fanduel.savings.workingadvantage.com Open in urlscan Pro
172.64.148.145 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_...
Effective URL:
https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_...
Submission: On October 26 via api (October 26th 2023, 3:17:53 pm UTC) from US — Scanned from DE

Summary HTTP 175 Redirects Behaviour Indicators

Summary

This website contacted 23 IPs in 4 countries across 18 domains to perform 175 HTTP transactions. The main IP is 172.64.148.145, located in United States and belongs to CLOUDFLARENET, US. The main domain is fanduel.savings.workingadvantage.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2023. Valid for: a year.

This is the only time fanduel.savings.workingadvantage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 46	172.64.148.145 172.64.148.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a02:26f0:350... 2a02:26f0:3500:591::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
2	54.229.208.26 54.229.208.26	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
3	63.140.62.160 63.140.62.160	16509 (AMAZON-02) (AMAZON-02)
13	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
5	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c09::9a	15169 (GOOGLE) (GOOGLE)
2	13.32.27.99 13.32.27.99	16509 (AMAZON-02) (AMAZON-02)
2	18.66.122.29 18.66.122.29	16509 (AMAZON-02) (AMAZON-02)
2	199.38.167.54 199.38.167.54	54312 (ROCKETFUEL) (ROCKETFUEL)
1 3	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
1	54.209.229.152 54.209.229.152	14618 (AMAZON-AES) (AMAZON-AES)
10	172.64.150.236 172.64.150.236	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
2	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
1	66.235.152.107 66.235.152.107	15224 (OMNITURE) (OMNITURE)
1	3.210.211.38 3.210.211.38	14618 (AMAZON-AES) (AMAZON-AES)
175	23

46 172.64.148.145 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

fanduel.savings.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
auth.savings.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a02:26f0:3500:591::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.208.26 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-208-26.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.140.62.160 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-160.data.adobedc.net

smetrics.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c09::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.27.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-99.fra56.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.122.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-29.fra60.r.cloudfront.net

cdn.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.54 (United States)

ASN54312 (ROCKETFUEL, US)

com-wag3.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.122 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.209.229.152 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-229-152.compute-1.amazonaws.com

people.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.64.150.236 (United States)

ASN13335 (CLOUDFLARENET, US)

fanduel.savings.beneplace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.107 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-107.data.adobedc.net

entertainmentbenefit.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.211.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-211-38.compute-1.amazonaws.com

events.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	workingadvantage.com 3 redirects fanduel.savings.workingadvantage.com smetrics.workingadvantage.com — Cisco Umbrella Rank: 178710 auth.savings.workingadvantage.com — Cisco Umbrella Rank: 252310	4 MB
19	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	1 MB
18	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	83 KB
18	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 466	663 KB
10	beneplace.com fanduel.savings.beneplace.com	20 KB
8	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 393	313 KB
4	boomtrain.com cdn.boomtrain.com — Cisco Umbrella Rank: 5248 people.api.boomtrain.com — Cisco Umbrella Rank: 5652 events.api.boomtrain.com — Cisco Umbrella Rank: 8746 Failed	61 KB
4	gstatic.com fonts.gstatic.com	55 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	56 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	100 KB
3	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 495	2 KB
2	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 225	785 B
2	netmng.com com-wag3.netmng.com — Cisco Umbrella Rank: 139138	5 KB
2	rezync.com live.rezync.com — Cisco Umbrella Rank: 1922	14 KB
2	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 228	2 KB
1	omtrdc.net entertainmentbenefit.tt.omtrdc.net — Cisco Umbrella Rank: 140724	949 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 562	26 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78	361 B
175	18

	Domain	Requested by
36	fanduel.savings.workingadvantage.com	1 redirects fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com
19	www.googletagmanager.com	fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com www.googletagmanager.com www.google-analytics.com
18	assets.adobedtm.com	fanduel.savings.workingadvantage.com assets.adobedtm.com auth.savings.workingadvantage.com
13	www.google-analytics.com	fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com www.googletagmanager.com www.google-analytics.com
10	fanduel.savings.beneplace.com	auth.savings.workingadvantage.com
10	auth.savings.workingadvantage.com	2 redirects fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com
8	maps.googleapis.com	fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com
5	region1.google-analytics.com	www.googletagmanager.com
4	fonts.gstatic.com	fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com
4	cdnjs.cloudflare.com	fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com
4	cdn.jsdelivr.net	fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com
3	secure.adnxs.com	1 redirects fanduel.savings.workingadvantage.com
3	smetrics.workingadvantage.com	fanduel.savings.workingadvantage.com auth.savings.workingadvantage.com
2	bam.nr-data.net	auth.savings.workingadvantage.com js-agent.newrelic.com
2	com-wag3.netmng.com	fanduel.savings.workingadvantage.com
2	cdn.boomtrain.com	fanduel.savings.workingadvantage.com
2	live.rezync.com	fanduel.savings.workingadvantage.com
2	dpm.demdex.net	assets.adobedtm.com auth.savings.workingadvantage.com
1	entertainmentbenefit.tt.omtrdc.net	auth.savings.workingadvantage.com
1	js-agent.newrelic.com	auth.savings.workingadvantage.com
1	events.api.boomtrain.com	fanduel.savings.workingadvantage.com
1	people.api.boomtrain.com	fanduel.savings.workingadvantage.com
1	stats.g.doubleclick.net	fanduel.savings.workingadvantage.com
175	23

This site contains no links.

Subject Issuer	Validity	Valid
workingadvantage.com Cloudflare Inc ECC CA-3	`2023-07-06` - `2024-07-04`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
smetrics.workingadvantage.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-09` - `2024-08-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
*.rezync.com Amazon RSA 2048 M02	`2023-10-25` - `2024-11-21`	a year	crt.sh
*.boomtrain.com Amazon RSA 2048 M02	`2023-02-09` - `2024-03-09`	a year	crt.sh
*.netmng.com Sectigo RSA Domain Validation Secure Server CA	`2023-01-23` - `2024-02-04`	a year	crt.sh
*.api.boomtrain.com Amazon RSA 2048 M03	`2023-09-16` - `2024-10-14`	a year	crt.sh
beneplace.com Cloudflare Inc ECC CA-3	`2022-12-31` - `2023-12-31`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
Frame ID: 1AF7AC68B809FFA6FBFAA801249A715E
Requests: 172 HTTP requests in this frame

Frame: https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
Frame ID: CA37DFD0F3605D5C45E3B6CB6738620C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October... Page URL
https://auth.savings.workingadvantage.com/auth/authorize?subdomain=fanduel&response_type=code&client_id=9ezalirn45mF43... HTTP 302
https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_sour... Page URL
https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October... Page URL
https://auth.savings.workingadvantage.com/auth/authorize?subdomain=fanduel&response_type=code&client_id=9ezalirn45mF43... HTTP 302
https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

175
Requests

83 %
HTTPS

41 %
IPv6

18
Domains

23
Subdomains

23
IPs

4
Countries

6868 kB
Transfer

28520 kB
Size

28
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva Page URL
https://auth.savings.workingadvantage.com/auth/authorize?subdomain=fanduel&response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva HTTP 302
https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva Page URL
https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com Page URL
https://auth.savings.workingadvantage.com/auth/authorize?subdomain=fanduel&response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton HTTP 302
https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js

Request Chain 38

https://secure.adnxs.com/seg?add=32509374&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

Request Chain 43

https://auth.savings.workingadvantage.com/auth/authorize?subdomain=fanduel&response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva HTTP 302
https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva

175 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 home Show response
fanduel.savings.workingadvantage.com/ 10 KB
4 KB 204ms
134ms Document
text/html 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e6c390b8e2c482eea3f06cb4ab164c845e36054e1dbe555b9c81f0c3b9ccd7c

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 81c3aade1950917c-FRA
content-encoding: br
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
content-type: text/html; charset=utf-8
date: Thu, 26 Oct 2023 15:17:40 GMT
last-modified: Wed, 25 Oct 2023 01:22:51 GMT
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 launch-a0e5cece2585.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/ 621 KB
151 KB 66ms
15ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0243c31edfa364b267018adb5220cf2ccc54e61f1b5a472fa7ba9cc6c1a4c984

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "e33d264b6768a8b8fee1604b859d7748:1696974419.198914"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 154061
expires: Thu, 26 Oct 2023 16:17:40 GMT

GET
H2 200 new-relic-integration.js Show response
fanduel.savings.workingadvantage.com/assets/new-relic/ 51 KB
18 KB 167ms
160ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:22:50 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386dea-ccde"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3aadf1ac6917c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
25 KB 106ms
56ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18647160
x-jsd-version: 4.5.3
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1663-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pp6WoJnJrf2bQK6SnWRtQsc8T4bmo%2FmvXjxbxYvI%2Fm39mWrqMBpgPqBrYgqYFR6o0BkqmVL3bUfWrqLheSBLrRjSn3ANjul3wtCkDpRw%2F3pMntFp6dQ6J%2B0kyl8M0wfKRQwDl0LeliZMq%2Bpv9bM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 81c3aadf58332c3a-FRA

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 243 KB
78 KB 321ms
160ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

9a9259e930e3dae8b97c60c968b0815db8d0382bb1f3ab236af138a211579e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80001
x-xss-protection: 0

GET
H2 200 web-animations.min.js Show response
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/ 47 KB
14 KB 110ms
60ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 19317208
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13763
last-modified: Mon, 04 May 2020 16:17:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb0402f-bad6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zZlqwKhsfkcAIn4ukn0zx9Bgz5J%2BLOIEL0YeM7cGKoH8GkWLoOmF1tDCI%2F%2BeARhG1qYwcVPz2lm26U0KBeCRhrEKsqiB270Dtc%2BW2DIWtFqZfDHrvJTSWxRvmhpZOVZZhSsQFWst6m%2B68f7z2V97fUXw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 81c3aadf5e7d18fd-FRA
expires: Tue, 15 Oct 2024 15:17:40 GMT

GET
H2 200 runtime-es2015.b04fffef486941b9e47d.js Show response
fanduel.savings.workingadvantage.com/ 4 KB
2 KB 157ms
151ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/runtime-es2015.b04fffef486941b9e47d.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6ef9ffffb88d08f27175148b71182885d3f5afd482cdd0dd819a7230dfc7a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:20:08 GMT
server: cloudflare
content-encoding: br
etag: W/"65386d48-e1a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3aadf1ac8917c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 polyfills-es2015.75d458ddb35d2c6c96ea.js Show response
fanduel.savings.workingadvantage.com/ 143 KB
46 KB 180ms
174ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/polyfills-es2015.75d458ddb35d2c6c96ea.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f1403f29af77729e3caa999fb9e78ea109799e15e9cc13c9b6f5704e42ded13

