"63c7d511-1feb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1292a2-FRA

GET
H3 200 regenerator-runtime.min.js Show response
www.gesa.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 74ms
61ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
server: cloudflare
etag: W/"63e274b5-19cf"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1492a2-FRA

GET
H3 200 wp-polyfill.min.js Show response
www.gesa.com/wp-includes/js/dist/vendor/ 17 KB
7 KB 74ms
61ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 20 Sep 2022 15:43:29 GMT
server: cloudflare
etag: W/"6329dfa1-459f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1592a2-FRA

GET
H3 200 hooks.min.js Show response
www.gesa.com/wp-includes/js/dist/ 5 KB
2 KB 74ms
61ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
server: cloudflare
etag: W/"6254194e-132e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1692a2-FRA

GET
H3 200 i18n.min.js Show response
www.gesa.com/wp-includes/js/dist/ 10 KB
4 KB 74ms
59ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 23 Sep 2022 19:55:30 GMT
server: cloudflare
etag: W/"632e0f32-27f6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1a92a2-FRA

GET
H3 200 frontend.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 21 KB
6 KB 74ms
56ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7fdd491f449c314d884b9b9b6d11cfe037179d84e567a62e1e19584881e3e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-543b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f1f92a2-FRA

GET
H3 200 waypoints.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
4 KB 76ms
58ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-2fa6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f2092a2-FRA

GET
H3 200 frontend.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 40 KB
13 KB 76ms
60ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ceb0c2088d29cecbe3ee571dc3cf6fec764bbb7c73f0e22c73007149a2ce68d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:44 GMT
server: cloudflare
etag: W/"6480cc5c-9e41"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f4f2192a2-FRA

GET
H3 200 elements-handlers.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
6 KB 74ms
54ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27c3bae726c78894582c23e5b507dda2dacd2c5c8aa9afe17ae179519e4ba3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-60dc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f5f2692a2-FRA

GET
H3 200 animate-circle.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 810 B
831 B 74ms
55ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-32a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f5f2b92a2-FRA

GET
H3 200 elementor.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 18 KB
5 KB 75ms
55ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a496ca0aa2b9981aef70474b2219472dcf25db655779c48e3ab018e268857558

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:33 GMT
server: cloudflare
etag: W/"6480cc51-461c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f5f2c92a2-FRA

GET
H3 200 swiper.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
36 KB 75ms
55ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 277242
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-21f91"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f5f2d92a2-FRA

GET
H3 200 jquery.sticky.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 78ms
58ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289678
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:37 GMT
server: cloudflare
etag: W/"647f71b1-e89"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def885f5f2f92a2-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 345 KB
99 KB 83ms
50ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9f44c23cd534cd96908fe5240e7894eb0743790611fc92ea6b16f48123008266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 101411
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:08:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 29 Jun 2023 16:26:42 GMT

GET
H/1.1 200
OK Capture.aspx Show response
secure.node7seat.com/Track/ 0
184 B 41ms
41ms Script
text/plain 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.node7seat.com/Track/Capture.aspx?retType=js&trk_uid=&trk_user=219777&trk_sw=1600&trk_sh=1200&trk_ref=https%3A%2F%2Ft.co%2F&trk_tit=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&trk_loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&trk_agn=Netscape&trk_agv=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.198%20Safari%2F537.36.lfcd24.lflngen-US&trk_dom=www.gesa.com&trk_cookie=NA&trk_culid=01H43ZMY2WWTZ4EVQTQD8GBD7P
Requested by: Host: secure.node7seat.com
URL: https://secure.node7seat.com/js/219777.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 16:26:42 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8aa916be8ee9babafc0055de42bd64e344202fe3223d463d0cc35e1637f1ea1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 641611b58754d802f2a7672c62a4d15ee0950f47c28f1bb9b2c1f38d9f7bca50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f085b0387d391f11026a10c6ea821ebbe9e2b7f7e065a4368ef5ff6589a79737

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09bb15f21c30116957d4917230f723fd982a18e323b9728dee8825ee409b5715

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa40111e30b48fba40d8a719f9102bcf3bab3faedce696673fd4e13998e16e0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 843d014cccdff92607c56b9e6518619a50b7e2d78b255f7fa4ce22a5f2c6ecde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b354a0e73e811d7d49e6a34cff8a1ca999296498a411ace5efad1c5fc7f58bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88bd92a6561a1c265ddd5add029ede12c5acbe96ff6c2d7f0b24c983758466b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff0a79ec21356d69477f2e854838c684d1a18f82c8c384dc8530efd60392f18b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 CircularXXWeb-Medium.woff2
www.gesa.com/wp-content/uploads/2022/06/ 70 KB
70 KB 30ms
30ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Medium.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5ea45f8ad8b8df8cdebe87f18cfce232468b3e6a028880773a8d09e13789ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/promotions/70th-birthday/
Origin: https://www.gesa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289678
alt-svc: h3=":443"; ma=86400
content-length: 71779
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-11863"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def8860d84b92a2-FRA

GET
H3 200 CircularXXWeb-Bold.woff2
www.gesa.com/wp-content/uploads/2022/06/ 73 KB
74 KB 21ms
20ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Bold.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d92ee9c3d13c54f11e88045a5f5ed45550cee1ce7c1b653a9da645d65400fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/promotions/70th-birthday/
Origin: https://www.gesa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289678
alt-svc: h3=":443"; ma=86400
content-length: 75010
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-12502"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def8860d84d92a2-FRA

GET
H3 200 Sentinel-Medium_Web.woff2
www.gesa.com/wp-content/uploads/2022/05/ 58 KB
58 KB 29ms
28ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/Sentinel-Medium_Web.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d5b4ad97c4e3931210f9cb298663e8cdd2ba788b89d78292166b6341dcca51

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/promotions/70th-birthday/
Origin: https://www.gesa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289678
alt-svc: h3=":443"; ma=86400
content-length: 59136
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-e700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def8860d85092a2-FRA

GET
H3 200 CircularXXWeb-Book.woff2
www.gesa.com/wp-content/uploads/2022/06/ 67 KB
68 KB 23ms
23ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Book.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

884ec4af3e42aa326e687947185fce05ecdbd42e4a4481de91495ab423a5259c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/promotions/70th-birthday/
Origin: https://www.gesa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289678
alt-svc: h3=":443"; ma=86400
content-length: 69026
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-10da2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def8860d85192a2-FRA

GET
H3 200 fa-solid-900.woff
www.gesa.com/wp-content/themes/gesa/assets/fonts/ 96 KB
96 KB 572ms
571ms Font
font/woff 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/fonts/fa-solid-900.woff

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

00bca6a9271b5e1cbb3965a74f48c1ce0b72bcbf08790aa2cab95f8dc5362153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 98016
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: "63d2e310-17ee0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def8860d85292a2-FRA

GET
H3 200 fa-brands-400.woff
www.gesa.com/wp-content/themes/gesa/assets/fonts/ 85 KB
86 KB 25ms
25ms Font
font/woff 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/fonts/fa-brands-400.woff

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ad88e6a32db51a41cff1741970ca95b3e433fbfb8be269c72f881a42f2b88c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289678
alt-svc: h3=":443"; ma=86400
content-length: 87520
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: "63d2e310-155e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def8860d85392a2-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 43ms
11ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: t.co
URL: https://t.co/raI8DLFCY8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e33937c8718b4891cefe03686c4bac285d9265052427e705bce7e677659ed765

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 29 Jun 2023 16:26:42 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46863
x-xss-protection: 0
pragma: public
x-fb-debug: Dc3KcG4BSUOKzJWiZamL3YBY32LOSZZaRAqQJmAruUV5JWe9OM/OpbX6pd+7S3rhHRopI2XI8auDQMH+KpYpmw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794148304/ 3 KB
1 KB 61ms
36ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794148304/?random=1688056002931&cv=11&fst=1688056002931&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&auid=1595446558.1688056003&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a938a73e9d32a643ce6d8ee96e1b86679c44f801e9668382a0bba44587cbd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 36ms
8ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 29 Jun 2023 14:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6680
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 29 Jun 2023 16:35:22 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/783161191/ 3 KB
2 KB 51ms
29ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/783161191/?random=1688056002938&cv=11&fst=1688056002938&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&auid=1595446558.1688056003&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02db514c71e425571cc1597a69035d8a01e5aaaf6b915727859cb35e0a19c667

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1368
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 94ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 29 Jun 2023 16:26:42 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED180D8E14F6453FADBB29C13618C8FA Ref B: FRA31EDGE0218 Ref C: 2023-06-29T16:26:43Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 hotjar-2399688.js Show response
static.hotjar.com/c/ 9 KB
4 KB 105ms
45ms Script
application/javascript 18.66.192.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2399688.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.192.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-192-32.muc50.r.cloudfront.net

Software

Resource Hash

2ab3e551a00e42d26345b97efa5cd85ee0607d976c7e4ac38954cdde73cc088b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 29 Jun 2023 16:26:43 GMT
via: 1.1 878a01abbb158ab50d28bd4e882dc33a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
etag: W/48f11827ddb4ded2e09121fd94d3e5f7
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: xGykXgcPRaOkZ1VCibRQ1mtJ0y_NGg5EWPEe_lhm_8fnRPodfFKyOg==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
773 B 93ms
20ms Script
application/x-javascript 2a02:26f0:780::210:a423
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a423 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 26 Jun 2023 17:35:57 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=64775
accept-ranges: bytes
content-length: 560

GET
H2 200 trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/ 81 KB
31 KB 140ms
23ms Script
application/javascript 37.157.2.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: t.co
URL: https://t.co/raI8DLFCY8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 99c28ba77690124b83aea8cdbbb17ab1145ba247c791aeb4bad747b4248ac459

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:30 GMT
content-encoding: gzip
last-modified: Tue, 23 May 2023 09:56:34 GMT
server: nginx
x-amz-request-id: tx00000ecfa310e87705ee7-00646c8ee1-3295a825-default
etag: W/"f937ab3eef01c118930b200e5087d00d"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 57ms
4ms Script
application/javascript 108.138.34.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: t.co
URL: https://t.co/raI8DLFCY8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.34.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-34-128.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 15:44:58 GMT
content-encoding: gzip
via: 1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:48 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 2506
etag: W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: -OOoudMBjzbvS8NkACD7NwSS_13zsDkV_jYGOydi_diE6I_UAihNLg==

GET
H2 200 d9707.js Show response
app.truconversion.com/ti-js/19201/ 267 B
1 KB 561ms
179ms Script
application/javascript 52.10.176.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.truconversion.com/ti-js/19201/d9707.js

Requested by

Host: t.co
URL: https://t.co/raI8DLFCY8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.176.180 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-176-180.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

