vystarcu.savings.workingadvantage.com Open in urlscan Pro
172.64.151.143 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://marketing.beneplace.com/acton/ct/4326/s-1bfa-2210/Bct/q-3e6c/e-3db1-l-338f:3fc888/ct5_0/1/lu?sid=TV2:PBpz3EoGm
Effective URL:
https://vystarcu.savings.workingadvantage.com/my-profile/details
Submission: On October 27 via api (October 27th 2022, 2:26:13 pm UTC) from US — Scanned from DE

Summary HTTP 43 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 1 countries across 11 domains to perform 43 HTTP transactions. The main IP is 172.64.151.143, located in United States and belongs to CLOUDFLARENET, US. The main domain is vystarcu.savings.workingadvantage.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 10th 2022. Valid for: a year.

This is the only time vystarcu.savings.workingadvantage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	207.189.124.33 207.189.124.33	13649 (ASN-VINS) (ASN-VINS)
16	172.64.151.143 172.64.151.143	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a02:26f0:350... 2a02:26f0:3500:591::1e80	() ()
2	2606:4700::68... 2606:4700::6810:5514	() ()
1	2a00:1450:400... 2a00:1450:4001:831::200a	() ()
4	2a00:1450:400... 2a00:1450:4001:82a::200a	() ()
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	() ()
2	2606:4700::68... 2606:4700::6811:190e	() ()
1	54.229.2.193 54.229.2.193	() ()
1	13.36.218.177 13.36.218.177	() ()
1	13.32.27.99 13.32.27.99	() ()
1	13.32.27.70 13.32.27.70	() ()
2	199.38.167.54 199.38.167.54	() ()
1	54.81.23.211 54.81.23.211	() ()
1	52.45.50.76 52.45.50.76	() ()
43	15

1 207.189.124.33 (Beaverton, United States) 1 redirects

ASN13649 (ASN-VINS, US)
PTR: forpci33.actonsoftware.com

marketing.beneplace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 172.64.151.143 (United States)

ASN13335 (CLOUDFLARENET, US)

vystarcu.savings.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:3500:591::1e80 (None, )

ASN- ()

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (None, )

ASN- ()

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (None, )

ASN- ()

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (None, )

ASN- ()

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (None, )

ASN- ()

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.229.2.193 (None, )

ASN- ()

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.36.218.177 (None, )

ASN- ()

smetrics.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.99 (None, )

ASN- ()

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.70 (None, )

ASN- ()

cdn.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.54 (None, )

ASN- ()

com-wag3.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.81.23.211 (None, )

ASN- ()

people.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.50.76 (None, )

ASN- ()

events.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	workingadvantage.com vystarcu.savings.workingadvantage.com smetrics.workingadvantage.com	135 KB
7	adobedtm.com assets.adobedtm.com	168 KB
5	googleapis.com fonts.googleapis.com maps.googleapis.com	360 KB
3	boomtrain.com cdn.boomtrain.com people.api.boomtrain.com events.api.boomtrain.com	26 KB
2	netmng.com com-wag3.netmng.com	5 KB
2	cloudflare.com cdnjs.cloudflare.com	21 KB
2	jsdelivr.net cdn.jsdelivr.net	47 KB
1	rezync.com live.rezync.com	5 KB
1	demdex.net dpm.demdex.net	858 B
1	jquery.com code.jquery.com	24 KB
1	beneplace.com 1 redirects marketing.beneplace.com — Cisco Umbrella Rank: 170076	500 B
43	11

	Domain	Requested by
16	vystarcu.savings.workingadvantage.com	vystarcu.savings.workingadvantage.com
7	assets.adobedtm.com	vystarcu.savings.workingadvantage.com assets.adobedtm.com
4	maps.googleapis.com	vystarcu.savings.workingadvantage.com maps.googleapis.com
2	com-wag3.netmng.com	vystarcu.savings.workingadvantage.com com-wag3.netmng.com
2	cdnjs.cloudflare.com	vystarcu.savings.workingadvantage.com
2	cdn.jsdelivr.net	vystarcu.savings.workingadvantage.com
1	events.api.boomtrain.com	cdn.boomtrain.com
1	people.api.boomtrain.com	cdn.boomtrain.com
1	cdn.boomtrain.com	vystarcu.savings.workingadvantage.com
1	live.rezync.com	vystarcu.savings.workingadvantage.com
1	smetrics.workingadvantage.com	assets.adobedtm.com
1	dpm.demdex.net	assets.adobedtm.com
1	code.jquery.com	vystarcu.savings.workingadvantage.com
1	fonts.googleapis.com	vystarcu.savings.workingadvantage.com
1	marketing.beneplace.com	1 redirects
43	15

This site contains no links.