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:20:12 GMT
server: cloudflare
content-encoding: br
etag: W/"65386d4c-23a44"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3aadf1acb917c-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 scripts.839823a06217b7c66e38.js Show response
fanduel.savings.workingadvantage.com/ 165 KB
53 KB 308ms
307ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:20:07 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386d47-2957f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3aae12ee39b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 main-es2015.4793c8498241675dedc6.js Show response
fanduel.savings.workingadvantage.com/ 5 MB
1021 KB 163ms
158ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/main-es2015.4793c8498241675dedc6.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c2304465e0076a791a63d6aecdc3efefdc44e67ca7b48fb1bfff1e3e1e1dae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:22:46 GMT
server: cloudflare
content-encoding: br
etag: W/"65386de6-50a3a4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3aadf1acf917c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 230 KB
77 KB 346ms
148ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

129738b670a7e2ab64ce1b59a4eaace2a205c15eaf997e9ce7c30695ecc15e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78519
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:40 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 185 B
852 B 432ms
138ms XHR
application/json 54.229.208.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1698333460580

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.229.208.26 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-229-208-26.eu-west-1.compute.amazonaws.com

Software

Resource Hash

75ce10fb7ef84080dc8734e662e1b4565343b9dfbeb97544a81c5a0e4a33fb3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v053-0da6b0dfe.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: qiOenhLERIY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://fanduel.savings.workingadvantage.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 186
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 53ms
52ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Thu, 26 Oct 2023 16:17:40 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 63ms
63ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Thu, 26 Oct 2023 16:17:40 GMT

GET
H3 200 styles.76ee3d6b13884baf7097.css
fanduel.savings.workingadvantage.com/ 99 KB
17 KB 207ms
207ms Stylesheet
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/styles.76ee3d6b13884baf7097.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65b182304c6036dfb7e6ead8c6931a2fd13f2228bc868eb6e6674aac424f51de

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:40 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:20:07 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386d47-18b4c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
cf-ray: 81c3aae13ee79b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 14 KB
14 KB 276ms
127ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:37:58 GMT
x-content-type-options: nosniff
age: 164382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13980
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 17:37:58 GMT

GET
H2 200 id Show response
smetrics.workingadvantage.com/ 48 B
481 B 256ms
62ms XHR
application/x-javascript 63.140.62.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=17633928718679863464533988600680428457&cl=157680000&d_coppa=true&ts=1698333461024

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.160 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-160.data.adobedc.net

Software

jag /

Resource Hash

5bf58722d517051ccf2c117b15c0ffc43011fc70b4424f816bea6ef7eb17f17f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 26 Oct 2023 15:17:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 208ms
89ms XHR
application/json 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 272 KB
90 KB 90ms
89ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

041a64a8fe97feda05ceeefe59a570f0e2e528561f33e3d023206ae349eabf0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92346
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 278ms
116ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 26 Oct 2023 14:43:56 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2025
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 26 Oct 2023 16:43:56 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
269 B 204ms
66ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684z878847533&_p=1829450726&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698333461&sct=1&seg=0&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva&dt=Beneplace%20Team%20Discounts&en=page_view&_fv=1&_nsi=1&_ss=1&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva&up.pb_site_name=fanduel&up.page_path=%2Fhome&up.user_id_value=&up.zip_code=NaN
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
237 B 61ms
59ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1829450726&t=pageview&_s=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1898150477&gjid=1858483018&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&_r=1&_slc=1&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=628047664

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1da6ad9dfce9466037ec92e1f7699158c9a9347c669333c724f5cf6f3a7c0634

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
361 B 180ms
63ms XHR
text/plain 2a00:1450:400c:c09::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2876877-9&cid=1973308131.1698333462&jid=1898150477&gjid=1858483018&_gid=1044430447.1698333462&_u=YADAAEAAAAAAACAAI~&z=1480816015

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 26 Oct 2023 15:17:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 252 KB
85 KB 73ms
72ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c424bd21a4f96d6af5837d1b5ebdcd00f46b86be9eef24c529b89fcb181a4141

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86845
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:41 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 122ms
121ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je3an0v9126564266&_p=1829450726&gcd=11l1l1l1l2&ul=en-us&sr=1600x1200&cid=1973308131.1698333462&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva&dt=Beneplace%20Team%20Discounts&sid=1698333461&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 info Show response
fanduel.savings.workingadvantage.com/api/ 7 KB
2 KB 191ms
190ms XHR
text/html 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/info

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

664cf9ddd63f0e68714dc6c16b7c70d7526e7282baa6b0fe146d02e5a319d9d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
tracestate: 88831@nr=0-1-2647367-1120218725-eb1f62d55362a60b----1698333462147
traceparent: 00-f661fdb95167d28e925992286656b600-eb1f62d55362a60b-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImViMWY2MmQ1NTM2MmE2MGIiLCJ0ciI6ImY2NjFmZGI5NTE2N2QyOGU5MjU5OTIyODY2NTZiNjAwIiwidGkiOjE2OTgzMzM0NjIxNDcsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aaea7b159b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:41 GMT

GET
H3 200 marketplace-styles.css Show response
fanduel.savings.workingadvantage.com/api/fanduel/ 32 KB
5 KB 663ms
662ms XHR
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/fanduel/marketplace-styles.css

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1576aaf6d192bcd0e059cd15d3b68a183895909a41f473e1aaa0cb2919c41b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
tracestate: 88831@nr=0-1-2647367-1120218725-74476c118ac2945a----1698333462148
traceparent: 00-76ec86a8959141c71d29b6b71ad27400-74476c118ac2945a-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6Ijc0NDc2YzExOGFjMjk0NWEiLCJ0ciI6Ijc2ZWM4NmE4OTU5MTQxYzcxZDI5YjZiNzFhZDI3NDAwIiwidGkiOjE2OTgzMzM0NjIxNDgsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"8128-ieekTvxwGihSJtxj0D9Ar83ZC7g"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aaea7b199b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:41 GMT

GET
H3 200 colors.css Show response
fanduel.savings.workingadvantage.com/api/fanduel/ 3 KB
837 B 328ms
327ms XHR
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/fanduel/colors.css?scope=:root,app-logged-in,ngb-modal-window

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3886c5ae4348a2bc69a71cbf779880b8899dff1412fe2dd2d7e2711bad9cfc3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
tracestate: 88831@nr=0-1-2647367-1120218725-d6e5592f9f578b1e----1698333462149
traceparent: 00-59984f8d86a2ac447c6c086cb761f000-d6e5592f9f578b1e-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImQ2ZTU1OTJmOWY1NzhiMWUiLCJ0ciI6IjU5OTg0ZjhkODZhMmFjNDQ3YzZjMDg2Y2I3NjFmMDAwIiwidGkiOjE2OTgzMzM0NjIxNDksInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"aa2-AixcMtMEVOtUBtfgO9XF5S9/vBw"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aaea7b1b9b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:41 GMT

GET
H2 200 RCea9d317d3a374e44b3f0f8711e38765e-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/ 2 KB
1020 B 17ms
17ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f92af17b23f77c222229cf069ee967e0786a95665bd87cbfc984fe3de13c3ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 750
expires: Thu, 26 Oct 2023 16:17:42 GMT

GET
H3

200

main.js Show response
fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/ Frame CA37
Redirect Chain

https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js

7 KB
4 KB

49ms
46ms

Script
application/javascript

172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js

Requested by

Protocol

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fac5bc83e77d19524cfa010a2478390cdccd943d4628fa7f36f9a9d467e57bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 81c3aaeb5c249b52-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 26 Oct 2023 15:17:42 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
cache-control: max-age=300, public
cf-ray: 81c3aaea9b309b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 sync Show response
live.rezync.com/ 6 KB
7 KB 280ms
180ms Script
text/javascript 13.32.27.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1698333462291&k=ebg-wag3-pixel-0988
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-99.fra56.r.cloudfront.net
Software: lighttpd/1.4.69 /
Resource Hash: c3af6dd4f60a329604e3563c6478c2b690ffeda2892552d8ca0d4442dbb5cb12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
via: 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
server: lighttpd/1.4.69
x-amz-cf-pop: FRA56-C2
vary: Cookie
x-cache: Miss from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 6373
x-amz-cf-id: rBU-P6-ZPXGFMqteLURudQ-ZUAkCbW2kUVC4CzA3VH9DZt_TdjodtA==

POST
H3 200 81c3aade1950917c Show response
fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame CA37 0
306 B 92ms
91ms XHR
text/plain 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/jsd/r/81c3aade1950917c

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 81c3aaec7d459b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 fanduel Show response
fanduel.savings.workingadvantage.com/api/controls/ 2 KB
1 KB 455ms
455ms XHR
application/json 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/controls/fanduel

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d733e0f556966c0783cd8d7fa304ea033509c93a202167e84fd337681ca1a94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
tracestate: 88831@nr=0-1-2647367-1120218725-456d426fc1b2fb10----1698333462478
traceparent: 00-e24a757378bab6f607ff516d3f9ddb00-456d426fc1b2fb10-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjQ1NmQ0MjZmYzFiMmZiMTAiLCJ0ciI6ImUyNGE3NTczNzhiYWI2ZjYwN2ZmNTE2ZDNmOWRkYjAwIiwidGkiOjE2OTgzMzM0NjI0NzgsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"802-v9eGn7h9ufcBa7plcRSLDwfQUn4"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aaec8d4a9b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:41 GMT

GET
H/1.1 200
OK p13n.min.js Show response
cdn.boomtrain.com/p13n/ebg-wag3/ 93 KB
30 KB 294ms
80ms Script
application/javascript 18.66.122.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-29.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6657dc9f6ee9fef340fa05ea4110332efb39d8f4e0d7da0aa080b59691eb53ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-amz-version-id: ZG.w.l49O_ew7ONL.VJfy_bYdRjSIbb_
Content-Encoding: gzip
Via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
Date: Thu, 26 Oct 2023 14:49:37 GMT
X-Amz-Cf-Pop: FRA60-P2
Age: 1685
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 24 Oct 2023 04:34:10 GMT
Server: AmazonS3
ETag: W/"6f20e9c72330eb507ebd90a9fe7026e5"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=3600
X-Amz-Cf-Id: m2KZKKPw2wTvYKvGbSGYzWXFq9T721MbjU0BsdBw_sC3vn27jr8y7A==