3ea0ae12147c76e3b4e6ad26bfb580121295c8aa91480dee7b7e579dd00eb23d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' .truconversion.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; style-src 'self' 'unsafe-inline' http: https:; img-src http: https: data: blob:; connect-src wss://.truconversion.com wss://.intercom.io wss://.appcues.net wss://.wistia.com wss://.crisp.chat http: https: data: blob:; font-src http: https: data: blob:; object-src http: https:; media-src http: https: data: blob:; form-action 'self' http://.truconversion.com https://.truconversion.com;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
content-security-policy: default-src 'self'; frame-src 'self' *.truconversion.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; style-src 'self' 'unsafe-inline' http: https:; img-src http: https: data: blob:; connect-src wss://*.truconversion.com wss://*.intercom.io wss://*.appcues.net wss://*.wistia.com wss://*.crisp.chat http: https: data: blob:; font-src http: https: data: blob:; object-src http: https:; media-src http: https: data: blob:; form-action 'self' http://*.truconversion.com https://*.truconversion.com;
content-length: 267
x-xss-protection: 1; mode=block
pragma: public
last-modified: Thu, 29 Jun 2023 16:20:23 GMT
server: nginx
etag: "649daf47-10b"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
cache-control: max-age=180, public, stale-while-revalidate=10, stale-if-error=10
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Thu, 29 Jun 2023 16:29:43 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 321ms
95ms Script
text/javascript 3.230.203.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: t.co
URL: https://t.co/raI8DLFCY8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.203.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-203-248.compute-1.amazonaws.com
Software: /
Resource Hash: c3691bbea50c1efafe106b26f3e2bb230d3addc6730c3b91708ebe36a58afef4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 29 Jun 2023 16:26:43 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 visitor.js Show response
app.leadsrx.com/ 18 KB
19 KB 747ms
354ms Script
application/javascript 35.166.204.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.leadsrx.com/visitor.js

Requested by

Host: t.co
URL: https://t.co/raI8DLFCY8

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

35.166.204.132 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-204-132.us-west-2.compute.amazonaws.com

Software

nginx/1.20.1 /

Resource Hash

6b5116bd2cb4809c6634b99a9b1ea0a0aeda596a94817682a0e4811e35eccc58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 28 Jun 2023 15:12:59 GMT
server: nginx/1.20.1
etag: "649c4dfb-492f"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
accept-ranges: bytes
content-length: 18735

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
92 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5376bdc254d68c21a98be73797d36d5a84523afb7c7bdc4d756853ca2bab7ea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93928
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 29 Jun 2023 16:26:42 GMT

GET
H3 200 populate-rates-on-page-api.php Show response
www.gesa.com/wp-content/plugins/rates-widget-plugin/ 120 KB
6 KB 473ms
472ms XHR
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/rates-widget-plugin/populate-rates-on-page-api.php

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

f5426047afa453b66c7593fe2670a6982256248ee9b24712ad42eb87438f1308

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.gesa.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
x-cache-group: normal
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cacheable: SHORT
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by: WP Engine
x-cache: HIT: 73
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: max-age=600, must-revalidate
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def886299be92a2-FRA

GET
H2 200 gesa_prod Show response
gesacu.us-1.evergage.com/api2/event/ 137 B
371 B 326ms
110ms XHR
application/json 54.198.99.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://gesacu.us-1.evergage.com/api2/event/gesa_prod?event=eyJhY3Rpb24iOiJWaWV3IFByb21vdGlvbiIsIml0ZW1BY3Rpb24iOm51bGwsInNvdXJjZSI6eyJwYWdlVHlwZSI6IlByb21vdGlvbnMiLCJjb250ZW50Wm9uZXMiOlsiZ2xvYmFsX2luZm9iYXJfdG9wX29mX3BhZ2UiLCJnbG9iYWxfaW5mb2Jhcl9ib3R0b21fb2ZfcGFnZSIsImdsb2JhbF9wb3B1cCIsImluZm9iYXIiLCJwcm9tbyBmb290ZXIgc2VjdGlvbiJdLCJ1cmwiOiJodHRwczovL3d3dy5nZXNhLmNvbS9wcm9tb3Rpb25zLzcwdGgtYmlydGhkYXkvIiwidXJsUmVmZXJyZXIiOiJodHRwczovL3QuY28vIiwiY2hhbm5lbCI6IldlYiIsImJlYWNvblZlcnNpb24iOjE2LCJjb25maWdWZXJzaW9uIjoiMTcyIn0sImZsYWdzIjp7InBhZ2VWaWV3Ijp0cnVlfSwidXNlciI6eyJhdHRyaWJ1dGVzIjp7fSwiYW5vbklkIjoiZTYzZTkzMTM1ZmM0OWZlZCJ9LCJwZXJmb3JtYW5jZSI6e30sImRlYnVnIjp7ImV4cGxhbmF0aW9ucyI6dHJ1ZX0sImNhdGFsb2ciOnt9LCJjb25zZW50cyI6W10sImFjY291bnQiOnt9LCJfdG9vbHNFdmVudExpbmtJZCI6IjkxODI2Nzc3NDA0MjA0MjIifQ%3D%3D

Requested by

Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.198.99.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-198-99-45.compute-1.amazonaws.com

Software

Resource Hash

344b9afc95de46545b012d7ff0f8ff8f2d0268f368c29205be12b638d0c70853

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.gesa.com
access-control-allow-credentials: true
timing-allow-origin: *

GET
H2 200 track.js Show response
app.marketplan.io/ 7 KB
2 KB 400ms
120ms Script
application/javascript 74.208.214.109
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.marketplan.io/track.js?x=1688056003012
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.214.109 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: ns1.marketplan.io
Software: nginx / PleskLin
Resource Hash: a7a48fa6cb504cd6b3a100bc030c08d4d9fdebe02e34dac731ef26ac61e92714

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
content-encoding: br
last-modified: Mon, 14 Nov 2022 17:17:38 GMT
server: nginx
etag: W/"63727832-1d56"
x-powered-by: PleskLin
content-type: application/javascript
access-control-allow-origin: *

GET
H3 200 dialog.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/dialog/ 10 KB
4 KB 27ms
26ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b936db5880aa9b6b2f26a8d32fc2b689fb75f69d971b94194f16dba801221ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289672
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:43 GMT
server: cloudflare
etag: W/"6480cc5b-29ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def88631a2592a2-FRA

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 1 KB
1 KB 28ms
27ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a518bd1723da2b6011895ad68059361ebb4cb80de3eec9145eacee89ddd9745

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289672
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:45 GMT
server: cloudflare
etag: W/"6480cc5d-54f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def88639a9692a2-FRA

GET
H3 200 nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
2 KB 17ms
17ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f47116b10e3e156f70ab31279c1fa298e34f89ff75af6eea89c2dc092362fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 289672
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-ce9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def88639a9792a2-FRA

GET
H3 200 accordion.be7db2e47c14ed1141fb.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 4 KB
2 KB 24ms
23ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/accordion.be7db2e47c14ed1141fb.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1617a8a30bd63ec5a1a6cb66bcffd2003006b6c17401d19c1798fc5d3adbf428

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 263813
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:43 GMT
server: cloudflare
etag: W/"6480cc5b-ea8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def8863cab092a2-FRA

GET
H3 200 blue-logo.svg
www.gesa.com/wp-content/uploads/2022/05/ 14 KB
7 KB 22ms
21ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/blue-logo.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b358915252ba0e190c01550a54e89bb37c29925c45f71d0244bfed51c188a49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1955051
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-38a2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def8863fada92a2-FRA

GET
H3 200 gesa-customer-banking.jpg
www.gesa.com/wp-content/uploads/2022/10/ 184 KB
185 KB 26ms
23ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/gesa-customer-banking.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

62eae656d047defc6a444456fb8878aa962ccab6a6841a503fd275cbaeb0b59c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289672
cf-polished: origSize=210771
alt-svc: h3=":443"; ma=86400
content-length: 188772
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:07 GMT
server: cloudflare
etag: "63977dbb-33753"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def88640adb92a2-FRA

GET
H3 200 business-owner-min.jpg
www.gesa.com/wp-content/uploads/2022/10/ 71 KB
72 KB 20ms
18ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/business-owner-min.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9a4cb0cca43a12294c833b2d4953bc0ac830fef9d1c503bd8943846a7431bbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289672
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 72833
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 20 Apr 2023 14:49:41 GMT
server: cloudflare
etag: "64415105-11c81"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def88640add92a2-FRA

GET
H3 200 Cards-1.webp
www.gesa.com/wp-content/uploads/2022/05/ 73 KB
74 KB 23ms
20ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/Cards-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

53d8923f74c6b3e4a21745f6edf891b2699aca8920c433dbbc4ff8a7c6e4df9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 289672
alt-svc: h3=":443"; ma=86400
content-length: 75110
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-12566"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def88640ade92a2-FRA

GET
H3 200 70-birthday-min-1024x1024.png
www.gesa.com/wp-content/uploads/2023/06/ 155 KB
156 KB 589ms
586ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/06/70-birthday-min-1024x1024.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

42a4d2b094eeb6134d5e461c0208b45a8e7b2b60480eba03137d441204757be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 159078
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 20:00:49 GMT
server: cloudflare
etag: "6480e1f1-26d66"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 7def88640ae092a2-FRA

GET
H3 200 GesaCreditUnion-White.svg
www.gesa.com/wp-content/uploads/2022/06/ 13 KB
5 KB 168ms
165ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/GesaCreditUnion-White.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9baa5dfd467e7b370ab5de74725204791016c4f2396d63e15ecffc8c8656d92c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-3213"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 7def88640ae192a2-FRA

GET
H2 200 /
www.google.com/pagead/1p-user-list/783161191/ 42 B
456 B 52ms
20ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/783161191/?random=1688056002938&cv=11&fst=1688054400000&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&ref=https%3A%2F%2Ft.co%2F&frm=0&tiba=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&fmt=3&is_vtc=1&random=2900221687&rmt_tld=0&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/783161191/ 42 B
456 B 53ms
22ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/783161191/?random=1688056002938&cv=11&fst=1688054400000&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&ref=https%3A%2F%2Ft.co%2F&frm=0&tiba=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&fmt=3&is_vtc=1&random=2900221687&rmt_tld=1&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
220 B 16ms
16ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=404137781&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAACAEK~&jid=997103100&gjid=1205053007&cid=101105787.1688056003&tid=UA-32823301-1&_gid=77408964.1688056003&_slc=1&gtm=45He36s0n81MTFL685&cd1=101105787.1688056003_1688056003208&z=1534970845

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

639050fc823c0c4d1ce0758335e33f39ef21104cf0caacc110015fc0de64dd4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
345 B 67ms
24ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-32823301-1&cid=101105787.1688056003&jid=997103100&gjid=1205053007&_gid=77408964.1688056003&_u=YGBAiEABBAAAAGAEK~&z=178913004

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 29 Jun 2023 16:26:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 collect
google-analytics.bi.owox.com/ 14 B
14 B 68ms
20ms Image
text/plain 35.186.228.179
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://google-analytics.bi.owox.com/collect?v=1&_v=j101&a=404137781&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAACAEK~&jid=997103100&gjid=1205053007&cid=101105787.1688056003&tid=UA-32823301-1&_gid=77408964.1688056003&_slc=1&gtm=45He36s0n81MTFL685&cd1=101105787.1688056003_1688056003208&z=1534970845
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.228.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.228.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: text/plain