Subject Issuer	Validity	Valid
workingadvantage.com Cloudflare Inc ECC CA-3	`2022-05-10` - `2023-05-09`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
smetrics.workingadvantage.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-07` - `2023-08-07`	a year	crt.sh
*.rezync.com Amazon	`2021-12-26` - `2023-01-23`	a year	crt.sh
*.boomtrain.com Amazon	`2022-03-11` - `2023-04-09`	a year	crt.sh
*.netmng.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-19` - `2023-02-04`	a year	crt.sh
*.api.boomtrain.com Amazon	`2022-10-16` - `2023-11-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://vystarcu.savings.workingadvantage.com/my-profile/details
Frame ID: 24AD3DC007C131427315A67B55A99329
Requests: 42 HTTP requests in this frame

Frame: https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1666872000
Frame ID: 0A75640F9069A909B8A5523A65684E88
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://marketing.beneplace.com/acton/ct/4326/s-1bfa-2210/Bct/q-3e6c/e-3db1-l-338f:3fc888/ct5_0/1/lu?sid=TV2... HTTP 302
https://vystarcu.savings.workingadvantage.com/my-profile/details Page URL
https://vystarcu.savings.workingadvantage.com/my-profile/details Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

43
Requests

95 %
HTTPS

40 %
IPv6

11
Domains

15
Subdomains

15
IPs

1
Countries

793 kB
Transfer

1991 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://marketing.beneplace.com/acton/ct/4326/s-1bfa-2210/Bct/q-3e6c/e-3db1-l-338f:3fc888/ct5_0/1/lu?sid=TV2:PBpz3EoGm HTTP 302
https://vystarcu.savings.workingadvantage.com/my-profile/details Page URL
https://vystarcu.savings.workingadvantage.com/my-profile/details Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://marketing.beneplace.com/acton/ct/4326/s-1bfa-2210/Bct/q-3e6c/e-3db1-l-338f:3fc888/ct5_0/1/lu?sid=TV2:PBpz3EoGm HTTP 302
https://vystarcu.savings.workingadvantage.com/my-profile/details

43 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

503

details Show response
vystarcu.savings.workingadvantage.com/my-profile/
Redirect Chain

https://marketing.beneplace.com/acton/ct/4326/s-1bfa-2210/Bct/q-3e6c/e-3db1-l-338f:3fc888/ct5_0/1/lu?sid=TV2:PBpz3EoGm
https://vystarcu.savings.workingadvantage.com/my-profile/details

8 KB
9 KB

118ms
63ms

Document
text/html

172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06d0b97894b3a88281be52e6aadf475ea4f803b9b3d6a55a70c9821cc206ddb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 760c1aac8f755be5-FRA
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Thu, 27 Oct 2022 14:25:59 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 27 Oct 2022 14:25:59 GMT
Keep-Alive: timeout=10
Location: https://vystarcu.savings.workingadvantage.com/my-profile/details
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Strict-Transport-Security: max-age=16070400

GET
H2 200 challenges.css
vystarcu.savings.workingadvantage.com/cdn-cgi/styles/ 6 KB
3 KB 11ms
10ms Stylesheet
text/css 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/styles/challenges.css

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faa67d3b2b2220dc526c921c1fc47df5b956559a293d5e07fbaf58a52462f6bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Oct 2022 15:26:27 GMT
server: cloudflare
etag: W/"634ec5a3-1896"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 760c1aad08205be5-FRA
expires: Thu, 27 Oct 2022 16:25:59 GMT

GET
H2 503 favicon.ico
vystarcu.savings.workingadvantage.com/ 8 KB
8 KB 23ms
23ms Image
text/html 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vystarcu.savings.workingadvantage.com/favicon.ico

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0e31476a59a908f3e726ed8ef24287dd660bd37fdfde938d8b9bb9a48ce258c