GET
H/1.1 200
OK /
com-wag3.netmng.com/ 3 KB
2 KB 926ms
108ms Script
text/javascript 199.38.167.54
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.38.167.54 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 26 Oct 2023 15:17:43 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Oct 2023 15:17:43 GMT
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Content-Type: text/javascript; charset=UTF-8
X-Cnection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private
Expires: Tue, 24 Oct 2023 15:17:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 196 KB
71 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-12084042

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83cdb915695497262c083ea6e1fb5f0c5f970c7844a59753fd9f45ddee514f24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72171
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:42 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 190 KB
68 KB 134ms
133ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

118a83fc35c77664f7ea3846ecc918252c6dc2560e900382e87de91e4ec671cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69899
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:42 GMT

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=32509374&t=2
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

43 B
842 B

74ms
73ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

Requested by

Protocol

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:42 GMT
an-x-request-uuid: f33fddb5-51d5-4fd5-bc16-d9ada843700d
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 37.58.58.249; 37.58.58.249; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:42 GMT
an-x-request-uuid: eee1a58b-d25f-4ac3-bae2-bfa285947923
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2
x-proxy-origin: 37.58.58.249; 37.58.58.249; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK resolve
people.api.boomtrain.com/identify/ 142 B
457 B 645ms
130ms XHR
application/json 54.209.229.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiYTEwYzVhNTQtZWFkYS00YmNmLThkNGEtMmQzMGYzMmY5MjNjOjE2OTgzMzM0NjIuNDY4Mzc0In19&site_id=ebg-wag3
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.209.229.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-209-229-152.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Thu, 26 Oct 2023 15:17:43 GMT
Server: nginx
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Content-Length: 142

GET
H3 401 dlk-compare
fanduel.savings.workingadvantage.com/api/known/ 182 B
516 B 214ms
214ms XHR
application/json 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/known/dlk-compare?guid=4t0c87u90m5xh9klrfncjusva

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
tracestate: 88831@nr=0-1-2647367-1120218725-4f638ea1a154d8da----1698333462990
traceparent: 00-3fad9ef50e4b712589ff641595555c00-4f638ea1a154d8da-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjRmNjM4ZWExYTE1NGQ4ZGEiLCJ0ciI6IjNmYWQ5ZWY1MGU0YjcxMjU4OWZmNjQxNTk1NTU1YzAwIiwidGkiOjE2OTgzMzM0NjI5OTAsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by
etag: W/"b6-lGFIUF59ZyAYAhOl/ILN9N2OvBU"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cf-ray: 81c3aaefb8f99b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
content-length: 182
alt-svc: h3=":443"; ma=86400

GET
H3 200 info
fanduel.savings.workingadvantage.com/api/ 8 KB
3 KB 228ms
227ms XHR
application/json 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/info?authInfo=true

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&DLK=4t0c87u90m5xh9klrfncjusva
tracestate: 88831@nr=0-1-2647367-1120218725-a4658702abe7e221----1698333462994
traceparent: 00-62e844844d634cc812e5eb245e3d3c00-a4658702abe7e221-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImE0NjU4NzAyYWJlN2UyMjEiLCJ0ciI6IjYyZTg0NDg0NGQ2MzRjYzgxMmU1ZWIyNDVlM2QzYzAwIiwidGkiOjE2OTgzMzM0NjI5OTQsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"2037-aeYzbZBxcW1vb8vHBH4rc/G6FSE"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aaefc8fe9b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:42 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 34ms
31ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1829450726&t=pageview&_s=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=FanDuel%20Group%20Marketplace&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=523794505

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 21:13:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 65049
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sign-in Show response
auth.savings.workingadvantage.com/fanduel/
Redirect Chain

https://auth.savings.workingadvantage.com/auth/authorize?subdomain=fanduel&response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo...
https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreF...

11 KB
3 KB

131ms
130ms

Document
text/html

172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/main-es2015.4793c8498241675dedc6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3b83ced5629150dbea6190afe5ad44feaef7987587aa905a7254ee701c2a3a0

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 81c3aaf2fcaa9b52-FRA
content-encoding: br
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
content-type: text/html; charset=utf-8
date: Thu, 26 Oct 2023 15:17:43 GMT
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

Redirect headers

access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: http://auth.savings.workingadvantage.com
alt-svc: h3=":443"; ma=86400
cache-control: no-cache no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 81c3aaf1ec74917c-FRA
content-type: text/html; charset=utf-8
date: Thu, 26 Oct 2023 15:17:43 GMT
expires: Thu, 26 Oct 2023 15:17:42 GMT
location: /fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Origin, Accept
x-content-type-options: nosniff
x-powered-by

GET
H2 200 RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/ 451 B
555 B 24ms
21ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 285
expires: Thu, 26 Oct 2023 16:17:43 GMT

POST track
events.api.boomtrain.com/event/ 0
0

GET
H2 200 RC668a267ca36c45b5acca38f3e4360a76-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/ 340 B
484 B 40ms
39ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 215
expires: Thu, 26 Oct 2023 16:17:43 GMT

POST collect
region1.google-analytics.com/g/ 0
0

GET
H2 200 launch-a0e5cece2585.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/ 621 KB
151 KB 20ms
13ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by: Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0243c31edfa364b267018adb5220cf2ccc54e61f1b5a472fa7ba9cc6c1a4c984

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "e33d264b6768a8b8fee1604b859d7748:1696974419.198914"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 154061
expires: Thu, 26 Oct 2023 16:17:43 GMT

GET
H3 200 new-relic-integration.js Show response
auth.savings.workingadvantage.com/assets/new-relic/ 51 KB
18 KB 153ms
149ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386efe-ccde"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3aaf3fd929b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
25 KB 45ms
40ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.savings.workingadvantage.com/
Origin: https://auth.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18647163
x-jsd-version: 4.5.3
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1663-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9l5NdsqkxS6kbZpoUfRvXr2MjHDL2RadLUYo2adcRlskKx38HlJl4%2BMJZPqAOiAgOKX78oyV1LWv%2FJWSrnQvrsWey8I5ai3asHXwfeZKzD3FG5a6ZqO0HrIzHQI2h80bdxz8QEEsnbjfb1%2BcHxk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 81c3aaf3fa4a2c3a-FRA

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 243 KB
78 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

9a9259e930e3dae8b97c60c968b0815db8d0382bb1f3ab236af138a211579e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80001
x-xss-protection: 0

GET
H2 200 web-animations.min.js Show response
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/ 47 KB
14 KB 37ms
32ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 19317211
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13763
last-modified: Mon, 04 May 2020 16:17:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb0402f-bad6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIVhkE0bMizI1QAQhitA44gdRieHjavEoJHL3wepM8kf4MJjkgFNjmtKADsSlw9WDEh%2Bps9Pv1j9rmKvozx95c8F%2BVMLE6gnXAXz7RSwjMgpAGlXW9pxT1cVvfWOg415c7WK7svyOry%2F6Y%2BIBUcnOL67"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 81c3aaf3fbbf18fd-FRA
expires: Tue, 15 Oct 2024 15:17:43 GMT

GET
H3 200 runtime-es2015.d65d9e1ef0e041f5ea49.js Show response
auth.savings.workingadvantage.com/ 1 KB
1 KB 154ms
150ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/runtime-es2015.d65d9e1ef0e041f5ea49.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3078803c6ef90f5b252cc62899b2d5dfc3d4842f80e7194d9acd57504d7b1ed5

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
Origin: https://auth.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:26:25 GMT
server: cloudflare
content-encoding: br
etag: W/"65386ec1-511"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3aaf3fd939b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 polyfills-es2015.83678f157fdb7aa8c9b4.js Show response
auth.savings.workingadvantage.com/ 121 KB
41 KB 150ms
147ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/polyfills-es2015.83678f157fdb7aa8c9b4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2921dc9f527117223206f193fc90b8c0fddc6dd38e744e932362af8cb1186c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
Origin: https://auth.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:26:27 GMT
server: cloudflare
content-encoding: br
etag: W/"65386ec3-1e5c7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3aaf3fd959b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 scripts.839823a06217b7c66e38.js Show response
auth.savings.workingadvantage.com/ 165 KB
53 KB 161ms
160ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:44 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:26:23 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386ebf-2957f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3aaf5af419b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 main-es2015.d1b10b000c1670dfd114.js Show response
auth.savings.workingadvantage.com/ 2 MB
401 KB 176ms
173ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/main-es2015.d1b10b000c1670dfd114.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cf98b1ce1a6ce2b5c6b88563939cf674a6ee7e234efa11c2491624d7d05d717

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
Origin: https://auth.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:27:26 GMT
server: cloudflare
content-encoding: br
etag: W/"65386efe-1a1069"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3aaf3fd979b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 230 KB
77 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a3a0d45bbdcb3cf2e7a719f6810682e678000ccbca5b65dbc14d2ea08077c9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78585
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:43 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 22ms
15ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Thu, 26 Oct 2023 16:17:43 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 27ms
20ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:43 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Thu, 26 Oct 2023 16:17:43 GMT

GET
H3 200 styles.7a30f38d0e88aa825854.css
auth.savings.workingadvantage.com/ 39 KB
8 KB 159ms
155ms Stylesheet
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/styles.7a30f38d0e88aa825854.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23249457a4658036071a9eed9216775069391781c9032aedcb09ab4c50a24f62

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:44 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:26:23 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386ebf-9bdf"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
cf-ray: 81c3aaf5af479b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 14 KB
14 KB 20ms
17ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://auth.savings.workingadvantage.com/
Origin: https://auth.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:37:58 GMT
x-content-type-options: nosniff
age: 164385
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13980
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 17:37:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 272 KB
90 KB 51ms
46ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

20f9d5c5abf76a24969934c8f78450c9a7d02a1d3688439edbd978749648644e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92421
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 37ms
34ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 26 Oct 2023 14:43:56 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2028
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 26 Oct 2023 16:43:56 GMT

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 57ms
56ms XHR
application/json 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 system-wide
fanduel.savings.beneplace.com/api/notifications/ 2 B
320 B 1123ms
256ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/notifications/system-wide

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by
alt-svc: h3=":443"; ma=86400
content-length: 2
server: cloudflare
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafcfba818de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H2 200 info
fanduel.savings.beneplace.com/api/ 8 KB
3 KB 1129ms
264ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/info?authInfo=true