GET
H2 200 309829729581526 Show response
connect.facebook.net/signals/config/ 150 KB
42 KB 62ms
60ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/309829729581526?v=2.9.110&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

56b5657bff35bbe112f34badd18e9e24a2c440a76c2b91886541a44d281b69a1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 29 Jun 2023 16:26:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 1KWM8VcfF0llWCMkCJS8lGRjXatvgOPN9W7dwW6F8Svq+i9nDnP1JfXRbKdYD76ae+u6eHENiW1SbCdMcSuGnw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 48ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-H1S93VJW48&gtm=45je36s0&_p=404137781&_gaz=1&cid=101105787.1688056003&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1688056003&sct=1&seg=0&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&dr=https%3A%2F%2Ft.co%2F&dt=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 21ms
21ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-H1S93VJW48&cid=101105787.1688056003&gtm=45je36s0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
108 B 35ms
34ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-H1S93VJW48&cid=101105787.1688056003&gtm=45je36s0&aip=1&z=1956895870

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/794148304/ 42 B
109 B 27ms
26ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794148304/?random=1688056002931&cv=11&fst=1688054400000&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&ref=https%3A%2F%2Ft.co%2F&frm=0&tiba=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&fmt=3&is_vtc=1&random=4198607693&rmt_tld=0&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/794148304/ 42 B
109 B 23ms
23ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/794148304/?random=1688056002931&cv=11&fst=1688054400000&bg=ffffff&guid=ON&async=1&gtm=45He36s0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&ref=https%3A%2F%2Ft.co%2F&frm=0&tiba=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&fmt=3&is_vtc=1&random=4198607693&rmt_tld=1&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
settings.luckyorange.net/ 2 KB
1 KB 524ms
478ms Fetch
application/json 172.67.75.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&s=287435

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.75.100 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efd7352c37139c5858044eb29bbc9c46c1edf90cc9a85edfff14ece73cbfcd82

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.gesa.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvSs%2Be%2FPIQOeHWiu6IanpLMgt6sI7LEk5rpgP%2BbnKqR0rBY2ak5VZzixDpZYmzyo0x4MPc5w4RysbxapdaOXueSDpphcbWoVXFHewU4hT4Hs5QKQwUsajoJqYoDZB8GMSZabVj2s0xYrTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 7def8864c8d518d5-FRA
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 28ms
20ms Script
application/x-javascript 2a02:26f0:780::210:a423
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a423 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Jun 2023 22:23:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=9644
accept-ranges: bytes
content-length: 4807

GET
H2 200 modules.710fa773759992ae5199.js Show response
script.hotjar.com/ 270 KB
69 KB 99ms
19ms Script
application/javascript 18.164.52.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.710fa773759992ae5199.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2399688.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.52.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-52-121.cdg50.r.cloudfront.net

Software

Resource Hash

8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 13:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 dc18e61b7558d5d9f4d1852820b02a16.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 529656
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 70212
last-modified: Fri, 23 Jun 2023 13:18:24 GMT
etag: "c0d8da1fc28983e2914d2514d6175f9a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: RdkrITTUvk76o8uBhQizkZgdQKLhMrkrTwnItXZjJGD77FlVYdsejg==

GET
H2 204 25145063.js Show response
bat.bing.com/p/action/ 0
118 B 221ms
221ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25145063.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 29 Jun 2023 16:26:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1D0564E4477B496187E93C2D73D1C093 Ref B: FRA31EDGE0218 Ref C: 2023-06-29T16:26:43Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 32ms
32ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25145063&tm=gtm002&Ver=2&mid=32269d59-d8d7-41dd-8e5b-8f2bb887dd8a&sid=bbe13520169911eea3ca47b3660b08ca&vid=bbe1cc40169911ee9c55cd3c94085f43&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&p=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&r=https%3A%2F%2Ft.co%2F&lt=1086&evt=pageLoad&sv=1&rn=303102

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 29 Jun 2023 16:26:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 13D5E649B2DF4705B2DE2DAF23C47230 Ref B: FRA31EDGE0218 Ref C: 2023-06-29T16:26:43Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
81 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SR5CM38GBC&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c765de95a79197f5b6b5c551eda9c6346a41b634127a7d87415d9565184aedd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82530
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 29 Jun 2023 16:26:43 GMT

GET
H2

200

/ Show response
a2.adform.net/Serving/TrackPoint/
Redirect Chain

https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=571245771082&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&CPref=https%3A%2F%2Ft.co%2F&Set1=en-U...
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=571245771082&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&CPref=https%3A%2F%2Ft.co%2F&Set1...

857 B
1 KB

89ms
88ms

Script
text/javascript

185.167.164.43
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=571245771082&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&CPref=https%3A%2F%2Ft.co%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Server

185.167.164.43 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3c1345dbf10a89d8013203c93701448c3eb930283fd846d470fedfde54062a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 694
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
content-type: text/html; charset=utf-8
location: https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=571245771082&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&CPref=https%3A%2F%2Ft.co%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

POST
H2 204 pr
gesacu.us-1.evergage.com/ 0
114 B 97ms
93ms Ping
text/plain 54.198.99.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://gesacu.us-1.evergage.com/pr?.top=729&action=View%20Promotion&.tt=335&.ttdns=32&.dt=1085&.btdns=45&.bv=16&_ak=gesacu&_ds=gesa_prod&.scv=172&channel=Web&_r=629029&.anonId=e63e93135fc49fed&_anon=true

Requested by

Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.198.99.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-198-99-45.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.gesa.com
date: Thu, 29 Jun 2023 16:26:43 GMT
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
204 B 93ms
92ms Stylesheet
text/css 3.230.203.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.203.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-203-248.compute-1.amazonaws.com
Software: /
Resource Hash: df2db24627d3ae386f88ca9b731b1eb2c7ada1a09223a8a5c9fce2636be9efbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 29 Jun 2023 16:26:43 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
794 B 274ms
92ms Fetch
image/jpeg 3.230.203.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.203.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-203-248.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 29 Jun 2023 16:26:43 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H3 200 802797680067475 Show response
connect.facebook.net/signals/config/ 74 KB
20 KB 56ms
56ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/802797680067475?v=2.9.110&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fce72286616cdba01336a115689f8f0638ca3ab7b41651f43c062b870daad1cd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 29 Jun 2023 16:26:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: kqHKdzxZo4bQhrsENi0I86f3wOXIKunoXNLX/vICL536pKdcWTRvLK3+WRNjrMR9nwnarZbblNuq9nYLzqd85w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/ 36 B
378 B 80ms
18ms XHR
application/json 2600:9000:26db:1c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:1c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:19:19 GMT
content-encoding: gzip
via: 1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 11244
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=14018
x-amz-cf-id: D9BF4_k1Lg0mJm5l1AsE2YUCkwDYkERuZfns-e62KVQlwGtT71rH-w==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/ 36 B
377 B 80ms
19ms XHR
application/json 2600:9000:26db:1c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:1c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:19:19 GMT
content-encoding: gzip
via: 1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 11244
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=14018
x-amz-cf-id: Zg_A1gbFa2BaXlv0bQywzIeikyFR2viYfdGUiTwfLy7B7RGDA_1S4Q==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/ 36 B
376 B 78ms
19ms XHR
application/json 2600:9000:26db:1c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:1c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:19:19 GMT
content-encoding: gzip
via: 1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 11244
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=14018
x-amz-cf-id: dFx0fMj89V7pL886Mx6dseijdRyOqfOeAGFQgaMXS50ccyVMvl480g==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/ 36 B
377 B 77ms
19ms XHR
application/json 2600:9000:26db:1c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:1c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:19:19 GMT
content-encoding: gzip
via: 1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 11244
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=14018
x-amz-cf-id: cCHOZJFI1Sg14mNxCuRGEpoM4Od_ENnJ1D3ac6KLogTnYVeifoYOuQ==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/ 36 B
377 B 69ms
19ms XHR
application/json 2600:9000:26db:1c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:1c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:19:19 GMT
content-encoding: gzip
via: 1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 11244
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=14018
x-amz-cf-id: Ql89lbcTWSBAZ3Ge1HrWR_r_TXQxYqR3yTRJ4naS22bsiYU3aFjZKQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4860388%26time%3D1688056003416%26url%3Dhttps%253A%252F%252Fwww.gesa.com%252Fpromo...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQK_Y1VsjG...

0
266 B

195ms
108ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQK_Y1VsjG4fTwAAAYkH-n0QnpLnUhUwEDPviD990pzpzh5EmDZXQ3-MFvVXN0Xp
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: AD741305A6444E1BB46CB2AFF5F4A992 Ref B: FRAEDGE1506 Ref C: 2023-06-29T16:26:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX/Ryp7Z2yw66clnzSz2Q==

Redirect headers

date: Thu, 29 Jun 2023 16:26:42 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 4CC638FF05E64FF28BE519393D70F704 Ref B: FRAEDGE1217 Ref C: 2023-06-29T16:26:43Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1688056003416&url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQK_Y1VsjG4fTwAAAYkH-n0QnpLnUhUwEDPviD990pzpzh5EmDZXQ3-MFvVXN0Xp
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX/Ryp4bBP2H7nyIDmEjA==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/ 36 B
377 B 44ms
18ms XHR
application/json 2600:9000:26db:1c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4860388/domain/gesa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:1c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 13:19:19 GMT
content-encoding: gzip
via: 1.1 9564791ed47030dad53c797ee814c66e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 11244
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=14018
x-amz-cf-id: F9C8DwCfdXiv1oKonYfLk1DhNKDRQ9IkxAiY7laQkEazF5u8v0sdbw==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
55 B 15ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-SR5CM38GBC&gtm=45je36s0&_p=404137781&ul=en-us&sr=1600x1200&cid=101105787.1688056003&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABA&ngs=1&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&dr=https%3A%2F%2Ft.co%2F&dt=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&sid=1688056003&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_1=101105787.1688056003_1688056003208
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SR5CM38GBC&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 2399688 Show response
vc.hotjar.io/sessions/ 0
259 B 125ms
40ms XHR
text/plain 18.66.192.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/2399688?s=0.25&r=0.0594353368607492
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.710fa773759992ae5199.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.192.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-192-46.muc50.r.cloudfront.net
Software: Python/3.8 aiohttp/3.8.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
via: 1.1 29473aa9cc185f2a037ec3a7e2ffd74c.cloudfront.net (CloudFront)
server: Python/3.8 aiohttp/3.8.4
x-amz-cf-pop: MUC50-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: QfU4IMBEAVbGaMlLB6STPjWUdMMfN1k1b4VLxZJ2QpXvD5_MbQ4Ohw==