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:25:59 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: same-origin
server: cloudflare
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 760c1aad08215be5-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 v1 Show response
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/ 61 KB
21 KB 92ms
92ms Script
application/javascript 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=760c1aac8f755be5

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6561681083cf9fd32b2fdff0dbf739df3c54be0aa38f7250b4f191f9fcea580

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details?__cf_chl_rt_tk=ppPAqkMCFuQ5XY4V0hTed9efJXUnfVdH8ZKdsDB7ep4-1666880759-0-gaNycGzNCH0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:25:59 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
cf-ray: 760c1aad19b0923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 transparent.gif
vystarcu.savings.workingadvantage.com/cdn-cgi/images/trace/jsch/js/ 42 B
258 B 65ms
65ms Image
image/gif 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=760c1aac8f755be5

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details?__cf_chl_rt_tk=ppPAqkMCFuQ5XY4V0hTed9efJXUnfVdH8ZKdsDB7ep4-1666880759-0-gaNycGzNCH0

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details?__cf_chl_rt_tk=ppPAqkMCFuQ5XY4V0hTed9efJXUnfVdH8ZKdsDB7ep4-1666880759-0-gaNycGzNCH0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:25:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 18 Oct 2022 15:26:27 GMT
server: cloudflare
etag: "634ec5a3-2a"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 760c1aad19b2923e-FRA
content-length: 42
expires: Thu, 27 Oct 2022 16:25:59 GMT

GET
DATA 200
OK truncated
/ 586 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 90dcb38783f8ec5 Show response
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.3873230338946497:1666879966:VlosAOUFcbJdDOj1rmKep20VohdZpyXsZsrDRQsGOxI/760c1aac8f755be5/ 138 KB
66 KB 91ms
91ms XHR
text/plain 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.3873230338946497:1666879966:VlosAOUFcbJdDOj1rmKep20VohdZpyXsZsrDRQsGOxI/760c1aac8f755be5/90dcb38783f8ec5

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=760c1aac8f755be5

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

546d5f2e1bc2bef4a8b3bc06c6513ceeb7793933cf46c209fb44c237b36b9712

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
CF-Challenge: 90dcb38783f8ec5
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 27 Oct 2022 14:26:00 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cf_chl_gen: q+FcidMD1eDnS12wveuMFQQx49lFfdeglUcKZWgKzOADbFfKrw2E9Yp+0JZH8REVBic7CFr1a6ArNT2nBEcK/g0Wx7OK4SXqScRtDJLrKJkMsec9WeFvC26cMmYNqrZdGaQEP7oKCK8Z2O4pG6etvmFBcdRLRb6O/kzrFmVmakEpMILgsNrV8pwG/R5Mn7p5HtnfzWO7kSfWWHzhc3Sjmgd7djNU5+sfMbeKy2TXgtqcU8StRO5Iam7C1+tmQrL0j4T/ReAwy+2xzx1v7mnL1kiK/D9SRL+64SlaaS9Uj+JXrDmWuHSWglGCpx+qe9T5/rhRIJbVTfEFiyVNm3Lbn4sOX9hadL1etHSHwy319Sijr30mRTmV48aQWdtttWLvmmBu5A8i8ALCm/X9dRzpAdNACacLlZRRgAnt52U/A5GcCHzWtVUbBIcUemX1c4kfItEZoW5a9ToWCGTlEDRGHA==$GrOV6UqTHLJy3qbp9YYOuQ==
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 760c1aae8c0e923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 401 JEfWyd79cIUkg3g Show response
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/pat/760c1aac8f755be5/1666880760102/2f3b95481b0805ffb4cd428605a2941f460b9870dda5363bee8d5b917464ba7d/ 1 B
687 B 23ms
22ms Fetch
text/plain 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/pat/760c1aac8f755be5/1666880760102/2f3b95481b0805ffb4cd428605a2941f460b9870dda5363bee8d5b917464ba7d/JEfWyd79cIUkg3g