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"2037-aeYzbZBxcW1vb8vHBH4rc/G6FSE"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafcfba918de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H2 200 info
fanduel.savings.beneplace.com/api/ 8 KB
3 KB 1034ms
170ms XHR
text/html 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/info?authInfo=true

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafcfbab18de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H2 200 info
fanduel.savings.beneplace.com/api/ 7 KB
2 KB 1042ms
180ms XHR
text/html 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/info

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafcfbac18de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H2 200 fanduel
fanduel.savings.beneplace.com/api/controls/ 2 KB
1 KB 1755ms
898ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/controls/fanduel

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"802-v9eGn7h9ufcBa7plcRSLDwfQUn4"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafcfbb118de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H2 200 marketplace-styles.css
fanduel.savings.beneplace.com/api/fanduel/ 32 KB
5 KB 1233ms
376ms XHR
text/css 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/fanduel/marketplace-styles.css

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"8128-ieekTvxwGihSJtxj0D9Ar83ZC7g"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafcfbad18de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H2 200 auth-v2
fanduel.savings.beneplace.com/api/google-experiments/ 4 KB
2 KB 1136ms
281ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/google-experiments/auth-v2

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafcfbaf18de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 15 B
35 B 20ms
19ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=513615091&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%253A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&_slc=1&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=1891773179

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b017bfb984b00d66e38ede36599b6c5650d3bed3011fc37a6ff5f041b1aa1a8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 17ms
16ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684z878847533&_p=513615091&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698333461&sct=1&seg=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%253A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&en=page_view&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%253A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&up.pb_site_name=auth&up.page_path=%2Ffanduel%2Fsign-in&up.user_id_value=&up.zip_code=NaN
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-spa.142f942f-1.239.1.min.js Show response
js-agent.newrelic.com/ 75 KB
26 KB 767ms
12ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa.142f942f-1.239.1.min.js

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-amz-version-id: sn0IxCI.MkvNIiRAoqe.awP2R5evqDa4
content-encoding: br
via: 1.1 varnish
date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=300
x-amz-request-id: 32QGWQ2Q8YXX70QC
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 25649
x-amz-id-2: 4mlkuD+JDth4wo/QBMctxAliSNTUsTApT5L8+f4cLmgB3l+45PsvOvXZA+c1qr+RAGpR2S5FDiI=
x-served-by: cache-fra-eddf8230054-FRA
last-modified: Wed, 18 Oct 2023 21:33:59 GMT
server: AmazonS3
x-timer: S1698333465.120908,VS0,VE0
etag: "929044c7a94ad93d4583f5b62538f46a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 3764

GET
H3 200 js
www.googletagmanager.com/gtag/ 253 KB
85 KB 38ms
33ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86852
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:45 GMT

POST
H/1.1 200
OK NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/1/ 40 B
423 B 211ms
121ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=1925&ck=0&s=2125144ac27cf9ec&ref=https://auth.savings.workingadvantage.com/fanduel/sign-in&af=err,xhr,stn,ins,spa&be=419&fe=718&dc=618&perf=%7B%22timing%22:%7B%22of%22:1698333463228,%22n%22:0,%22r%22:76,%22re%22:286,%22f%22:286,%22dn%22:286,%22dne%22:286,%22c%22:286,%22s%22:286,%22ce%22:286,%22rq%22:289,%22rp%22:419,%22rpe%22:420,%22di%22:720,%22ds%22:1035,%22de%22:1037,%22dc%22:1135,%22l%22:1135,%22le%22:1137%7D,%22navigation%22:%7B%22rc%22:1%7D%7D
Requested by: Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-eddf8230039-FRA

POST
H/1.1 200
OK NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/ 24 B
362 B 124ms
124ms XHR
image/gif 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2150&ck=0&s=2125144ac27cf9ec&ref=https://auth.savings.workingadvantage.com/fanduel/sign-in
Requested by: Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://auth.savings.workingadvantage.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230039-FRA

GET
H2 200 auth
fanduel.savings.beneplace.com/api/navigation/fanduel/auth_footer/US/ 959 B
704 B 462ms
461ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/navigation/fanduel/auth_footer/US/auth

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"3bf-fTrY/POxp8xLE7tJOcrV4J65oF4"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafeadd518de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H2 200 fanduel
fanduel.savings.beneplace.com/api/controls/ 2 KB
1 KB 157ms
157ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/controls/fanduel

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"802-v9eGn7h9ufcBa7plcRSLDwfQUn4"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3aafecdf418de-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:44 GMT

GET
H3 200 onetrust
fanduel.savings.beneplace.com/api/platform/options/ 501 B
966 B 401ms
400ms XHR
application/json 172.64.150.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.beneplace.com/api/platform/options/onetrust

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.150.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab02da531d8e-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:45 GMT

POST
H3 200 known
auth.savings.workingadvantage.com/auth/ 546 B
1 KB 290ms
289ms XHR
application/json 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.savings.workingadvantage.com/auth/known?subdomain=fanduel

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

tracestate: 88831@nr=0-1-2647367-1120218725-2ee0a8261c1414a1----1698333466080
traceparent: 00-209c2af8298b81a2f5dafccd8171af00-2ee0a8261c1414a1-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjJlZTBhODI2MWMxNDE0YTEiLCJ0ciI6IjIwOWMyYWY4Mjk4YjgxYTJmNWRhZmNjZDgxNzFhZjAwIiwidGkiOjE2OTgzMzM0NjYwODAsInRrIjoiODg4MzEifX0=
Content-Type: application/json
Accept: application/json, text/plain, */*
Referer: https://auth.savings.workingadvantage.com/fanduel/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo&utm_content=PreFooterButton&redirect_uri=https:%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"222-WN/Bzo2CqToemJehgz4A6N15+rc"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab031f639b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:45 GMT

GET info
fanduel.savings.beneplace.com/api/ 0
0

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 38ms
38ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=513615091&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%3A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=FanDuel%20Group%20Marketplace&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=SACAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=1709493723

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 21:13:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 65052
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK id
dpm.demdex.net/ 185 B
868 B 94ms
94ms XHR
application/json 54.229.208.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_mid=17633928718679863464533988600680428457&d_coppa=true&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=adobe_ecid%0117633928718679863464533988600680428457&d_cid_ic=ecid%0117633928718679863464533988600680428457&d_cid_ic=mcid%0117633928718679863464533988600680428457&ts=1698333466099

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.229.208.26 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-229-208-26.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v053-0f1e90e58.edge-irl1.demdex.com 4 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: pld6UEghTLU=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://auth.savings.workingadvantage.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
X-Error: 300,300
Connection: keep-alive
Content-Length: 187
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/ 343 B
482 B 27ms
27ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
Requested by: Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 215
expires: Thu, 26 Oct 2023 16:17:46 GMT

GET
H2 200 RC986b4d5825364bd4887033e40e20c549-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/ 757 B
697 B 27ms
27ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RC986b4d5825364bd4887033e40e20c549-source.min.js
Requested by: Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 429
expires: Thu, 26 Oct 2023 16:17:46 GMT

POST
H2 200 delivery
entertainmentbenefit.tt.omtrdc.net/rest/v1/ 781 B
949 B 173ms
58ms XHR
application/json 66.235.152.107
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://entertainmentbenefit.tt.omtrdc.net/rest/v1/delivery?client=entertainmentbenefit&sessionId=d192732dd7194d51aeae2d5e9f49ecda&version=2.8.2

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.107 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-107.data.adobedc.net

Software

jag /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 47aaca7f-1426-4946-a181-b49d9bb6f38c

POST
H2 200 s37476861054698
smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/ 43 B
369 B 28ms
28ms XHR
image/gif 63.140.62.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s37476861054698

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.160 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-160.data.adobedc.net

Software

jag /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 27 Oct 2023 15:17:46 GMT
server: jag
etag: 3647143347612155904-4617838688517706558
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
expires: Wed, 25 Oct 2023 15:17:46 GMT

GET
H3 200 home Show response
fanduel.savings.workingadvantage.com/ 9 KB
3 KB 131ms
130ms Document
text/html 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/main-es2015.d1b10b000c1670dfd114.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76c0d4b4667bcd9c15b2c1f0829b2fe37cfef3bb156485d9d3dce237adad03e6

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://auth.savings.workingadvantage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 81c3ab04d9a79b52-FRA
content-encoding: br
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
content-type: text/html; charset=utf-8
date: Thu, 26 Oct 2023 15:17:46 GMT
last-modified: Wed, 25 Oct 2023 01:22:51 GMT
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 200 s39842463874890
smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/ 43 B
235 B 29ms
25ms XHR
image/gif 63.140.62.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s39842463874890

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.160 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-160.data.adobedc.net

Software

jag /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 27 Oct 2023 15:17:46 GMT
server: jag
etag: 3647143347210158080-4617509320356088526
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: https://auth.savings.workingadvantage.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
expires: Wed, 25 Oct 2023 15:17:46 GMT

GET
H3 200 gtm.js
www.googletagmanager.com/ 230 KB
0 35ms
35ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Requested by

Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78552
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:46 GMT

GET js
www.googletagmanager.com/gtag/ 0
0

GET mouseflow
fanduel.savings.beneplace.com/api/platform/options/ 0
0

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
17ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=513615091&t=event&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%3A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=FanDuel%20Group%20Marketplace&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=dlk&ea=dlk-auth-success.interaction&el=%7Cfanduel%7C4t0c87u90m5xh9klrfncjusva%7Chttps%3A%2F%2Ffanduel.savings.workingadvantage.com%2F%7C&_u=SACAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=415608473

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 21:13:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 65052
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST collect
region1.google-analytics.com/g/ 0
0

POST NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/ 0
0

POST NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/jserrors/1/ 0
0

POST NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/ 0
0

POST collect
region1.google-analytics.com/g/ 0
0

GET
H2 200 launch-a0e5cece2585.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/ 621 KB
151 KB 58ms
52ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0243c31edfa364b267018adb5220cf2ccc54e61f1b5a472fa7ba9cc6c1a4c984

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "e33d264b6768a8b8fee1604b859d7748:1696974419.198914"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 154061
expires: Thu, 26 Oct 2023 16:17:46 GMT