GET
H2 200 track.php Show response
app.marketplan.io/ 0
126 B 1510ms
1262ms XHR
text/html 74.208.214.109
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.marketplan.io/track.php?pid=2&mpageid=undefined&user=marama&ref=https%3A%2F%2Ft.co%2F&jsurl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F
Requested by: Host: app.marketplan.io
URL: https://app.marketplan.io/track.js?x=1688056003012
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 74.208.214.109 , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: ns1.marketplan.io
Software: nginx / PHP/7.4.23, PleskLin
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 29 Jun 2023 16:26:45 GMT
server: nginx
x-powered-by: PHP/7.4.23, PleskLin
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de Show response
api.alpharank.io/api/pixel/script/ 495 B
848 B 615ms
181ms Script
text/javascript 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: nginx/1.12.2 / Express
Resource Hash: 013c037f68d07cd5a0a595f89995290aec3addca27079bc47ecd128440b06b3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: nginx/1.12.2
X-Powered-By: Express
ETag: W/"1ef-dugMHzxjl0TnCCwJG+f12QIKVsA"
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: undefined
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 495

GET
H3 200 649860135726018 Show response
connect.facebook.net/signals/config/ 380 KB
108 KB 84ms
84ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/649860135726018?v=2.9.110&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d21ead9e4dc3bd3752526a6c2fdeba86a0773be09f5216afef3607ec302a47cc

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 29 Jun 2023 16:26:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: qYi83WYuoF934TBiCFblalPxk1g4Q4Fa7+QZUeo8ob1Ua2k+9cozd7qX+SsBRY1bF9uC1Xq7lRgOyWmwzB9/ag==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 185 B
378 B 96ms
96ms XHR
text/plain 3.230.203.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=CHqG--Quapl1h0Ans2jxHw&is_js=true&landing_url=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&t=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&tip=tjirP92hCnRmOuslzxvaPgeLEw1aoAw_TOcPZu33YbI&host=https://www.gesa.com&sa_conv_data_css_value=%270-4e11f466-dc9a-503d-6999-403c73b9f118%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd94e11f466dc9a503d6999403c73b9f11850ff0ac8&sa-user-id-v2=s%253AThH0ZtyaUD1pmUA8c7nxGFD_Csg.Lbo2ajNzhtmrceoC6TXFYcV2QqYTqakD3tAvrbrCCFY&sa-user-id=s%253A0-4e11f466-dc9a-503d-6999-403c73b9f118.nonJxxzM2aWZHfZDCqAJjYl8PmigGAisHVshIf6GRyc
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.203.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-203-248.compute-1.amazonaws.com
Software: /
Resource Hash: ab3598e2d6ad2d1e9feef533adf3665cd58c4eeb1916ae652d2c42794bf0a801

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.gesa.com
date: Thu, 29 Jun 2023 16:26:43 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 185
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 pixels Show response
c1.adform.net/imatch/ Frame AB48 5 KB
2 KB 80ms
27ms Document
text/html 37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Requested by

Host: a2.adform.net
URL: https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=571245771082&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&CPref=https%3A%2F%2Ft.co%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a2d08b113e8daf0b53bb3db61c89decedb257866aeaadd5b655e787872119a01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 29 Jun 2023 16:26:43 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 /
a1.seadform.net/serving/cookie/sync/ 35 B
468 B 106ms
21ms Image
image/gif 37.157.3.29
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a1.seadform.net/serving/cookie/sync/?uid=6376785185978518235&stamp=eLWBlK1-EGoDvP-67D9Y4w2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
content-type: image/gif
cache-control: private

GET
H2 200 visitor.php Show response
app.leadsrx.com/ 111 B
542 B 266ms
266ms XHR
text/html 35.166.204.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.leadsrx.com/visitor.php?acctTag=huzooe43734&tz=0&ref=https%3A%2F%2Ft.co%2F&u=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&t=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&lc=null&anon=0&vin=null

Requested by

Host: app.leadsrx.com
URL: https://app.leadsrx.com/visitor.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

35.166.204.132 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-204-132.us-west-2.compute.amazonaws.com

Software

nginx/1.20.1 / PHP/5.6.40

Resource Hash

7ae7023d0b6ac703a64f3668965af39a7d4c4607ec149cb28caf1c99bd0ccfbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.gesa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
x-content-type-options: nosniff
server: nginx/1.20.1
x-powered-by: PHP/5.6.40
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.gesa.com
access-control-allow-credentials: true

GET
H2 200 /
www.facebook.com/tr/ 0
186 B 83ms
10ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=309829729581526&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1688056003804&sw=1600&sh=1200&v=2.9.110&r=stable&ec=0&o=28&fbp=fb.1.1688056003802.1804605139&cs_est=true&it=1688056003226&coo=false&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 29 Jun 2023 16:26:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 84ms
11ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=802797680067475&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1688056003805&sw=1600&sh=1200&v=2.9.110&r=stable&ec=0&o=28&fbp=fb.1.1688056003802.1804605139&it=1688056003226&coo=false&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 29 Jun 2023 16:26:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 84ms
11ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=649860135726018&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1688056003807&sw=1600&sh=1200&v=2.9.110&r=stable&ec=0&o=30&fbp=fb.1.1688056003802.1804605139&cs_est=true&it=1688056003226&coo=false&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 29 Jun 2023 16:26:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 clickstream.js Show response
d10lpsik1i8c69.cloudfront.net/js/ Frame 07BF 287 KB
93 KB 23ms
8ms Script
application/javascript 108.138.34.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Requested by: Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.34.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-34-128.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb

Request headers

Referer
Origin: https://www.gesa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 11:38:47 GMT
content-encoding: gzip
via: 1.1 7f6fdb9a0ec439bac9ac6cc0db13237e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 20753277
x-cache: Hit from cloudfront
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
etag: W/"6a7ba000cc0f3518baa46608eb12410c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: Q2cBZoLL4d13gmLxjlWz1cqYch163VBeVdSqWtgbMyL4big6Ba7ARA==

GET
H2 200 plf
c1.adform.net/imatch/ Frame AB48 0
385 B 22ms
22ms Image
text/plain 37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plff

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame AB48
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=42&external_user_id=6376785185978518235&Expiration=1689265603
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=6376785185978518235&Expiration=1689265603

43 B
424 B

34ms
34ms

Image
image/gif

99.81.190.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=6376785185978518235&Expiration=1689265603
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Server: 99.81.190.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-190-73.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 29 Jun 2023 16:26:44 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=6376785185978518235&Expiration=1689265603
access-control-allow-origin: *
date: Thu, 29 Jun 2023 16:26:43 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame AB48 0
400 B 74ms
31ms Image
text/plain 23.215.16.120
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=4879&ext_id=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.215.16.120 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-215-16-120.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:43 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Wed, 28 Jun 2023 16:26:43 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame AB48 0
214 B 77ms
9ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=5232&puid=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame AB48
Redirect Chain

https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=6376785185978518235&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__
https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=6376785185978518235&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__&nut&uu=66f013386d824bfe9...
https://c1.adform.net/serving/cookie/match?party=9&uid=ee21093e3ce43accb35d6e8e105341bcecfe3c70621a3353c5a39fbbe316c404

35 B
592 B

39ms
38ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=9&uid=ee21093e3ce43accb35d6e8e105341bcecfe3c70621a3353c5a39fbbe316c404

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

location: https://c1.adform.net/serving/cookie/match?party=9&uid=ee21093e3ce43accb35d6e8e105341bcecfe3c70621a3353c5a39fbbe316c404
date: Thu, 29 Jun 2023 16:26:43 GMT
content-length: 0
p3p: CP=NOI PSA OUR

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame AB48 43 B
163 B 176ms
23ms Image
image/gif 185.86.138.155
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=22&partneruserid=6376785185978518235&redirurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d10%26cid%3DSMART_USER_ID
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.155 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55944/ Frame AB48 0
126 B 152ms
46ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55944/sync?uid=6376785185978518235&_origin=1

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK user-registering
ads.stickyadstv.com/ Frame AB48 43 B
637 B 387ms
17ms Image
image/gif 23.55.161.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=189&userId=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.161.187 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-161-187.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1688056004168051-337
Expires: Thu, 29 Jun 2023 16:26:44 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame AB48
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=70&user_id=6376785185978518235
https://x.bidswitch.net/ul_cb/sync?dsp_id=70&user_id=6376785185978518235
https://eb2.3lift.com/xuid?mid=2409&xuid=83bb9835-f6a2-4ccd-bc59-fd530c06d828&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
https://eb2.3lift.com/xuid?ld=1&mid=2409&xuid=83bb9835-f6a2-4ccd-bc59-fd530c06d828&dongle=d3d3&gdpr=0&cmp_cs=&us_privacy=

37 B
355 B

13ms
12ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=2409&xuid=83bb9835-f6a2-4ccd-bc59-fd530c06d828&dongle=d3d3&gdpr=0&cmp_cs=&us_privacy=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=2409&xuid=83bb9835-f6a2-4ccd-bc59-fd530c06d828&dongle=d3d3&gdpr=0&cmp_cs=&us_privacy=
date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AB48
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=6376785185978518235&expiration=1689265603
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=6376785185978518235&expiration=1689265603&C=1

43 B
766 B

15ms
15ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=6376785185978518235&expiration=1689265603&C=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:43 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:43 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=111&external_user_id=6376785185978518235&expiration=1689265603&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

img
pixel.mathtag.com/sync/ Frame AB48
Redirect Chain

https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=6376785185978518235&sInitiator=external
https://uipglob.semasio.net/adform/1/info2?sType=sync&sExtCookieId=6376785185978518235&sInitiator=external
https://se.semasio.net/sync/1/16266044?sExtCookieId=6376785185978518235&gdpr=&sInitiator=external
https://pixel.mathtag.com/sync/img?mt_exid=10041&gdpr=&redir=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F14876172%3FsExtCookieId%3D%5BMM_UUID%5D%26sInitiator%3Dinternal

43 B
418 B

96ms
20ms

Image
image/gif

95.101.148.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/sync/img?mt_exid=10041&gdpr=&redir=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F14876172%3FsExtCookieId%3D%5BMM_UUID%5D%26sInitiator%3Dinternal
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Server: 95.101.148.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-198.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master zrh zrh-pixel-x31 config_version:"1524" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x31 config_version:"1524"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Thu, 29 Jun 2023 16:26:43 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:56 GMT
uip-status: Ok
frontend-id: 06
location: https://pixel.mathtag.com/sync/img?mt_exid=10041&gdpr=&redir=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F14876172%3FsExtCookieId%3D%5BMM_UUID%5D%26sInitiator%3Dinternal
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1 200
OK match
ps.eyeota.net/ Frame AB48 0
344 B 92ms
9ms Image
text/plain 18.184.216.10
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=6376785185978518235&bid=9gdtmu1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.184.216.10 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-216-10.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 16:26:43 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2

200

pixel.gif
load77.exelator.com/ Frame AB48
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=6376785185978518235
https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=6376785185978518235&xl8blockcheck=1
https://load77.exelator.com/pixel.gif

43 B
367 B

116ms
7ms

Image
image/gif

2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 29 Jun 2023 16:26:44 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 615572
x-accel-date: 1687440432
content-length: 43
x-77-nzt: AcO1qhE86xf/lGQJAA
x-accel-expires: @1688477232
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
etag: "59f0c3fc-2b"
x-77-nzt-ray: 4c1562247558b22ec4b09d64933d1f0a
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes