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:00 GMT
strict-transport-security: max-age=5184000; includeSubDomains
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gLzuVSBsIBf-0zUKGBaKUH0YLmHDdpTY77o1bkXRkun0AJXZ5c3RhcmN1LnNhdmluZ3Mud29ya2luZ2FkdmFudGFnZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA-k9isXKVg2lL-Xy-5w29WVutCYPxf8VpHa78ruEWVJLH5slS-fPwvSqBK6tzbtaQLwwy4givPSOuxE4LXrHd7gtsdNSqHQZvTssFNLiRRc6nPyoqVEnAAxTxEn7OQ-_bsfp_7pb206--ejF4hgXAeLMGuN6TrPuKaoaHKgD1FNjmpbt3R31NSa3ydP-FVfYWk7tRDakjoyRq3U9eatiS7Ca_3H4Axfbf41OF5mNGqsFaCKJIzH15gmqfBIuuT5hfQakHPm_ZNge4DoYN7i269wKSLBF_dy0K4-DLoTomdj5nYMYrQL0MWEK5juOPs-6qCPlWLwxUUQb08uF5kvL7OwIDAQAB, max-age=15
x-content-type-options: nosniff
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 760c1ab05f01923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 CMKkqDHWngv_xmK
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/img/760c1aac8f755be5/1666880760103/ 61 B
195 B 19ms
19ms Image
image/png 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/img/760c1aac8f755be5/1666880760103/CMKkqDHWngv_xmK

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79e20bace9b909d9ee9538e275a00193160a9209c59f663846d2d3750e1894de

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:00 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 760c1ab1389c923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: image/png

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 90dcb38783f8ec5 Show response
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.3873230338946497:1666879966:VlosAOUFcbJdDOj1rmKep20VohdZpyXsZsrDRQsGOxI/760c1aac8f755be5/ 1 KB
1 KB 112ms
112ms XHR
text/html 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/flow/ov1/0.3873230338946497:1666879966:VlosAOUFcbJdDOj1rmKep20VohdZpyXsZsrDRQsGOxI/760c1aac8f755be5/90dcb38783f8ec5

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=760c1aac8f755be5

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5184b49201d9ca12a23f95330f9b9276f6f43579d9f40df204867b17d2ed682

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
CF-Challenge: 90dcb38783f8ec5
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 27 Oct 2022 14:26:01 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
cf_chl_out: n3jLWhWYPIDAWcR6MXfEUyOblXEw8w3pao8gG5gCN7g96Jhr1umCNJBgFBbL6HcgeAHeJ3l5ESH0xWj3X5R84g==$2jLouZv4qfWu+wLMIwekEg==
content-type: text/html; charset=UTF-8
cf_chl_out_s: Z/TIBz4XBA6sH3b+4Agk7NLPIawaHd2LipZneo9LojuV3P3ahSSyXc6rrEp0sIs+WRwmu4TOK2i8jaeLcooywGSlofruQZ8QF8i9eHLNLLVI64rDvJM0+Wqtg6gh05QfNyJNM4hm/1YaLSSVfsbsllYcTZLtFcY7NFCIwdiXczDdgP5egsHCy3UJ+YluLdEf9zIAFxyFIsQqr55XIoSlpWX7/LpxXllleTbbxx3Jprw=$xUShkzhUTnOGHvdXIpXegg==
cf-ray: 760c1ab5b82b923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 Primary Request details Show response
vystarcu.savings.workingadvantage.com/my-profile/ 5 KB
3 KB 209ms
208ms Document
text/html 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/my-profile/details

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71cbe27bdf00c304f50b4a4a23f2f5104bc6f52788e72c7aba0062370789c5fd

Security Headers

Name	Value
Content-Security-Policy	frame-src .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' .beneplace.com: .workingadvantage.com: .ebgsolutions.com: .demdex.net: .everesttech.net: .adobedtm.com .sc.omtrdc.net .omtrdc.net .qualtrics.com .adobe.com .keen.io .youtube.com .kaltura.com
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 760c1ac31d74923e-FRA
content-encoding: br
content-security-policy: frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com
content-type: text/html; charset=utf-8
date: Thu, 27 Oct 2022 14:26:03 GMT
last-modified: Tue, 25 Oct 2022 01:18:50 GMT
server: cloudflare
strict-transport-security: max-age=5184000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 launch-a0e5cece2585.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/ 620 KB
152 KB 60ms
8ms Script
application/x-javascript 2a02:26f0:3500:591::1e80