GET
H3 200 new-relic-integration.js Show response
fanduel.savings.workingadvantage.com/assets/new-relic/ 51 KB
18 KB 132ms
129ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:22:50 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386dea-ccde"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3ab066bbf9b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
25 KB 22ms
19ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18647161
x-jsd-version: 4.5.3
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230071-FRA, cache-yyz4560-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k4VWjIYBQsFbfVryaZOFwrxlhYcJLxol1fMFsvm%2BhNZso6WB3KbIS3AD%2F09PAoxusxnJepU1KMoUK5SwfvN%2FXj02%2B79XecatNmI4gVA%2FJLQUep6r0nAU6mYI4rw9ywIGRAfXsDV6N8dEmxqOz%2F8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 81c3ab066ecf8fef-FRA

GET
H3 200 js Show response
maps.googleapis.com/maps/api/ 243 KB
78 KB 75ms
71ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

9a9259e930e3dae8b97c60c968b0815db8d0382bb1f3ab236af138a211579e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80001
x-xss-protection: 0

GET
H3 200 web-animations.min.js Show response
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/ 47 KB
14 KB 25ms
22ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 11465941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13763
last-modified: Mon, 04 May 2020 16:17:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb0402f-bad6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kckKyu61gKxzsAIsgEVPclaclfe3BKSPhvUW%2FIzj7sHQncp4AkCVFkfqsimwlBbmbMEktemMPSDMSZzqagw9K%2Fz09uUXOmaXZKelTBaQJOsVV6r0VMvzYY5uAgoju6Fbr3p73kVeezNAEXxfwHn7Uoz3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 81c3ab066fc4bb53-FRA
expires: Tue, 15 Oct 2024 15:17:46 GMT

GET
H3 200 runtime-es2015.b04fffef486941b9e47d.js Show response
fanduel.savings.workingadvantage.com/ 4 KB
2 KB 138ms
134ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/runtime-es2015.b04fffef486941b9e47d.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6ef9ffffb88d08f27175148b71182885d3f5afd482cdd0dd819a7230dfc7a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:20:08 GMT
server: cloudflare
content-encoding: br
etag: W/"65386d48-e1a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3ab066bc49b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 polyfills-es2015.75d458ddb35d2c6c96ea.js Show response
fanduel.savings.workingadvantage.com/ 143 KB
47 KB 145ms
141ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/polyfills-es2015.75d458ddb35d2c6c96ea.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f1403f29af77729e3caa999fb9e78ea109799e15e9cc13c9b6f5704e42ded13

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:20:12 GMT
server: cloudflare
content-encoding: br
etag: W/"65386d4c-23a44"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3ab066bc89b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 scripts.839823a06217b7c66e38.js Show response
fanduel.savings.workingadvantage.com/ 165 KB
53 KB 162ms
158ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:20:07 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386d47-2957f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3ab07bdab9b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 main-es2015.4793c8498241675dedc6.js Show response
fanduel.savings.workingadvantage.com/ 5 MB
1021 KB 144ms
140ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/main-es2015.4793c8498241675dedc6.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c2304465e0076a791a63d6aecdc3efefdc44e67ca7b48fb1bfff1e3e1e1dae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:22:46 GMT
server: cloudflare
content-encoding: br
etag: W/"65386de6-50a3a4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3ab066bcb9b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 230 KB
77 KB 47ms
44ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7bb8a2dc6204f16b66e600ff7823f6790a1e88cf412db4963e680737083b72db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78588
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:46 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 42ms
37ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Thu, 26 Oct 2023 16:17:46 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 43ms
38ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Thu, 26 Oct 2023 16:17:46 GMT

GET
H3 200 styles.76ee3d6b13884baf7097.css
fanduel.savings.workingadvantage.com/ 99 KB
17 KB 135ms
131ms Stylesheet
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/styles.76ee3d6b13884baf7097.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65b182304c6036dfb7e6ead8c6931a2fd13f2228bc868eb6e6674aac424f51de

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:20:07 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386d47-18b4c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
cf-ray: 81c3ab07cdb09b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 14 KB
14 KB 34ms
34ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:37:58 GMT
x-content-type-options: nosniff
age: 164388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13980
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 17:37:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 272 KB
90 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

44c863226c87135e2cb2bba6d772a546f5ecbb0e02b3597fe8610635a0061d98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92345
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:46 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 17ms
16ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 26 Oct 2023 14:43:56 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2030
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 26 Oct 2023 16:43:56 GMT

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 27ms
26ms XHR
application/json 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 19ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684z878847533&_p=1828235099&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698333461&sct=1&seg=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26%26known_email%3Daniece.sheppard%2540fanduel.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3D4t0c87u90m5xh9klrfncjusva%26known_email_contact%3Daniece.sheppard%2540fanduel.com&dr=https%3A%2F%2Fauth.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&en=page_view&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26%26known_email%3Daniece.sheppard%2540fanduel.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3D4t0c87u90m5xh9klrfncjusva%26known_email_contact%3Daniece.sheppard%2540fanduel.com&up.pb_site_name=fanduel&up.page_path=%2Fhome&up.user_id_value=&up.zip_code=NaN
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 15 B
35 B 26ms
26ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1828235099&t=pageview&_s=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26%26known_email%3Daniece.sheppard%2540fanduel.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3D4t0c87u90m5xh9klrfncjusva%26known_email_contact%3Daniece.sheppard%2540fanduel.com&dr=https%3A%2F%2Fauth.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&_slc=1&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=257682076

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b017bfb984b00d66e38ede36599b6c5650d3bed3011fc37a6ff5f041b1aa1a8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 info Show response
fanduel.savings.workingadvantage.com/api/ 7 KB
2 KB 133ms
133ms XHR
text/html 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/info

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

664cf9ddd63f0e68714dc6c16b7c70d7526e7282baa6b0fe146d02e5a319d9d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
tracestate: 88831@nr=0-1-2647367-1120218725-17b14a37e1e009ed----1698333467182
traceparent: 00-1a96e21b3c4a60526916be41e6128000-17b14a37e1e009ed-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjE3YjE0YTM3ZTFlMDA5ZWQiLCJ0ciI6IjFhOTZlMjFiM2M0YTYwNTI2OTE2YmU0MWU2MTI4MDAwIiwidGkiOjE2OTgzMzM0NjcxODIsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:47 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab09e8609b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:46 GMT

GET
H3 200 marketplace-styles.css Show response
fanduel.savings.workingadvantage.com/api/fanduel/ 32 KB
5 KB 324ms
323ms XHR
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/fanduel/marketplace-styles.css

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1576aaf6d192bcd0e059cd15d3b68a183895909a41f473e1aaa0cb2919c41b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
tracestate: 88831@nr=0-1-2647367-1120218725-b192dabf4fceb028----1698333467184
traceparent: 00-4e248732a9e41b60550052066e47ed00-b192dabf4fceb028-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImIxOTJkYWJmNGZjZWIwMjgiLCJ0ciI6IjRlMjQ4NzMyYTllNDFiNjA1NTAwNTIwNjZlNDdlZDAwIiwidGkiOjE2OTgzMzM0NjcxODQsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:47 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"8128-ieekTvxwGihSJtxj0D9Ar83ZC7g"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab09e8629b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:46 GMT

GET
H3 200 colors.css Show response
fanduel.savings.workingadvantage.com/api/fanduel/ 3 KB
837 B 159ms
158ms XHR
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/fanduel/colors.css?scope=:root,app-logged-in,ngb-modal-window

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3886c5ae4348a2bc69a71cbf779880b8899dff1412fe2dd2d7e2711bad9cfc3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
tracestate: 88831@nr=0-1-2647367-1120218725-4c1193ae53f6ed2b----1698333467184
traceparent: 00-a5d8aeba5b27a0719909ce5207c9a700-4c1193ae53f6ed2b-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjRjMTE5M2FlNTNmNmVkMmIiLCJ0ciI6ImE1ZDhhZWJhNWIyN2EwNzE5OTA5Y2U1MjA3YzlhNzAwIiwidGkiOjE2OTgzMzM0NjcxODQsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:47 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"aa2-AixcMtMEVOtUBtfgO9XF5S9/vBw"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab09e8679b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:46 GMT

GET
H2 200 RCea9d317d3a374e44b3f0f8711e38765e-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/ 2 KB
1020 B 13ms
13ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f92af17b23f77c222229cf069ee967e0786a95665bd87cbfc984fe3de13c3ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:47 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "7e9b95127b86f5b4657a8a4d1840ccc1:1696974419.9836"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 750
expires: Thu, 26 Oct 2023 16:17:47 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 253 KB
85 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

855e3d28212abc34e5624b52996ec9997836c2cd988a7f8735025f3e7eea8701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86852
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:47 GMT

GET
H3 200 fanduel Show response
fanduel.savings.workingadvantage.com/api/controls/ 2 KB
1 KB 3710ms
3710ms XHR
application/json 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/controls/fanduel

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d733e0f556966c0783cd8d7fa304ea033509c93a202167e84fd337681ca1a94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton&&known_email=aniece.sheppard%40fanduel.com&known_user_type=known_set_confirmed&known_user=true&known_user_guid=4t0c87u90m5xh9klrfncjusva&known_email_contact=aniece.sheppard%40fanduel.com
tracestate: 88831@nr=0-1-2647367-1120218725-7d03431ed4d88745----1698333467391
traceparent: 00-c06c05fcd0ea3dd4255c784bd4695a00-7d03431ed4d88745-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjdkMDM0MzFlZDRkODg3NDUiLCJ0ciI6ImMwNmMwNWZjZDBlYTNkZDQyNTVjNzg0YmQ0Njk1YTAwIiwidGkiOjE2OTgzMzM0NjczOTEsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:47 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"802-v9eGn7h9ufcBa7plcRSLDwfQUn4"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab0b3a399b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:46 GMT

GET
H2 200 sync Show response
live.rezync.com/ 6 KB
7 KB 3675ms
3675ms Script
text/javascript 13.32.27.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1698333467553&k=ebg-wag3-pixel-0988
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-99.fra56.r.cloudfront.net
Software: lighttpd/1.4.69 /
Resource Hash: 27c3e62e804420e4d72324032e2c96c30328b2242615bac3718ced9bf9513dba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
via: 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
server: lighttpd/1.4.69
x-amz-cf-pop: FRA56-C2
vary: Cookie
x-cache: Miss from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 6373
x-amz-cf-id: X_YG7zf49KlBZBTYrHYZx_B4ETyfiWsVXdSBdzk9cpKKEHYL1PVFow==

GET
H3 200 onetrust
fanduel.savings.workingadvantage.com/api/platform/options/ 501 B
730 B 381ms
380ms XHR
application/json 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/platform/options/onetrust