Redirect headers

date: Thu, 29 Jun 2023 16:26:44 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2 451 398366.gif
idsync.rlcdn.com/ Frame AB48 0
99 B 77ms
17ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/398366.gif?partner_uid=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 404 gdpr_consent=
sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=6376785185978518235/gdpr=/ Frame AB48 49 B
267 B 146ms
30ms Image
image/gif 52.49.54.245
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=6376785185978518235/gdpr=/gdpr_consent=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.54.245 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-54-245.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.23.128
content-length: 49
expires: 0

GET
H2 200 29729
tags.bluekai.com/site/ Frame AB48 62 B
219 B 215ms
166ms Image
image/gif 72.246.169.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/29729?id=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 72.246.169.24 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-246-169-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Thu, 29 Jun 2023 16:26:44 GMT
content-length: 62
content-type: image/gif

GET
H2 200 sd
eu-u.openx.net/w/1.0/ Frame AB48 43 B
274 B 185ms
120ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

pixel.gif
s3-eu-west-1.amazonaws.com/adality-cdn-content/ Frame AB48
Redirect Chain

https://api.adrtx.net/thirdparty/click?p=adfo
https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif

35 B
390 B

130ms
42ms

Image
image/gif

52.218.105.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Server: 52.218.105.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-eu-west-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 16:26:45 GMT
Last-Modified: Thu, 29 Oct 2015 16:41:57 GMT
Server: AmazonS3
x-amz-request-id: F65R8QXMB47RZCW9
ETag: "c2196de8ba412c60c22ab491af7b1409"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 35
x-amz-id-2: UE2gVz44mi12KU/yIEHChZn7bO8WOhmyXKinnGc639O4jZ0Oyqfo8HocozH3xv9R3sZgpbXDNUY=

Redirect headers

X-Error-Reason: Missing UserId
Date: Thu, 29 Jun 2023 16:26:43 GMT
Server: akka-http/10.2.10
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 137

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame AB48
Redirect Chain

https://pixel.onaudience.com/?mapped=6376785185978518235&partner=68
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1

70 B
266 B

111ms
34ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
content-length: 0

GET
H/1.1

200
OK

/
cm.adsafety.net/ Frame AB48
Redirect Chain

https://cm.adsafety.net/?_cmsrc=adformx&idt=100&did=6376785185978518235
https://tags.adsafety.net/v1/cm?cm_uid=CM1202306291635c08195e886e0c0a27&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Dcommon%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D&...
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=common&idt=100&did=d7261d77f9ccc1caec01cded73c46872
https://ads.smartstream.tv/cm/?cmsrc=cm&cm_uid=CM1202306291635c08195e886e0c0a27&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dstv%26_chainsrc%3Dcommon&gdpr_consent=
https://cm.adsafety.net/?_cmsrc=stv&_chainsrc=common&idt=100&did=d7261d77f9ccc1caec01cded73c46872&idt_did_status=added&gdpr_consent=&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=dataxtrade_dmp&google_cm&google_hm=Q00xMjAyMzA2MjkxNjM1YzA4MTk1ZTg4NmUwYzBhMjc&gdpr_consent=&gdpr=0
https://cm.adsafety.net/?_cmsrc=dbmx&midt=100&mdid=CAESEMTl2VnA8H2mdBLepvF9yHs&gdpr_consent=&gdpr=0&google_cver=1
https://c1.adform.net/serving/cookie/match?party=28&cid=CM1202306291635c08195e886e0c0a27
https://cm.adsafety.net/?_cmsrc=adform&idt=100&did=6376785185978518235

43 B
2 KB

13ms
12ms

Image
image/gif

217.79.187.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adsafety.net/?_cmsrc=adform&idt=100&did=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Server: 217.79.187.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: cm43.as.net
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:44 GMT
Last-Modified: Thu, 29 Jun 2023 16:26:44 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.adsafety.net/?_cmsrc=adform&idt=100&did=6376785185978518235
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame AB48 0
339 B 156ms
31ms Image
text/plain 52.50.46.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=adform&partner_uid=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.46.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-46-27.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-served-by: beacon-n024-dub-prod.krxd.net
date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: private, no-cache, no-store
x-request-time: D=38 t=1688056004
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
c1.adform.net/serving/cookie/match/ Frame AB48
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_cm&google_ula=1641347&party=1&google_hm=NjM3Njc4NTE4NTk3ODUxODIzNQ
https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGlhGURfkIwF1QvF2sUcmN4&google_cver=1&google_ula=1641347,0

35 B
592 B

22ms
22ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGlhGURfkIwF1QvF2sUcmN4&google_cver=1&google_ula=1641347,0

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGlhGURfkIwF1QvF2sUcmN4&google_cver=1&google_ula=1641347,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
secure.adnxs.com/ Frame AB48
Redirect Chain

https://secure.adnxs.com/getuid?https://c1.adform.net/serving/cookie/match?party=3&id=$UID&redirect=1
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3Fparty%3D3%26id%3D%24UID%26redirect%3D1
https://c1.adform.net/serving/cookie/match?party=3&id=7348588133628944346&redirect=1
https://secure.adnxs.com/setuid?entity=91&code=6376785185978518235

43 B
1 KB

8ms
7ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/setuid?entity=91&code=6376785185978518235

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:44 GMT
AN-X-Request-Uuid: 4b29e806-cbac-4355-b414-257de6c3e8c7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.200; 80.255.10.200; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://secure.adnxs.com/setuid?entity=91&code=6376785185978518235
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 plf
c1.adform.net/imatch/ Frame AB48 0
385 B 29ms
24ms Image
text/plain 37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plfm

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame AB48 42 B
474 B 97ms
15ms Image
image/gif 198.47.127.205
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.205 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 29 Jun 2023 16:26:43 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK cs
pdw-adf.userreport.com/ Frame AB48 43 B
444 B 59ms
8ms Image
image/gif 18.66.192.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pdw-adf.userreport.com/cs
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.192.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-192-99.muc50.r.cloudfront.net
Software: nginx/1.22.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 01:22:06 GMT
Via: 1.1 66ce4848bcf993e3c57b596461cd0b82.cloudfront.net (CloudFront)
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.22.0
X-Amz-Cf-Pop: MUC50-P1
Age: 54278
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-Amz-Cf-Id: vxRPh8UnIj6KALN3cTuZa0hURF7DuvzJ8QjfMkfTU7rT9lHrryzn7A==

GET
H/1.1

200

p
a.audrte.com/ Frame AB48
Redirect Chain

https://a.audrte.com/a?adform_uid=6376785185978518235
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZDhsb3kzN1YteE1RdG1MTVdxU0tnRk9EQQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/p

68 B
424 B

93ms
93ms

Image
image/png

52.72.63.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Server: 52.72.63.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-63-169.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame AB48
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1586&dpuuid=6376785185978518235&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1586&dpuuid=6376785185978518235&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredire...
https://c1.adform.net/serving/cookie/match?party=1007&cid=70011814581782628561760229417187338702&noredirect=1

35 B
592 B

22ms
21ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1007&cid=70011814581782628561760229417187338702&noredirect=1

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

DCS: dcs-prod-irl1-1-v050-086da38e5.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: qWXVaeplQzg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://c1.adform.net/serving/cookie/match?party=1007&cid=70011814581782628561760229417187338702&noredirect=1
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame AB48
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212269628&_puid=6376785185978518235
https://dmp.adform.net/serving/cookie/match/?party=1014&cid=216613104562003575639

35 B
592 B

28ms
27ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1014&cid=216613104562003575639

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://dmp.adform.net/serving/cookie/match/?party=1014&cid=216613104562003575639
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame AB48
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1049%26cid%3D%25%25COOKIE%25%25
https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7250145331007060121

35 B
592 B

56ms
23ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7250145331007060121

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Location: https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7250145331007060121
Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 33302
tags.bluekai.com/site/ Frame AB48 62 B
430 B 186ms
186ms Image
image/gif 72.246.169.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/33302?id=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 72.246.169.24 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-246-169-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Thu, 29 Jun 2023 16:26:44 GMT
content-length: 62
content-type: image/gif

GET
H/1.1 200
OK img
pixel.mathtag.com/sync/ Frame AB48 43 B
418 B 22ms
21ms Image
image/gif 95.101.148.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/sync/img?redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1066%26cid%3D%5BMM_UUID%5D
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-198.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x25 config_version:"1438" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x25 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Thu, 29 Jun 2023 16:26:43 GMT

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame AB48
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_
https://c1.adform.net/serving/cookie/match?party=1084&cid=iyWPqAMy1QeUtK5

35 B
592 B

24ms
23ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1084&cid=iyWPqAMy1QeUtK5

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:43 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://c1.adform.net/serving/cookie/match?party=1084&cid=iyWPqAMy1QeUtK5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame AB48 70 B
265 B 33ms
33ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=71ei9rr&ttd_tpi=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.0 200
OK image.sbmx
global.ib-ibi.com/ Frame AB48 0
72 B 378ms
86ms Image
text/plain 69.169.86.38
AMC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://global.ib-ibi.com/image.sbmx?go=302927&pid=567&xid=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.0
Security: TLS 1.2, RSA, AES_256_CBC
Server: 69.169.86.38 , United States, ASN29838 (AMC, US),
Reverse DNS
Software: BigIP /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Connection: close
Content-Length: 0
Server: BigIP

GET
H/1.1 200 0.gif
id5-sync.com/s/10/ Frame AB48 43 B
1 KB 49ms
10ms Image
image/gif 141.95.33.111
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/10/0.gif?puid=6376785185978518235

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.111 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203177.ip-141-95-33.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame AB48
Redirect Chain

https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D
https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D&bounce=1&random=393586205
https://dmp.adform.net/serving/cookie/match/?party=1145&cid=RfOJlVQmsO20rBSWP/86AO

35 B
592 B

23ms
23ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1145&cid=RfOJlVQmsO20rBSWP/86AO

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:43 GMT
via: 1.1 google
last-modified: Thu, 29 Jun 2023 16:26:44 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location: https://dmp.adform.net/serving/cookie/match/?party=1145&cid=RfOJlVQmsO20rBSWP/86AO
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame AB48 23 B
165 B 81ms
32ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=119&uid=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Thu, 29 Jun 2023 16:26:44 GMT
pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET pixel.gif
sync.1dmp.io/ Frame AB48 0
0

GET
H2 204 /
s.ad.smaato.net/c/ Frame AB48 0
242 B 88ms
17ms Image
text/plain 2600:9000:2450:b000:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001213&dspCookie=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:b000:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: no-cache, must-revalidate
via: 1.1 a7253b490fb8bb0dd0b4ed29b3f2d85a.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: CDG50-P4
x-amz-cf-id: cleDMPK7Cyb-SSA3YYgLrEd4zR6hL4sVAVePkHFWLO_DBaFChYgirw==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame AB48
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2032&partner_device_id=6376785185978518235&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DE...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2032&partner_device_id=6376785185978518235&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7...
https://c1.adform.net/serving/cookie/match?party=2007&cid=873492ab-4379-4fb7-bb02-de8275ed9ab0

35 B
601 B

23ms
22ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=2007&cid=873492ab-4379-4fb7-bb02-de8275ed9ab0