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by: Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: cc6b208ab1c26bdf5f04117525cf5aa452edddd1a5e30a3ea8bde7968b16906a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 19:23:53 GMT
server: AkamaiNetStorage
etag: "669a38b35fb2e03aa2d7ed644f222812:1662405833.508666"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 154541
expires: Thu, 27 Oct 2022 15:26:03 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
25 KB 49ms
26ms Stylesheet
text/css 2606:4700::6810:5514

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/
Origin: https://vystarcu.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 19026250
x-jsd-version: 4.5.3
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19143-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 760c1ac4a8779025-FRA

GET
H2 200 css
fonts.googleapis.com/ 3 KB
933 B 65ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

5ef043454b128260dda530a42312fbb985505034036cd3f3ea23cfe324a7905b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 27 Oct 2022 14:26:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 27 Oct 2022 13:34:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 Oct 2022 14:26:03 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 170 KB
56 KB 113ms
38ms Script
text/javascript 2a00:1450:4001:82a::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a -, , ASN (),

Reverse DNS

Software

mafe /

Resource Hash

3298907ceed017acd329c68597e32d0ea29c462d2c08460e0ae07b3345165b22

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
content-encoding: gzip
server: mafe
vary: Accept-Language
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=15
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57082
x-xss-protection: 0
expires: Thu, 27 Oct 2022 14:56:03 GMT

GET styles.ecb83e0bf67d42eed671.css
vystarcu.savings.workingadvantage.com/ 0
0

GET
H2 200 jquery-3.5.1.slim.min.js Show response
code.jquery.com/ 71 KB
24 KB 635ms
397ms Script
application/javascript 2001:4de0:ac18::1:a:1b

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.slim.min.js
Requested by: Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/
Origin: https://vystarcu.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-11abc"
vary: Accept-Encoding
x-hw: 1666880764.dop158.fr8.t,1666880764.cds145.fr8.hn,1666880764.cds240.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 24606

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 39ms
20ms Script
application/javascript 2606:4700::6811:190e

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/
Origin: https://vystarcu.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15780000
age: 2049438
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6646
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-520c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 760c1ac49c599b6e-FRA
expires: Tue, 17 Oct 2023 14:26:03 GMT

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ 82 KB
22 KB 50ms
27ms Script
application/javascript 2606:4700::6810:5514

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/
Origin: https://vystarcu.savings.workingadvantage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 19026247
x-jsd-version: 4.5.3
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19178-FRA, cache-hhn4051-HHN
x-jsd-version-type: version
server: cloudflare
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 760c1ac4a87a9025-FRA

GET
H2 200 web-animations.min.js Show response
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/ 47 KB
14 KB 35ms
16ms Script
application/javascript 2606:4700::6811:190e

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15780000
age: 20031041
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13763
last-modified: Mon, 04 May 2020 16:17:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb0402f-bad6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 760c1ac49b1c5be1-FRA
expires: Tue, 17 Oct 2023 14:26:03 GMT

GET
H3 503 runtime.59f1daeeb5fe85400c4a.js
vystarcu.savings.workingadvantage.com/ 0
0 19ms
17ms Script
text/html 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/runtime.59f1daeeb5fe85400c4a.js

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: same-origin
server: cloudflare
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 760c1ac5ea0e923e-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 503 polyfills.b9d9e6a9e2bd25627a0e.js
vystarcu.savings.workingadvantage.com/ 0
0 35ms
32ms Script
text/html 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/polyfills.b9d9e6a9e2bd25627a0e.js

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: same-origin
server: cloudflare
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 760c1ac5fa20923e-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 503 main.2f6aaa24835482b69717.js
vystarcu.savings.workingadvantage.com/ 0
0 23ms
20ms Script
text/html 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/main.2f6aaa24835482b69717.js

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/my-profile/details
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: same-origin
server: cloudflare
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 760c1ac5fa24923e-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 185 B
858 B 152ms
35ms XHR
application/json 54.229.2.193

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1666880763771

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.229.2.193 -, , ASN (),

Reverse DNS

Software

Resource Hash

ff95ba4478ad1db8fec82f03031b0a6915ded3bcb4954b632eefb44f84642be9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcscanary-prod-irl1-1-v051-0d443fb62.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 5cvWmlFeSk4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://vystarcu.savings.workingadvantage.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 185
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 14ms
11ms Script
application/x-javascript 2a02:26f0:3500:591::1e80