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
tracestate: 88831@nr=0-1-2647367-1120218725-d3086e2810c3605a----1698333471130
traceparent: 00-ce83cc44f7db6bd2fc4f831ebd52f000-d3086e2810c3605a-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImQzMDg2ZTI4MTBjMzYwNWEiLCJ0ciI6ImNlODNjYzQ0ZjdkYjZiZDJmYzRmODMxZWJkNTJmMDAwIiwidGkiOjE2OTgzMzM0NzExMzAsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
vary: Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab22980c9b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:50 GMT

GET
H3 200 info
fanduel.savings.workingadvantage.com/api/ 8 KB
3 KB 145ms
144ms XHR
text/html 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/api/info?authInfo=true

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
tracestate: 88831@nr=0-1-2647367-1120218725-1e13d782c876e4e6----1698333471132
traceparent: 00-c8a3ae1f65ece1431b966660bca2ed00-1e13d782c876e4e6-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjFlMTNkNzgyYzg3NmU0ZTYiLCJ0ciI6ImM4YTNhZTFmNjVlY2UxNDMxYjk2NjY2MGJjYTJlZDAwIiwidGkiOjE2OTgzMzM0NzExMzIsInRrIjoiODg4MzEifX0=

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: http://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray: 81c3ab22980e9b52-FRA
access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
expires: Thu, 26 Oct 2023 15:17:50 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 14ms
14ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1828235099&t=pageview&_s=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton&dr=https%3A%2F%2Fauth.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=FanDuel%20Group%20Marketplace&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=SACAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=827955358

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 21:13:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 65057
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 15ms
14ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1828235099&t=pageview&_s=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dr=https%3A%2F%2Fauth.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=FanDuel%20Group%20Marketplace&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=SACAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=745131275

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 25 Oct 2023 21:13:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 65057
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK p13n.min.js Show response
cdn.boomtrain.com/p13n/ebg-wag3/ 93 KB
30 KB 23ms
22ms Script
application/javascript 18.66.122.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-29.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6657dc9f6ee9fef340fa05ea4110332efb39d8f4e0d7da0aa080b59691eb53ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-amz-version-id: ZG.w.l49O_ew7ONL.VJfy_bYdRjSIbb_
Content-Encoding: gzip
Via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
Date: Thu, 26 Oct 2023 14:49:37 GMT
X-Amz-Cf-Pop: FRA60-P2
Age: 1694
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 24 Oct 2023 04:34:10 GMT
Server: AmazonS3
ETag: W/"6f20e9c72330eb507ebd90a9fe7026e5"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=3600
X-Amz-Cf-Id: LlHdJvQEeyInUVjGepCmlV3cVXXt2IPUZKeckKLzVt2EWxJ9DRimUA==

GET
H/1.1 200
OK /
com-wag3.netmng.com/ 3 KB
2 KB 103ms
102ms Script
text/javascript 199.38.167.54
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&ref=https%3A%2F%2Fauth.savings.workingadvantage.com%2F
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.38.167.54 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 26 Oct 2023 15:17:51 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Oct 2023 15:17:51 GMT
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Content-Type: text/javascript; charset=UTF-8
X-Cnection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private
Expires: Tue, 24 Oct 2023 15:17:51 GMT

GET
H3 200 js
www.googletagmanager.com/gtag/ 190 KB
68 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-12084042

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69890
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:51 GMT

GET
H3 200 js
www.googletagmanager.com/gtag/ 190 KB
68 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-12084042&l=dataLayer&cx=c

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69899
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:51 GMT

GET
H2 200 seg
secure.adnxs.com/ 43 B
839 B 17ms
16ms Image
image/gif 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/seg?add=32509374&t=2

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:51 GMT
an-x-request-uuid: 041b3392-7e0b-4064-b975-8e5675ce249e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 37.58.58.249; 37.58.58.249; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 track
events.api.boomtrain.com/event/ 2 B
209 B 124ms
123ms XHR
text/plain 3.210.211.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://events.api.boomtrain.com/event/track
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.211.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-211-38.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Thu, 26 Oct 2023 15:17:51 GMT
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
content-length: 2
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: text/plain

GET
H3

200

Primary Request home Show response
fanduel.savings.workingadvantage.com/
Redirect Chain

https://auth.savings.workingadvantage.com/auth/authorize?subdomain=fanduel&response_type=code&client_id=9ezalirn45mF43imJTdf53&utm_source=email&utm_medium=October-26-2023-Lenovo&utm_campaign=Lenovo...
https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton

9 KB
3 KB

126ms
125ms

Document
text/html

172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/main-es2015.4793c8498241675dedc6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76c0d4b4667bcd9c15b2c1f0829b2fe37cfef3bb156485d9d3dce237adad03e6

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 81c3ab248a7e9b52-FRA
content-encoding: br
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
content-type: text/html; charset=utf-8
date: Thu, 26 Oct 2023 15:17:51 GMT
last-modified: Wed, 25 Oct 2023 01:22:51 GMT
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

Redirect headers

access-control-allow-headers: Origin, Referer, X-Requested-With, Content-Type, Authorization
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: http://auth.savings.workingadvantage.com
alt-svc: h3=":443"; ma=86400
cache-control: no-cache no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 81c3ab23890c9b52-FRA
content-type: text/html; charset=utf-8
date: Thu, 26 Oct 2023 15:17:51 GMT
expires: Thu, 26 Oct 2023 15:17:50 GMT
location: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton#grant_type=authorization_code&code=35AgnKkst6PWBw5yUZMnnq&subdomain=fanduel&client_id=9ezalirn45mF43imJTdf53&user_guid=4t0c87u90m5xh9klrfncjusva&token_refreshed=true
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Origin, Accept
x-content-type-options: nosniff
x-powered-by

GET
H3 200 gtm.js
www.googletagmanager.com/ 230 KB
77 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78521
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:51 GMT

GET
H3 200 js
www.googletagmanager.com/gtag/ 185 KB
67 KB 31ms
29ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-2876877-9

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68587
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:51 GMT

GET mouseflow
fanduel.savings.workingadvantage.com/api/platform/options/ 0
0

POST collect
region1.google-analytics.com/g/ 0
0

GET
H2 200 launch-a0e5cece2585.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/ 621 KB
151 KB 880ms
877ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by: Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:46:59 GMT
server: AkamaiNetStorage
etag: "e33d264b6768a8b8fee1604b859d7748:1696974419.198914"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 154061
expires: Thu, 26 Oct 2023 16:17:52 GMT

GET
H3 200 new-relic-integration.js Show response
fanduel.savings.workingadvantage.com/assets/new-relic/ 51 KB
18 KB 182ms
181ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:22:50 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386dea-ccde"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3ab257b909b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
25 KB 26ms
25ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 18647166
x-jsd-version: 4.5.3
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230071-FRA, cache-yyz4560-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7c3Qu%2FG3j2LakNpzs8gT%2F4rtsqs9rANDSK4K2Lem78pBiyqnQUZHklO9n66xbDQMm3S4J4Aa7gsh4g1%2BPuenFgrWaBSrQGBx1ABBVxomnzJhvasKObnq319VM1u5gEwsY03WlEasr2gir1I%2Fh0Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 81c3ab2578228fef-FRA

GET
H3 200 js Show response
maps.googleapis.com/maps/api/ 243 KB
78 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

9a9259e930e3dae8b97c60c968b0815db8d0382bb1f3ab236af138a211579e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Accept-Language, Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80001
x-xss-protection: 0

GET
H3 200 web-animations.min.js Show response
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/ 47 KB
14 KB 16ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 11465946
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13763
last-modified: Mon, 04 May 2020 16:17:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb0402f-bad6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3qJJvEWa5TFW88B%2BZR3%2B2RW0Ba3naJup1uAjB3RjF%2FOggTpK4SYbqhU%2Fmz24DR1yefWEG%2FOTQjYqeSxQ1%2FJlbVrJPClHxAE%2FgVUsgAc%2B1FFwTiuPzscBeFwHbyFsxkcDclEKW6rbuOcFtM1%2Fm8GHTeM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 81c3ab257a74bb53-FRA
expires: Tue, 15 Oct 2024 15:17:51 GMT

GET
H3 200 runtime-es2015.b04fffef486941b9e47d.js Show response
fanduel.savings.workingadvantage.com/ 4 KB
2 KB 440ms
438ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/runtime-es2015.b04fffef486941b9e47d.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6ef9ffffb88d08f27175148b71182885d3f5afd482cdd0dd819a7230dfc7a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:20:08 GMT
server: cloudflare
content-encoding: br
etag: W/"65386d48-e1a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3ab257b979b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 polyfills-es2015.75d458ddb35d2c6c96ea.js Show response
fanduel.savings.workingadvantage.com/ 143 KB
47 KB 134ms
132ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/polyfills-es2015.75d458ddb35d2c6c96ea.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f1403f29af77729e3caa999fb9e78ea109799e15e9cc13c9b6f5704e42ded13

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:20:12 GMT
server: cloudflare
content-encoding: br
etag: W/"65386d4c-23a44"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3ab257b999b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 scripts.839823a06217b7c66e38.js Show response
fanduel.savings.workingadvantage.com/ 165 KB
53 KB 123ms
123ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/scripts.839823a06217b7c66e38.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:20:07 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386d47-2957f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
cf-ray: 81c3ab2928329b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 main-es2015.4793c8498241675dedc6.js Show response
fanduel.savings.workingadvantage.com/ 5 MB
1020 KB 154ms
152ms Script
application/javascript 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/main-es2015.4793c8498241675dedc6.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c2304465e0076a791a63d6aecdc3efefdc44e67ca7b48fb1bfff1e3e1e1dae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:51 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Wed, 25 Oct 2023 01:22:46 GMT
server: cloudflare
content-encoding: br
etag: W/"65386de6-50a3a4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com, https://fanduel.savings.workingadvantage.com
access-control-allow-credentials: true, true
cf-ray: 81c3ab257b9d9b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 230 KB
77 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7bb8a2dc6204f16b66e600ff7823f6790a1e88cf412db4963e680737083b72db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78588
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 26 Oct 2023 15:17:52 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 272 KB
90 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

041a64a8fe97feda05ceeefe59a570f0e2e528561f33e3d023206ae349eabf0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92346
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:52 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 17ms
17ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 26 Oct 2023 14:43:56 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2036
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 26 Oct 2023 16:43:56 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 21ms
20ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684z878847533&_p=55376120&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698333461&sct=1&seg=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&en=page_view&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton&up.pb_site_name=fanduel&up.page_path=%2Fhome
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect
www.google-analytics.com/j/ 15 B
35 B 37ms
29ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=55376120&t=pageview&_s=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEABAAAAACAAI~&jid=&gjid=&cid=1973308131.1698333462&tid=UA-2876877-9&_gid=1044430447.1698333462&_slc=1&gtm=45He3an0n815QN8HWMv78847533&gcd=11l1l1l1l1&z=1422268688