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

date: Thu, 29 Jun 2023 16:26:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://c1.adform.net/serving/cookie/match?party=2007&cid=873492ab-4379-4fb7-bb02-de8275ed9ab0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 6376785185978518235
match.contentexchange.me/adform/ Frame AB48 0
50 B 99ms
20ms Image
text/plain 46.19.11.36
SIEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.contentexchange.me/adform/6376785185978518235?redirect_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1219
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.19.11.36 , Slovenia, ASN51790 (SIEL, SI),
Reverse DNS: ilog.vsn.si
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:44 GMT
content-length: 0
server: nginx/1.16.1

GET
H2 200 xuid
eb2.3lift.com/ Frame AB48 37 B
140 B 10ms
9ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7354&xuid=6376785185978518235&dongle=AD20
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H/1.1

204
No Content

sync.php
pixel.rubiconproject.com/exchange/ Frame AB48
Redirect Chain

https://sync.e-volution.ai/296800c6dbd7f8eb22cf034b9927d719.gif?puid=6376785185978518235
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=

0
239 B

40ms
9ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Pragma: no-cache
Date: Thu, 29 Jun 2023 16:26:44 GMT
Server: nginx
Transfer-Encoding: chunked
Location: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2 202 adf
pixel.sojern.com/idsync/ Frame AB48 0
163 B 44ms
17ms Image
text/plain 107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idsync/adf?adfid=6376785185978518235
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"

GET
H2 200 plf
c1.adform.net/imatch/ Frame AB48 0
385 B 25ms
22ms Image
text/plain 37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plfl

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=6376785185978518235&agencyId=7028&advertiserId=2079361&src=tp&rnd=977591
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 16:26:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H/1.1 404
Not Found bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de
api.alpharank.io/api/pixel/script/ 0
0 183ms
182ms Script
text/html 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de?c=n&t=1688083200000
Requested by: Host: api.alpharank.io
URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 5C46 0
71 B 9ms
6ms Document
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/promotions/70th-birthday/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.gesa.com
Referer: https://www.gesa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.gesa.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 29 Jun 2023 16:26:44 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.1dmp.io
URL: https://sync.1dmp.io/pixel.gif?cid=672a497c-d086-4380-a381-292df6008b87&brid=db693857-60a6-4685-a042-c2286c2ca02d&pid=w&uid=6376785185978518235