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Thu, 27 Oct 2022 15:26:03 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 14ms
11ms Script
application/x-javascript 2a02:26f0:3500:591::1e80

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Thu, 27 Oct 2022 15:26:03 GMT

GET styles.ecb83e0bf67d42eed671.css
vystarcu.savings.workingadvantage.com/ 0
0

GET
H2 200 id Show response
smetrics.workingadvantage.com/ 48 B
481 B 64ms
18ms XHR
application/x-javascript 13.36.218.177

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=54001001634548089042334464526002037772&cl=157680000&d_coppa=true&ts=1666880763930

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 -, , ASN (),

Reverse DNS

Software

jag /

Resource Hash

28ce1b1646357fae2a448de8eabfb40e35c25871638fd93c6450bd5e1d1fa715

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 27 Oct 2022 14:26:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 97ms
46ms XHR
application/json 2a00:1450:4001:82a::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a -, , ASN (),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23
x-xss-protection: 0

GET
H2 200 RCea9d317d3a374e44b3f0f8711e38765e-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/ 2 KB
1 KB 14ms
14ms Script
application/x-javascript 2a02:26f0:3500:591::1e80

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7ecf26b424a7f990de06441bf239389e6bc68be655378de13980937ea78cd509

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 751
expires: Thu, 27 Oct 2022 15:26:04 GMT

GET
H3 200 invisible.js Show response
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 0A75 38 KB
13 KB 26ms
25ms Script
application/javascript 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1666872000

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56727e931548df298bd14b26ed24766058edae4b217ece662ef5539f98b5ae32

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 760c1ac8cede923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 sync Show response
live.rezync.com/ 4 KB
5 KB 234ms
199ms Script
application/javascript 13.32.27.99

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1666880764308&k=ebg-wag3-pixel-0988
Requested by: Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.99 -, , ASN (),
Reverse DNS
Software: lighttpd/1.4.59 /
Resource Hash: 90f82bca12544b99d05c8b84cdb7a71856b9d56a19a2bc8313d1638544e64158

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
via: 1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
server: lighttpd/1.4.59
x-amz-cf-pop: FRA56-C2
vary: Cookie
x-cache: Miss from cloudfront
content-type: application/javascript
content-length: 4591
x-amz-cf-id: 9tkFMg2HssuvXIxFxK6bxtiN6l-j16v1uMqm-d_TZS-vEGl9E96UxQ==

GET
H3 200 pica.js
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 0A75 20 KB
7 KB 23ms
23ms Other
application/javascript 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9492a23d863c82e77604a4dcf763726774dc3a2325c4f9d5880fc32b4b816e2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 760c1ac90f59923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 760c1ac31d74923e Show response
vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 0A75 2 B
437 B 35ms
35ms XHR
text/plain 172.64.151.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/cv/result/760c1ac31d74923e

Requested by

Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1666872000

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.151.143 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
content-type: text/plain; charset=UTF-8
cf-ray: 760c1acb2ac7923e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK p13n.min.js Show response
cdn.boomtrain.com/p13n/ebg-wag3/ 80 KB
26 KB 50ms
8ms Script
application/javascript 13.32.27.70

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
Requested by: Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.70 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00b312d0999d9512ae3a4763f0b0fb2100f5871bbfa73253b8ad00783b6fe2f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: NSV_peqbleyc1xsQf3zf7hHN4nLpLTzZ
Content-Encoding: gzip
Via: 1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
Date: Thu, 27 Oct 2022 13:57:41 GMT
X-Amz-Cf-Pop: FRA56-C2
Age: 2357
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 26 Oct 2022 02:49:27 GMT
Server: AmazonS3
ETag: W/"26114651bd5bd7a9d6d67e1ee57b9c81"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=3600
X-Amz-Cf-Id: dZAMtPmFr-A0ooYnf_kKP1StZjQG9MjDM4d33KX0EF7H2xpWN9Ac5w==

GET
H/1.1 200
OK / Show response
com-wag3.netmng.com/ 7 KB
3 KB 487ms
116ms Script
text/javascript 199.38.167.54