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 26 Oct 2023 15:17:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js
www.googletagmanager.com/gtag/ 253 KB
85 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86876
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 26 Oct 2023 15:17:52 GMT

GET
H2 200 AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 34ms
32ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Thu, 26 Oct 2023 16:17:52 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 189ms
188ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Thu, 26 Oct 2023 16:17:52 GMT

GET
H3 200 styles.76ee3d6b13884baf7097.css
fanduel.savings.workingadvantage.com/ 99 KB
17 KB 133ms
132ms Stylesheet
text/css 172.64.148.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fanduel.savings.workingadvantage.com/styles.76ee3d6b13884baf7097.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.148.145 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/home?source-id=email&utm_source=email&utm_campaign=Lenovo&utm_medium=October-26-2023-Lenovo&utm_content=PreFooterButton
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
last-modified: Wed, 25 Oct 2023 01:20:07 GMT
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
etag: W/"65386d47-18b4c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
cf-ray: 81c3ab2b9b6e9b52-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 gen_204
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 54ms
41ms XHR
application/json 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fanduel.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 15:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://fanduel.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/webp

GET info
fanduel.savings.workingadvantage.com/api/ 0
0

GET marketplace-styles.css
fanduel.savings.workingadvantage.com/api/fanduel/ 0
0

GET colors.css
fanduel.savings.workingadvantage.com/api/fanduel/ 0
0

GET RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/ 0
0

GET
H3 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ 14 KB
14 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fanduel.savings.workingadvantage.com/
Origin: https://fanduel.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:37:58 GMT
x-content-type-options: nosniff
age: 164394
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13980
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 17:37:58 GMT

GET token
fanduel.savings.workingadvantage.com/auth/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: events.api.boomtrain.com
URL: https://events.api.boomtrain.com/event/track

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684&_p=1829450726&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1698333461&sct=1&seg=0&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26DLK%3D4t0c87u90m5xh9klrfncjusva&dt=Beneplace%20Team%20Discounts&en=scroll&ep.userId=&epn.percent_scrolled=90&_et=10

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684&_p=1829450726&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1698333461&sct=1&seg=0&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dt=FanDuel%20Group%20Marketplace&en=user_engagement&ep.userId=&_et=2086

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je3an0v9126564266&_p=1829450726&gcd=11l1l1l1l2&ul=en-us&sr=1600x1200&cid=1973308131.1698333462&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=2&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dt=FanDuel%20Group%20Marketplace&sid=1698333461&sct=1&seg=1&en=page_view&_ee=1&_et=1103

Domain: fanduel.savings.beneplace.com
URL: https://fanduel.savings.beneplace.com/api/info?authInfo=true

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2876877-9

Domain: fanduel.savings.beneplace.com
URL: https://fanduel.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684&_p=513615091&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1698333461&sct=1&seg=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%253A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&en=scroll&ep.userId=&epn.percent_scrolled=90&_et=13

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684&_p=513615091&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1698333461&sct=1&seg=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%3A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dt=FanDuel%20Group%20Marketplace&en=user_engagement&ep.userId=&_et=2243

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=3387&ck=0&s=2125144ac27cf9ec&ref=https://auth.savings.workingadvantage.com/fanduel/sign-in

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/jserrors/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=3388&ck=0&s=2125144ac27cf9ec&ref=https://auth.savings.workingadvantage.com/fanduel/sign-in

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/jserrors/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=3388&ck=0&s=2125144ac27cf9ec&ref=https://auth.savings.workingadvantage.com/fanduel/sign-in

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=3390&ck=0&s=2125144ac27cf9ec&ref=https://auth.savings.workingadvantage.com/fanduel/sign-in

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je3an0v9126564266&_p=513615091&gcd=11l1l1l1l2&ul=en-us&sr=1600x1200&cid=1973308131.1698333462&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2Ffanduel%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26utm_source%3Demail%26utm_medium%3DOctober-26-2023-Lenovo%26utm_campaign%3DLenovo%26utm_content%3DPreFooterButton%26redirect_uri%3Dhttps%3A%252F%252Ffanduel.savings.workingadvantage.com%252Fhome%253Fsource-id%253Demail%2526utm_source%253Demail%2526utm_campaign%253DLenovo%2526utm_medium%253DOctober-26-2023-Lenovo%2526utm_content%253DPreFooterButton%2526DLK%253D4t0c87u90m5xh9klrfncjusva&dr=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dt=FanDuel%20Group%20Marketplace&sid=1698333461&sct=1&seg=1&_s=1

Domain: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684&_p=1828235099&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1698333461&sct=1&seg=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26%26known_email%3Daniece.sheppard%2540fanduel.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3D4t0c87u90m5xh9klrfncjusva%26known_email_contact%3Daniece.sheppard%2540fanduel.com&dr=https%3A%2F%2Fauth.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&en=scroll&ep.userId=&epn.percent_scrolled=90&_et=11

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je3an0v9112553684&_p=1828235099&gcd=11l1l1l1l1&cid=1973308131.1698333462&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1698333461&sct=1&seg=1&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2F&dr=https%3A%2F%2Fauth.savings.workingadvantage.com%2F&dt=FanDuel%20Group%20Marketplace&en=user_engagement&ep.userId=&_et=4472

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je3an0v9126564266&_p=1828235099&gcd=11l1l1l1l2&ul=en-us&sr=1600x1200&cid=1973308131.1698333462&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&dl=https%3A%2F%2Ffanduel.savings.workingadvantage.com%2Fhome%3Fsource-id%3Demail%26utm_source%3Demail%26utm_campaign%3DLenovo%26utm_medium%3DOctober-26-2023-Lenovo%26utm_content%3DPreFooterButton%26%26known_email%3Daniece.sheppard%2540fanduel.com%26known_user_type%3Dknown_set_confirmed%26known_user%3Dtrue%26known_user_guid%3D4t0c87u90m5xh9klrfncjusva%26known_email_contact%3Daniece.sheppard%2540fanduel.com&dr=https%3A%2F%2Fauth.savings.workingadvantage.com%2F&dt=FanDuel%20Group%20Marketplace&sid=1698333461&sct=1&seg=1&_s=1

Domain: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/api/info

Domain: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/api/fanduel/marketplace-styles.css

Domain: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/api/fanduel/colors.css?scope=:root,app-logged-in,ngb-modal-window

Domain: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/a7f5bdf81d6c/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js

Domain: fanduel.savings.workingadvantage.com
URL: https://fanduel.savings.workingadvantage.com/auth/token?grant_type=authorization_code&client_id=9ezalirn45mF43imJTdf53&code=35AgnKkst6PWBw5yUZMnnq&user_guid=4t0c87u90m5xh9klrfncjusva