Verdicts & Comments Add Verdict or Comment

130 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

105 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 22:24:30	Name: muc Value: 4724c67d-b821-4e90-8d3c-5e41eb88cc04
.bit.ly/	1970-01-20 17:13:28	Name: _bit Value: n5tgqG-da2e269ccf00b35b7a-005
.gesa.com/	1970-01-20 22:30:16	Name: _evga_6d54 Value: {%22uuid%22:%22e63e93135fc49fed%22}
.gesa.com/	1970-01-20 15:03:52	Name: _gcl_au Value: 1.1.1595446558.1688056003
.gesa.com/	1970-01-20 22:30:16	Name: _sfid_0e63 Value: {%22anonymousId%22:%22e63e93135fc49fed%22%2C%22consents%22:[]}
.gesa.com/	1970-01-20 12:55:42	Name: _gid Value: GA1.2.77408964.1688056003
.gesa.com/	1970-01-20 12:54:16	Name: _dc_gtm_UA-32823301-1 Value: 1
.gesa.com/	1970-01-20 22:30:16	Name: _ga_H1S93VJW48 Value: GS1.1.1688056003.1.0.1688056003.60.0.0
.gesa.com/	1970-01-20 22:30:16	Name: _ga Value: GA1.1.101105787.1688056003
.gesa.com/	1970-01-20 12:55:42	Name: _uetsid Value: bbe13520169911eea3ca47b3660b08ca
tags.srv.stackadapt.com/	1970-01-20 21:39:52	Name: sa-user-id Value: s%3A0-4e11f466-dc9a-503d-6999-403c73b9f118.nonJxxzM2aWZHfZDCqAJjYl8PmigGAisHVshIf6GRyc
tags.srv.stackadapt.com/	1970-01-20 21:39:52	Name: sa-user-id-v2 Value: s%3AThH0ZtyaUD1pmUA8c7nxGFD_Csg.Lbo2ajNzhtmrceoC6TXFYcV2QqYTqakD3tAvrbrCCFY
.srv.stackadapt.com/	1970-01-20 21:39:52	Name: sa-user-id-v2 Value: s%3AThH0ZtyaUD1pmUA8c7nxGFD_Csg.Lbo2ajNzhtmrceoC6TXFYcV2QqYTqakD3tAvrbrCCFY
.gesa.com/	1970-01-20 22:15:52	Name: _uetvid Value: bbe1cc40169911ee9c55cd3c94085f43
.bing.com/	1970-01-20 22:15:52	Name: MUID Value: 1AAC73FE104B6AC4305C60C111C06B7D
www.gesa.com/	1970-01-20 21:39:52	Name: sa-user-id Value: s%253A0-4e11f466-dc9a-503d-6999-403c73b9f118.nonJxxzM2aWZHfZDCqAJjYl8PmigGAisHVshIf6GRyc
www.gesa.com/	1970-01-20 21:39:52	Name: sa-user-id-v2 Value: s%253AThH0ZtyaUD1pmUA8c7nxGFD_Csg.Lbo2ajNzhtmrceoC6TXFYcV2QqYTqakD3tAvrbrCCFY
.gesa.com/	1970-01-20 22:30:16	Name: _ga_SR5CM38GBC Value: GS1.2.1688056003.1.0.1688056003.0.0.0
www.gesa.com/	1970-01-20 12:55:42	Name: ln_or Value: eyI0ODYwMzg4IjoiZCJ9
.gesa.com/	1970-01-20 21:39:52	Name: _hjSessionUser_2399688 Value: eyJpZCI6IjViZDE3MzI3LWM5YTQtNWFlNy05MWYwLTQ2ZTJjYjBmMzEzMSIsImNyZWF0ZWQiOjE2ODgwNTYwMDM1NTIsImV4aXN0aW5nIjpmYWxzZX0=
.gesa.com/	1970-01-20 12:54:17	Name: _hjFirstSeen Value: 1
.gesa.com/	1970-01-20 12:54:16	Name: _hjIncludedInSessionSample_2399688 Value: 0
.gesa.com/	1970-01-20 12:54:17	Name: _hjSession_2399688 Value: eyJpZCI6IjdmZjgwY2U0LTdlMDItNDc2OS05OGRjLWRlMDZlYThiYjJkNyIsImNyZWF0ZWQiOjE2ODgwNTYwMDM1NjEsImluU2FtcGxlIjpmYWxzZX0=
.gesa.com/	1970-01-20 12:54:17	Name: _hjAbsoluteSessionInProgress Value: 1
.linkedin.com/	1970-01-20 15:03:52	Name: li_sugr Value: cb895c3d-408b-456e-8e6a-432aaab4453f
.linkedin.com/	1970-01-20 21:39:52	Name: bcookie Value: "v=2&928d70c6-b351-4bb5-8fc7-edd2afb79ff2"
.linkedin.com/	1970-01-20 12:55:42	Name: lidc Value: "b=VGST02:s=V:r=V:a=V:p=V:g=2933:u=1:x=1:i=1688056003:t=1688142403:v=2:sig=AQFArsj35nWynQLbCW8AMulyuKBLkW75"
.adform.net/	1970-01-20 13:37:28	Name: C Value: 1
.linkedin.com/	1970-01-20 13:37:28	Name: UserMatchHistory Value: AQKWw6eLG3UisAAAAYkH-nwsqOnv0pEp2kHz9LR6H75oHIyDCCst06R5xH41SxnOor7fE5sZ44Klkg
.linkedin.com/	1970-01-20 13:37:28	Name: AnalyticsSyncHistory Value: AQLRO5znOTGQ7gAAAYkH-nwsC_92azt7LGcM2DObynimPc214IZoXKvDpckmQQCy-oIZ1SrG7_lYtSiAxuExtA
.adform.net/	1970-01-20 14:20:40	Name: uid Value: 6376785185978518235
.adform.net/	1970-01-20 12:55:42	Name: CM Value: 1\|1
.www.linkedin.com/	1970-01-20 21:39:52	Name: bscookie Value: "v=1&202306291626436d8b1dfa-b802-46b8-8b25-dfc79c1a1659AQHNqKtBWVDU3v9AnFduutsNqy3omeof"
.linkedin.com/	1970-01-20 17:13:28	Name: li_gc Value: MTswOzE2ODgwNTYwMDM7MjswMjEPKtQ/5xnONmTshkaMpoMeUmB1ZMDiWee5U0DSCyCNaA==
.gesa.com/	1970-01-20 15:03:52	Name: _fbp Value: fb.1.1688056003802.1804605139
.adform.net/	1970-01-20 13:14:25	Name: CM14 Value: 1688142403_1688056003_1_Hu7u4e4e4R7u7u4REREeERERERHhERA
.seadform.net/	1970-01-20 14:20:40	Name: uid Value: 6376785185978518235
.adscale.de/	1970-01-20 21:36:32	Name: uu Value: 66f013386d824bfe939dd0a32d47709b
.adscale.de/	1970-01-20 21:36:32	Name: cct Value: 1688056003891
.gesa.com/	1970-01-20 17:13:28	Name: __lotr Value: https%3A%2F%2Ft.co%2F
.casalemedia.com/	1970-01-20 21:39:52	Name: CMID Value: ZJ2ww6MCTNOisaDwWvislAAA
.casalemedia.com/	1970-01-20 15:03:52	Name: CMPS Value: 3351
.casalemedia.com/	1970-01-20 15:03:52	Name: CMPRO Value: 3351
.ih.adscale.de/	1970-01-20 21:36:32	Name: tu Value: 4#1152029346#42~6376785185978518235~468904~0~0
.bidswitch.net/	1970-01-20 21:39:52	Name: tuuid Value: 83bb9835-f6a2-4ccd-bc59-fd530c06d828
.bidswitch.net/	1970-01-20 21:39:52	Name: c Value: 1688056003
.bidswitch.net/	1970-01-20 21:39:52	Name: tuuid_lu Value: 1688056003
.semasio.net/	1970-01-20 21:39:52	Name: SEUNCY Value: 1339F0FE0CDDF38F
.360yield.com/	1970-01-20 15:03:52	Name: tuuid Value: df548d9b-0f50-4a6a-b1cf-34a3a6f82d5d
.360yield.com/	1970-01-20 15:03:52	Name: tuuid_lu Value: 1688056003
.eyeota.net/	1970-01-20 12:54:16	Name: SERVERID Value: 22316~DM
.leadsrx.com/	1970-01-20 21:39:52	Name: _lab Value: 3377700061097549
.leadsrx.com/	1970-01-20 21:39:52	Name: _lab_lastTouch Value: other
.gesa.com/	1970-01-20 21:39:52	Name: _lab Value: 3377700061097549
.3lift.com/	1970-01-20 15:03:52	Name: tluid Value: 2823787851212665351608
.360yield.com/	1970-01-20 15:03:52	Name: um Value: !42,x3hb9d2rLv6TdoxYzhJHReiogTH3RNDTNL47IMUV90OS,1689265603
.360yield.com/	1970-01-20 15:03:52	Name: umeh Value: !42,0,1750264004,-1
.exelator.com/	1970-01-20 15:47:04	Name: EE Value: "fc72f94f81c08260191fcc6931e87be3"
.exelator.com/	1970-01-20 15:47:04	Name: ud Value: "eJxrXxzq6XKLQSEt2dwozdIkzcIw2cDCyMzA0NIwLTnZzNLYMNXCPCnVeHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQZEl%252BUWb6IhfXxUUpaQyLSopPBR9p%252FgsAl8gqtg%253D%253D"
.onaudience.com/	1970-01-20 21:39:52	Name: cookie Value: 9a358e002e6f51cd
.onaudience.com/	1970-01-20 12:55:42	Name: done_redirects147 Value: 1
cm.adsafety.net/	1970-01-20 21:39:52	Name: UID Value: CM1202306291635c08195e886e0c0a27
.adsafety.net/	1970-01-20 21:39:52	Name: cm_uid Value: CM1202306291635c08195e886e0c0a27
tags.adsafety.net/	1970-01-20 21:39:52	Name: UID Value: d7261d77f9ccc1caec01cded73c46872
tags.adsafety.net/	1970-01-20 21:39:52	Name: DID Value: d7261d77f9ccc1caec01cded73c46872
tags.adsafety.net/	1970-01-20 21:39:52	Name: IDT Value: 100
tags.adsafety.net/	1970-01-20 21:39:52	Name: cookie_ver Value: 2
tags.adsafety.net/	1970-01-20 13:37:28	Name: block_reset Value: 1
.adsafety.net/	1970-01-20 21:39:52	Name: ct_uid Value: d7261d77f9ccc1caec01cded73c46872
.adsafety.net/	1970-01-20 21:39:52	Name: ct_did Value: d7261d77f9ccc1caec01cded73c46872
.adsafety.net/	1970-01-20 21:39:52	Name: ct_idt Value: 100
cm.adsafety.net/	1970-01-20 21:39:52	Name: permanent Value: 1
ads.smartstream.tv/	1970-01-20 21:39:52	Name: DID Value: d7261d77f9ccc1caec01cded73c46872
ads.smartstream.tv/	1970-01-20 21:39:52	Name: idt Value: 100
ads.smartstream.tv/	1970-01-20 21:39:52	Name: permanent Value: 1
ads.smartstream.tv/	1970-01-20 13:37:28	Name: cm_uid Value: CM1202306291635c08195e886e0c0a27
.krxd.net/	1970-01-20 17:13:28	Name: _kuid_ Value: PpQNXxnO
.doubleclick.net/	1970-01-20 22:15:52	Name: IDE Value: AHWqTUmeiRRE4UavOykWkR_NBL8iImafNDIgo30RrMGdqbKihHAhvVgnphZKjUqroEM
.adnxs.com/	1970-01-20 15:03:52	Name: uuid2 Value: 7348588133628944346
cm.adsafety.net/	1970-01-20 21:39:52	Name: cache0 Value: KzFHSk9wMUZsMkpMMjlsMzBXenlaMW9VNnBZZHBKUXZ5R2ROUWtYQ2JjaFlJZTgwWnFodWI5TTZpNlpSMGhzVTFCK0VxS3RSYlNpeWk2MXpvejNzOEFiZ3UxK0lEUUtLbm5RUW5jTDZiNWJLK3F3YUZSMXJiaVdMNGtpYkF2TVpkRjRRZ1R5dTZKbmhCWWVRcTJmcmlyaXhvMEhkamQ5b0F3MmJxRHlORzBsbzd3eFdqY0hkaXdHNm8rNGp6SFQ1MHYvMDEzU0FKeE5EY20wVkZQWlRNbXdaV2VBZUhOU0N6dWdBeFlNS2srbHlaNHVNZUJIdkxKTURDcU5LVU1DbC9wREZkTkdqSExpQjZIM2R6aXpXdVp0U2Rma1BFeG1wRW1BaTR3UVg2NnNVOE5VMHBDSEpRcE85K1hsWm43b2h4bFhkYk1ubitBMy9zMmptWitwV2plTkxqZ0dWY0FCQ21CS1hwaDBQdnMyZEszOElUKzVaVFNvL25ic0tLeDlnOGtHdm5LK3h0QmN6cUxMZFBnS0xoQ0tmUFBxd0IwTTI0OWlIRGszdnhOYWprVHhkZjd4SFY4VmdWVWlDWkVkVFY5Mk5zSWRFVkkrSDJnc2dmZEZFT0p0UHJFV29nTHFNRjI0RFhSSU1tbnErNFFOdFc0blRYcWlxQmRjMWRvdjc1Q1ZybkVXd2Q4NXNPNmlwSnl0SkhOZ0t0R2xiZVlWYjNEQjF1anQzZnNOSXhjQ0FiS0s4OWNJa3VIdGFFRVVUUEFmRTNUK2tiVGJwZ2YveFVSbUhORTBsUk11emN3Q3lxeUZ6TTk4ZlFTUCtjR3E1b2VGaE5YVFNQZkk0WC9vVVMzSTQyaUtkNTJHK0t6UTBsYkFaSm1KWEV6WG1hNUxST21tanRJYlp2MEI4cmkwNFQrSGJNbnR2bVJ3a1NiWm1pM1h6V2tGek51YmoxQS9hZ1IzWmtCb2tZdlZnVnlHSjFWWWZFSmZUQTBnL3NEUVBqZzZzaVhVN3ZVcUk1NUNoY2dQbnU4bEpnejIvRzQ3TGl4eW5QclNSZkk2SFdObDhVOTdESmg3NzI2NHZqdlVhOXIweHVmdW9UOGZzZ0ZzR0VaMmZ5VFg0YWhzQTIxUHNmVXBEVWc9PQ%3D%3D
.adnxs.com/	1970-01-20 15:03:52	Name: anj Value: dTM7k!M4/YD>6NRF']wIg2HaMv!G[t!@wnfH8K4YRH[@9=E'NDlx#UojFq*c(po2aVlP0aumcB/#DI2Z#DIgl#Xsf5AZ<PR
.adfarm1.adition.com/	1970-01-20 15:03:52	Name: UserID1 Value: 7250145331007060121
.pubmatic.com/	1970-01-20 13:37:28	Name: KRTBCOOKIE_391 Value: 22924-6376785185978518235&KRTB&23263-6376785185978518235&KRTB&23481-6376785185978518235
.pubmatic.com/	1970-01-20 13:37:28	Name: PugT Value: 1688056003
.agkn.com/	1970-01-20 21:39:52	Name: ab Value: 0001%3AVkx0vT76tw6YjKry5gsyj%2Fy9uANgZE09
.id5-sync.com/	1970-01-20 12:54:16	Name: cf Value:
.id5-sync.com/	1970-01-20 12:54:16	Name: cip Value:
.id5-sync.com/	1970-01-20 12:54:16	Name: cnac Value:
.id5-sync.com/	1970-01-20 12:54:16	Name: car Value:
.id5-sync.com/	1970-01-20 12:54:16	Name: gdpr Value:
.id5-sync.com/	1970-01-20 12:54:16	Name: callback Value:
.weborama.fr/	1970-01-20 22:20:11	Name: AFFICHE_W Value: Awrd0-GtoqED55
.w55c.net/	1970-01-20 22:24:30	Name: wfivefivec Value: iyWPqAMy1QeUtK5
.w55c.net/	1970-01-20 13:37:28	Name: matchadform Value: 5
.demdex.net/	1970-01-20 17:13:28	Name: demdex Value: 70011814581782628561760229417187338702
.bluekai.com/	1970-01-20 17:17:47	Name: bku Value: aG/991uy7Vuu0yzR
.bluekai.com/	1970-01-20 17:17:47	Name: bkpa Value: KJy9/Qe5d02pSUHknp1p1p90wtkAwERpBpRlmeDhmeD8BpQN1EQ01pDe9JbVYa9=
.tapad.com/	1970-01-20 14:20:40	Name: TapAd_TS Value: 1688056004410
.tapad.com/	1970-01-20 14:20:40	Name: TapAd_DID Value: 873492ab-4379-4fb7-bb02-de8275ed9ab0
.dpm.demdex.net/	1970-01-20 17:13:28	Name: dpm Value: 70011814581782628561760229417187338702
.tapad.com/	1970-01-20 14:20:40	Name: TapAd_3WAY_SYNCS Value:
.e-volution.ai/	1970-01-20 13:14:25	Name: v_usr Value: 7deaf897-f682-45fb-b2f1-cfce1a6c62ef
.audrte.com/	1970-01-20 13:15:52	Name: arcki2 Value: d8loy37V-xMQtmLMWqSKgFODA!20220908!1688056004557!ip#80.255.10.200
.audrte.com/	1970-01-20 13:15:52	Name: arcki2_adform Value: 6376785185978518235!20220908!1688056004561
.audrte.com/	1970-01-20 13:15:52	Name: arcki2_ddp2 Value: d8loy37V-xMQtmLMWqSKgFODA!20220908!1688056004681