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.workingadvantage.com/	1970-01-20 15:45:35	Name: __cf_bm Value: h7CLNHETJL4MQxr339_goW5TEzWz8Y6yzbZv3dyFyEw-1698333460-0-AcAQK3LchfSRlF/15tiIiy/r/mREfCYKv4WNnk3+ud0u9MwdJwJKfqmPkHctyG+DnfNf/wn8cxFHFxHEqxCVKkQ=
.workingadvantage.com/	1969-12-31 23:59:59	Name: AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg Value: 1
.workingadvantage.com/	1970-01-21 01:21:33	Name: s_ecid Value: MCMID%7C17633928718679863464533988600680428457
.workingadvantage.com/	1970-01-20 15:46:59	Name: _gid Value: GA1.2.1044430447.1698333462
.workingadvantage.com/	1970-01-20 15:45:33	Name: _gat_UA-2876877-9 Value: 1
.workingadvantage.com/	1970-01-21 00:31:09	Name: cf_clearance Value: a8B5akoFBXEQbVZCXSRHgt.BSg5_AP7hHHIY109F5V4-1698333462-0-1-3a5230da.7d32a6f1.ada64fee-0.2.1698333462
.rezync.com/	1970-01-20 20:04:45	Name: zync-uuid Value: a10c5a54-eada-4bcf-8d4a-2d30f32f923c:1698333462.468374
.workingadvantage.com/	1970-01-20 17:55:09	Name: _gcl_au Value: 1.1.44697173.1698333463
.adnxs.com/	1970-01-20 17:55:09	Name: uuid2 Value: 8386006041540618347
.workingadvantage.com/	1970-01-21 00:31:09	Name: btIdentify Value: 946a28ab-ad55-43c6-d262-4f1da96951a6
.workingadvantage.com/	1970-01-20 15:45:37	Name: _bts Value: a8ce6cf7-b82d-4e9b-85ed-230d2b695c44
.workingadvantage.com/	1970-01-21 00:31:09	Name: _bti Value: %7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22q44AtOoSrb5N1PeQGA88gxnvEfYEP8sNnGY0L8TRw6voeqqnPbcfADQrQFjIBi9LkjjjvCqqFa9xCundyb%2FqVA%3D%3D%22%2C%22is_identified%22%3Afalse%7D
.savings.workingadvantage.com/	1970-01-21 01:21:33	Name: split_test_groups Value: {"auth_v3_test1":{"group_id":"auth_v2","events":["stts-set-test-group","stts-view-search-result","stts-clickout-internal","stts-clickout-external","stts-auth-access","stts-accounts-created-password","stts-accounts-created-otp","stts-accounts-set-password-new","stts-auth-password-reset","stts-auth-password-skip"]}}
.workingadvantage.com/	1969-12-31 23:59:59	Name: at_check Value: true
.workingadvantage.com/	1970-01-21 01:21:33	Name: AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg Value: 1176715910%7CMCIDTS%7C19657%7CMCMID%7C17633928718679863464533988600680428457%7CMCAAMLH-1698938266%7C6%7CMCAAMB-1698938266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1698340666s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0%7CMCCIDH%7C-1516972253
.workingadvantage.com/	1969-12-31 23:59:59	Name: g3refurl Value: https%253A%252F%252Fauth.savings.workingadvantage.com%252Ffanduel%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526utm_source%253Demail%2526utm_medium%253Doctober-26-2023-lenovo%2526utm_campaign%253Dlenovo%2526utm_content%253Dprefooterbutton%2526redirect_uri%253Dhttps%253A%25252f%25252ffanduel.savings.workingadvantage.com%25252fhome%25253fsource-id%25253demail%252526utm_source%25253demail%252526utm_campaign%25253dlenovo%252526utm_medium%25253doctober-26-2023-lenovo%252526utm_content%25253dprefooterbutton%252526dlk%25253d4t0c87u90m5xh9klrfncjusva
.workingadvantage.com/	1970-01-21 01:21:33	Name: prev_url_v2 Value: https%253A%252F%252Fauth.savings.workingadvantage.com%252Ffanduel%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526utm_source%253Demail%2526utm_medium%253Doctober-26-2023-lenovo%2526utm_campaign%253Dlenovo%2526utm_content%253Dprefooterbutton%2526redirect_uri%253Dhttps%253A%25252f%25252ffanduel.savings.workingadvantage.com%25252fhome%25253fsource-id%25253demail%252526utm_source%25253demail%252526utm_campaign%25253dlenovo%252526utm_medium%25253doctober-26-2023-lenovo%252526utm_content%25253dprefooterbutton%252526dlk%25253d4t0c87u90m5xh9klrfncjusva
.workingadvantage.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.workingadvantage.com/	1970-01-21 01:21:33	Name: mbox Value: session#d192732dd7194d51aeae2d5e9f49ecda#1698335327\|PC#d192732dd7194d51aeae2d5e9f49ecda.37_0#1761578267
auth.savings.workingadvantage.com/	1969-12-31 23:59:59	Name: known_guid Value: 4t0c87u90m5xh9klrfncjusva
auth.savings.workingadvantage.com/	1969-12-31 23:59:59	Name: user_guid Value: 4t0c87u90m5xh9klrfncjusva
auth.savings.workingadvantage.com/	1970-01-20 17:55:09	Name: auth_server Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIyMXMxaTZ0a2I1a2Y3b2Zpam84OGg5Y2NkIiwiaWF0IjoxNjk4MzMzNDY2LCJleHAiOjE3MDYxMDk0NjZ9.qxvEjmjcOpHZ_fGfxFBu5uLdaS0T3Tk-nowJIaG_r1s
.workingadvantage.com/	1970-01-21 01:21:33	Name: _ga_FD2X5ZMELR Value: GS1.1.1698333461.1.1.1698333467.0.0.0
.workingadvantage.com/	1970-01-21 01:21:33	Name: _ga Value: GA1.2.1973308131.1698333462
.workingadvantage.com/	1970-01-21 01:21:33	Name: _ga_2K753Z6D0L Value: GS1.2.1698333461.1.1.1698333471.0.0.0
live.rezync.com/	1970-01-20 20:04:45	Name: sd-session-id Value: eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiYTEwYzVhNTQtZWFkYS00YmNmLThkNGEtMmQzMGYzMmY5MjNjOjE2OTgzMzM0NjIuNDY4Mzc0In0.ZTqDHw.VKsO6uRbNFkXD1EO4H6IX7H2YMk
.adnxs.com/	1970-01-20 17:55:09	Name: anj Value: dTM7k!M4/8D>6NRF']wIg2GUcpO:C[!EKy0's%YY9sk@3@'s>TcnOrA
com-wag3.netmng.com/	1970-01-20 20:09:04	Name: evo5_WAG3 Value: u1g7niatejbtg%7CO%7CUXl0SU5URnplRE40VGxsTFdrMUljRk4yTlRkR1V6WmxORlJ5Ukd4eloyRklSelZaZFdkU1dHWlRSbVJLVURCc1dtRnRUR3MwZFhGNmEydG5Wa2R6YjB4V2IwNHlWVWc1VnpnMGNYTnVXRXBXTmxsQk1ITkxWVE5uV2tjdmVqUkJSV2s1WVZOSWFrNVdjR1JLTmswdlkzbEpXRlpoV1dweGJUbHFZVTFxZDBFcmFtdHBVek16WlZoNGFWUlJURTl2Vmt4aVptWlhTM0ZWWmxSelpVdEJVR1ZYTDNoVWJtWjBUVEZuTTI5NmFtaEJlRXN6WlhwaE0wMXpjbGxLVFZobDpoaWNaemZqa2cwSnYzYlljM2ZWdzVRPT0%3D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://12084042.fls.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com".
network	error	URL: https://fanduel.savings.workingadvantage.com/api/known/dlk-compare?guid=4t0c87u90m5xh9klrfncjusva Message: Failed to load resource: the server responded with a status of 401 ()
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://12084042.fls.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
auth.savings.workingadvantage.com
bam.nr-data.net
cdn.boomtrain.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
com-wag3.netmng.com
dpm.demdex.net
entertainmentbenefit.tt.omtrdc.net
events.api.boomtrain.com
fanduel.savings.beneplace.com
fanduel.savings.workingadvantage.com
fonts.gstatic.com
js-agent.newrelic.com
live.rezync.com
maps.googleapis.com
people.api.boomtrain.com
region1.google-analytics.com
secure.adnxs.com
smetrics.workingadvantage.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
assets.adobedtm.com
bam.nr-data.net
events.api.boomtrain.com
fanduel.savings.beneplace.com
fanduel.savings.workingadvantage.com
region1.google-analytics.com
www.googletagmanager.com
13.32.27.99
151.101.194.137
162.247.243.29
172.64.148.145
172.64.150.236
18.66.122.29
185.89.210.122
199.38.167.54
2001:4860:4802:32::36
2001:4860:4802:34::178
2606:4700::6810:5814
2606:4700::6811:180e
2a00:1450:4001:812::2008
2a00:1450:4001:827::200a
2a00:1450:4001:82a::2003
2a00:1450:400c:c09::9a
2a02:26f0:3500:591::1e80
3.210.211.38
54.209.229.152
54.229.208.26
63.140.62.160
66.235.152.107
0243c31edfa364b267018adb5220cf2ccc54e61f1b5a472fa7ba9cc6c1a4c984
041a64a8fe97feda05ceeefe59a570f0e2e528561f33e3d023206ae349eabf0f
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
0cf98b1ce1a6ce2b5c6b88563939cf674a6ee7e234efa11c2491624d7d05d717
118a83fc35c77664f7ea3846ecc918252c6dc2560e900382e87de91e4ec671cb
129738b670a7e2ab64ce1b59a4eaace2a205c15eaf997e9ce7c30695ecc15e30
1c2304465e0076a791a63d6aecdc3efefdc44e67ca7b48fb1bfff1e3e1e1dae3
1da6ad9dfce9466037ec92e1f7699158c9a9347c669333c724f5cf6f3a7c0634
20f9d5c5abf76a24969934c8f78450c9a7d02a1d3688439edbd978749648644e
23249457a4658036071a9eed9216775069391781c9032aedcb09ab4c50a24f62
27c3e62e804420e4d72324032e2c96c30328b2242615bac3718ced9bf9513dba
3078803c6ef90f5b252cc62899b2d5dfc3d4842f80e7194d9acd57504d7b1ed5
3886c5ae4348a2bc69a71cbf779880b8899dff1412fe2dd2d7e2711bad9cfc3a
3f1403f29af77729e3caa999fb9e78ea109799e15e9cc13c9b6f5704e42ded13
44c863226c87135e2cb2bba6d772a546f5ecbb0e02b3597fe8610635a0061d98
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
4a3a0d45bbdcb3cf2e7a719f6810682e678000ccbca5b65dbc14d2ea08077c9c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5bf58722d517051ccf2c117b15c0ffc43011fc70b4424f816bea6ef7eb17f17f
65b182304c6036dfb7e6ead8c6931a2fd13f2228bc868eb6e6674aac424f51de
664cf9ddd63f0e68714dc6c16b7c70d7526e7282baa6b0fe146d02e5a319d9d5
6657dc9f6ee9fef340fa05ea4110332efb39d8f4e0d7da0aa080b59691eb53ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
75ce10fb7ef84080dc8734e662e1b4565343b9dfbeb97544a81c5a0e4a33fb3e
76c0d4b4667bcd9c15b2c1f0829b2fe37cfef3bb156485d9d3dce237adad03e6
7bb8a2dc6204f16b66e600ff7823f6790a1e88cf412db4963e680737083b72db
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83cdb915695497262c083ea6e1fb5f0c5f970c7844a59753fd9f45ddee514f24
855e3d28212abc34e5624b52996ec9997836c2cd988a7f8735025f3e7eea8701
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
9a9259e930e3dae8b97c60c968b0815db8d0382bb1f3ab236af138a211579e68
9e6c390b8e2c482eea3f06cb4ab164c845e36054e1dbe555b9c81f0c3b9ccd7c
a6ef9ffffb88d08f27175148b71182885d3f5afd482cdd0dd819a7230dfc7a3f
b017bfb984b00d66e38ede36599b6c5650d3bed3011fc37a6ff5f041b1aa1a8b
b1576aaf6d192bcd0e059cd15d3b68a183895909a41f473e1aaa0cb2919c41b7
b3b83ced5629150dbea6190afe5ad44feaef7987587aa905a7254ee701c2a3a0
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23
c3af6dd4f60a329604e3563c6478c2b690ffeda2892552d8ca0d4442dbb5cb12
c424bd21a4f96d6af5837d1b5ebdcd00f46b86be9eef24c529b89fcb181a4141
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d
cf6df84cb37b5c853a3414f9878473bec61127f2168d9431131bbe0be589a335
d2921dc9f527117223206f193fc90b8c0fddc6dd38e744e932362af8cb1186c1
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
d733e0f556966c0783cd8d7fa304ea033509c93a202167e84fd337681ca1a94b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f92af17b23f77c222229cf069ee967e0786a95665bd87cbfc984fe3de13c3ea0
fac5bc83e77d19524cfa010a2478390cdccd943d4628fa7f36f9a9d467e57bd6

fanduel.savings.workingadvantage.com Open in urlscan Pro 172.64.148.145 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

175 Requests

83 %HTTPS

41 %IPv6

18 Domains

23 Subdomains

23 IPs

4 Countries

6868 kBTransfer

28520 kBSize

28 Cookies

0 Outgoing links

Page URL History

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

fanduel.savings.workingadvantage.com Open in urlscan Pro
172.64.148.145 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

83 %
HTTPS

41 %
IPv6

18
Domains

23
Subdomains

23
IPs

4
Countries

6868 kB
Transfer

28520 kB
Size

28
Cookies

175 HTTP transactions
-1 data transactions