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'push'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vibrate'.
network	error	URL: https://google-analytics.bi.owox.com/collect?v=1&_v=j101&a=404137781&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2Fpromotions%2F70th-birthday%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=70th%20Birthday%20Cash%20Giveaway%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAACAEK~&jid=997103100&gjid=1205053007&cid=101105787.1688056003&tid=UA-32823301-1&_gid=77408964.1688056003&_slc=1&gtm=45He36s0n81MTFL685&cd1=101105787.1688056003_1688056003208&z=1534970845 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://idsync.rlcdn.com/398366.gif?partner_uid=6376785185978518235 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=6376785185978518235/gdpr=/gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de?c=n&t=1688083200000 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a1.seadform.net
a2.adform.net
aa.agkn.com
ad.360yield.com
ad.yieldlab.net
ads.smartstream.tv
ads.stickyadstv.com
api.adrtx.net
api.alpharank.io
app.leadsrx.com
app.marketplan.io
app.truconversion.com
bat.bing.com
beacon.krxd.net
bit.ly
c1.adform.net
cdn.evgnet.com
cdn.linkedin.oribi.io
cm.adsafety.net
cm.g.doubleclick.net
connect.facebook.net
d10lpsik1i8c69.cloudfront.net
dmp.adform.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eu-u.openx.net
gesacu.us-1.evergage.com
global.ib-ibi.com
google-analytics.bi.owox.com
googleads.g.doubleclick.net
id5-sync.com
idsync.rlcdn.com
ih.adscale.de
load77.exelator.com
loadm.exelator.com
match.adsrvr.org
match.contentexchange.me
pdw-adf.userreport.com
pixel.mathtag.com
pixel.onaudience.com
pixel.rubiconproject.com
pixel.sojern.com
pixel.tapad.com
pm.w55c.net
ps.eyeota.net
px.ads.linkedin.com
px4.ads.linkedin.com
redirect.frontend.weborama.fr
region1.analytics.google.com
region1.google-analytics.com
rtb-csync.smartadserver.com
s.ad.smaato.net
s2.adform.net
s3-eu-west-1.amazonaws.com
script.hotjar.com
se.semasio.net
secure.adnxs.com
secure.node7seat.com
settings.luckyorange.net
simage2.pubmatic.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
sync.1dmp.io
sync.crwdcntrl.net
sync.e-volution.ai
sync.teads.tv
t.co
tags.adsafety.net
tags.bluekai.com
tags.srv.stackadapt.com
token.rubiconproject.com
uipglob.semasio.net
ups.analytics.yahoo.com
vc.hotjar.io
www.facebook.com
www.gesa.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
x.bidswitch.net
sync.1dmp.io
104.244.42.133
104.75.89.75
107.178.244.119
108.138.34.128
109.206.161.21
13.107.42.14
13.248.245.213
139.162.141.41
141.193.213.20
141.94.170.64
141.95.33.111
151.101.0.114
172.217.18.2
172.67.75.100
18.164.52.121
18.184.216.10
18.197.205.97
18.198.126.47
18.66.192.32
18.66.192.46
18.66.192.99
185.167.164.43
185.80.39.216
185.86.138.155
193.135.9.128
198.47.127.205
2001:4860:4802:34::36
217.79.187.54
23.215.16.120
23.55.161.187
2600:9000:2450:b000:1b:5138:8a40:93a1
2600:9000:26db:1c00:2:53b2:240:93a1
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:811::200e
2a00:1450:4001:828::2008
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9b
2a02:26f0:780::210:a423
2a02:6ea0:c700::19
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
3.230.203.248
3.69.98.172
3.71.149.231
34.111.113.62
34.255.25.245
35.156.85.133
35.166.204.132
35.186.228.179
35.190.24.218
35.244.159.8
35.244.174.68
37.157.2.247
37.157.3.29
37.157.6.233
37.252.171.21
46.19.11.36
51.11.20.152
52.10.176.180
52.211.126.31
52.218.105.226
52.223.40.198
52.49.54.245
52.50.46.27
52.58.93.190
52.72.63.169
52.88.183.153
54.198.99.45
67.199.248.11
69.169.86.38
69.173.144.138
69.173.144.165
72.246.169.24
74.208.214.109
77.243.51.121
77.243.51.122
85.114.159.93
95.101.148.198
99.81.190.73
00bca6a9271b5e1cbb3965a74f48c1ce0b72bcbf08790aa2cab95f8dc5362153
013c037f68d07cd5a0a595f89995290aec3addca27079bc47ecd128440b06b3a
01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874
01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c
02db514c71e425571cc1597a69035d8a01e5aaaf6b915727859cb35e0a19c667
08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb
09bb15f21c30116957d4917230f723fd982a18e323b9728dee8825ee409b5715
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40
14ab9d038257f517c4e1b485d7a9228fe500c0ebfa571350232f73f2c1c8e991
1617a8a30bd63ec5a1a6cb66bcffd2003006b6c17401d19c1798fc5d3adbf428
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
246faa0aca51a7be47ae13827bffdec1f0e69699d291c727646b56e83ee1fd0e
27c3bae726c78894582c23e5b507dda2dacd2c5c8aa9afe17ae179519e4ba3e0
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ab3e551a00e42d26345b97efa5cd85ee0607d976c7e4ac38954cdde73cc088b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
344b9afc95de46545b012d7ff0f8ff8f2d0268f368c29205be12b638d0c70853
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4
3a1a46ac2072c8217552fbe3507fee9174920951334bc15761ba2fd8974673f5
3e77dafe902b5371d42c7e236b778a91874bfb8bdb2dc82b3ee3d4803d20fd9d
3ea0ae12147c76e3b4e6ad26bfb580121295c8aa91480dee7b7e579dd00eb23d
42a4d2b094eeb6134d5e461c0208b45a8e7b2b60480eba03137d441204757be5
42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63
4a518bd1723da2b6011895ad68059361ebb4cb80de3eec9145eacee89ddd9745
4a7fdd491f449c314d884b9b9b6d11cfe037179d84e567a62e1e19584881e3e9
4ad88e6a32db51a41cff1741970ca95b3e433fbfb8be269c72f881a42f2b88c6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020
5376bdc254d68c21a98be73797d36d5a84523afb7c7bdc4d756853ca2bab7ea9
53d8923f74c6b3e4a21745f6edf891b2699aca8920c433dbbc4ff8a7c6e4df9f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56b5657bff35bbe112f34badd18e9e24a2c440a76c2b91886541a44d281b69a1
58a752f5a1298d0757f7953670951352ab722958e4332e1f1f20a315f836e6e5
5ceb0c2088d29cecbe3ee571dc3cf6fec764bbb7c73f0e22c73007149a2ce68d
5d80f13fd7524318f81eb1301170d4d0fbee242c12403c01f3a06c9f681192c7
62eae656d047defc6a444456fb8878aa962ccab6a6841a503fd275cbaeb0b59c
639050fc823c0c4d1ce0758335e33f39ef21104cf0caacc110015fc0de64dd4d
641611b58754d802f2a7672c62a4d15ee0950f47c28f1bb9b2c1f38d9f7bca50
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
6816ba59d3757e525880fbf568b3faf808ffc743411d46ebfb33a543247ad628
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
69e44c375709f3cb0fdb9f09b3a7a2ff406685331b4dabc487dba60c1b763081
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b5116bd2cb4809c6634b99a9b1ea0a0aeda596a94817682a0e4811e35eccc58
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f47116b10e3e156f70ab31279c1fa298e34f89ff75af6eea89c2dc092362fa2
715684990a3c7057390ecbe7a06712fc61e73187001f7e95a5c20c3ee910a264
73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213
7866661e9747c63d27963b389bd0bbc19c29dc5255cf7393b727368927e9b06c
7a2adf4c1187ff44afb6596a750c078a97b07717364daade11a8c337771832e0
7ae7023d0b6ac703a64f3668965af39a7d4c4607ec149cb28caf1c99bd0ccfbc
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b354a0e73e811d7d49e6a34cff8a1ca999296498a411ace5efad1c5fc7f58bf
7e6c39ab37a92035619ffbf66dd293f6d6980fc1bebdaeb9a0b922775abc32eb
83059e4c1a5c210e5585d96779fe655170817193d43e247c78dffaae7b7ba3a9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843d014cccdff92607c56b9e6518619a50b7e2d78b255f7fa4ce22a5f2c6ecde
8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf
87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c
884ec4af3e42aa326e687947185fce05ecdbd42e4a4481de91495ab423a5259c
88bd92a6561a1c265ddd5add029ede12c5acbe96ff6c2d7f0b24c983758466b7
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b05b02a2907b12c3509e09755f9959c91b2cd50ceaa3bf643e73d129c29ca9e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e4eb2fbe2428b73be6461073a48b2059abde0936219b8c1b2cc4b7dfbd85d83
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
99c28ba77690124b83aea8cdbbb17ab1145ba247c791aeb4bad747b4248ac459
9baa5dfd467e7b370ab5de74725204791016c4f2396d63e15ecffc8c8656d92c
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
9f44c23cd534cd96908fe5240e7894eb0743790611fc92ea6b16f48123008266
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2d08b113e8daf0b53bb3db61c89decedb257866aeaadd5b655e787872119a01
a496ca0aa2b9981aef70474b2219472dcf25db655779c48e3ab018e268857558
a4a938a73e9d32a643ce6d8ee96e1b86679c44f801e9668382a0bba44587cbd7
a797cb4ee387df9b7eadadb28483dc749011ae6c326938ea0a466c40333bcffe
a7a48fa6cb504cd6b3a100bc030c08d4d9fdebe02e34dac731ef26ac61e92714
aa40111e30b48fba40d8a719f9102bcf3bab3faedce696673fd4e13998e16e0a
ab3598e2d6ad2d1e9feef533adf3665cd58c4eeb1916ae652d2c42794bf0a801
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8
b10604af435fcda6674878212b06d1b8d557aee0f5c877dc5befab22ebf71c9a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b358915252ba0e190c01550a54e89bb37c29925c45f71d0244bfed51c188a49c
b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
b936db5880aa9b6b2f26a8d32fc2b689fb75f69d971b94194f16dba801221ffe
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c3691bbea50c1efafe106b26f3e2bb230d3addc6730c3b91708ebe36a58afef4
c765de95a79197f5b6b5c551eda9c6346a41b634127a7d87415d9565184aedd8
c9a4cb0cca43a12294c833b2d4953bc0ac830fef9d1c503bd8943846a7431bbe
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056
cc65806adf6c251323693c9b7adb6b97e19879aa2f5428f2f05c0f08fca18404
cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d21ead9e4dc3bd3752526a6c2fdeba86a0773be09f5216afef3607ec302a47cc
d2d5b4ad97c4e3931210f9cb298663e8cdd2ba788b89d78292166b6341dcca51
d2d92ee9c3d13c54f11e88045a5f5ed45550cee1ce7c1b653a9da645d65400fb
d5ea45f8ad8b8df8cdebe87f18cfce232468b3e6a028880773a8d09e13789ac8
dc50c28f1db50dbce579d4738a0e55001a5f954df3307ca5d502f42202d1d05c
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df2db24627d3ae386f88ca9b731b1eb2c7ada1a09223a8a5c9fce2636be9efbb
e311a4dee7448c00e49f6accc51fd1c81d4603eb9b224523ef54ea4ea883eb54
e33937c8718b4891cefe03686c4bac285d9265052427e705bce7e677659ed765
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c1345dbf10a89d8013203c93701448c3eb930283fd846d470fedfde54062a7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd7352c37139c5858044eb29bbc9c46c1edf90cc9a85edfff14ece73cbfcd82
f085b0387d391f11026a10c6ea821ebbe9e2b7f7e065a4368ef5ff6589a79737
f5426047afa453b66c7593fe2670a6982256248ee9b24712ad42eb87438f1308
f6eb858ead7f15dcd18541c5433714e0c0966d81b8d009a2d49e5a181e548fbb
f8aa916be8ee9babafc0055de42bd64e344202fe3223d463d0cc35e1637f1ea1
fce72286616cdba01336a115689f8f0638ca3ab7b41651f43c062b870daad1cd
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
ff0a79ec21356d69477f2e854838c684d1a18f82c8c384dc8530efd60392f18b
ff4961dda4383b1a3727e5aa981024c40cb07005f89e3264a3ab423eb356380f

www.gesa.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

171 Requests

87 %HTTPS

18 %IPv6

72 Domains

86 Subdomains

64 IPs

9 Countries

2292 kBTransfer

6370 kBSize

105 Cookies

8 Outgoing links

Page URL History

Redirected requests

171 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.gesa.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

171
Requests

87 %
HTTPS

18 %
IPv6

72
Domains

86
Subdomains

64
IPs

9
Countries

2292 kB
Transfer

6370 kB
Size

105
Cookies

171 HTTP transactions
10 data transactions