General

Check archive.org

Show headers Download Go to

Full URL: https://com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Fvystarcu.savings.workingadvantage.com%2Fmy-profile%2Fdetails&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=
Requested by: Host: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/my-profile/details
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.38.167.54 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash: f20d0df0b1a8d1437f74e6b2cd383e0ca5615f6b5d642f59d0b36af59bd88a4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 Oct 2022 14:26:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Oct 2022 14:26:13 GMT
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Content-Type: text/javascript; charset=UTF-8
X-Cnection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 25 Oct 2022 14:26:13 GMT

GET
H/1.1 200
OK resolve Show response
people.api.boomtrain.com/identify/ 142 B
457 B 402ms
107ms XHR
application/json 54.81.23.211

General

Check archive.org

Show headers Download Go to

Full URL: https://people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiMTIyZjkzZjAtMDYxYS00NjdiLWEzZDAtN2MyYzFiMTZjMWU4OjE2NjY4ODA3NjQuNDIwNjY1NyJ9fQ%3D%3D&site_id=ebg-wag3
Requested by: Host: cdn.boomtrain.com
URL: https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.81.23.211 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f89c42dcc303ac7afbdee0167b64078d4ffeb33231450d88a68b7c402808eedb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Thu, 27 Oct 2022 14:26:05 GMT
Server: nginx
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Content-Length: 142

GET
H2 200 RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/ 451 B
567 B 7ms
7ms Script
application/x-javascript 2a02:26f0:3500:591::1e80

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7bf7d79c2124503815df2732e90da86210ebd4854d94ae57fcb65a31d2149b6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 286
expires: Thu, 27 Oct 2022 15:26:04 GMT

GET
H2 200 RC668a267ca36c45b5acca38f3e4360a76-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/ 340 B
495 B 7ms
7ms Script
application/x-javascript 2a02:26f0:3500:591::1e80

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 33be00f4da262b9776854af91f3a9ee10fa502fc4a021ad79319c4fae89369fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:04 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 215
expires: Thu, 27 Oct 2022 15:26:04 GMT

POST
H2 200 track Show response
events.api.boomtrain.com/event/ 2 B
200 B 301ms
105ms XHR
text/plain 52.45.50.76

General

Check archive.org

Show headers Download Go to

Full URL: https://events.api.boomtrain.com/event/track
Requested by: Host: cdn.boomtrain.com
URL: https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.50.76 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://vystarcu.savings.workingadvantage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Thu, 27 Oct 2022 14:26:05 GMT
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
content-length: 2
access-control-allow-methods: GET, PUT, POST, DELETE

GET
H/1.1 200
OK / Show response
com-wag3.netmng.com/WAG3/com/ 3 KB
2 KB 100ms
99ms Script
text/javascript 199.38.167.54

General

Check archive.org

Show headers Download Go to

Full URL: https://com-wag3.netmng.com/WAG3/com/?vid=gl1ca3atzbqww&referer=https%3A//vystarcu.savings.workingadvantage.com/my-profile/details&browserPixelRatio=1&browserWidth=1600&browserHeight=1200&aid=6366&siclientid=105368&url=https%3A%2F%2Fvystarcu.savings.workingadvantage.com%2Fmy-profile%2Fdetails&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&function=browser_check&r=458600
Requested by: Host: com-wag3.netmng.com
URL: https://com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2Fvystarcu.savings.workingadvantage.com%2Fmy-profile%2Fdetails&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.38.167.54 -, , ASN (),
Reverse DNS
Software: openresty /
Resource Hash: 51c28a44c986a235c6d74f2abfbafd9c9a01452515258628e10cbe3024c45a4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 Oct 2022 14:26:14 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Oct 2022 14:26:14 GMT
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Content-Type: text/javascript; charset=UTF-8
X-Cnection: close
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private
Expires: Tue, 25 Oct 2022 14:26:14 GMT

GET
H2 200 RC0c16579d5c704bd0a214633d669d35f2-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/ 1018 B
829 B 8ms
7ms Script
application/x-javascript 2a02:26f0:3500:591::1e80

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/12569482cfef/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d2f9635e91192863bba2bff4891d69b67971ef131dea10902348d16cfc70f11b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:26:05 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 19:23:54 GMT
server: AkamaiNetStorage
etag: "bf12e6028d837026ed54b934e047290d:1662405834.342951"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://vystarcu.savings.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 548
expires: Thu, 27 Oct 2022 15:26:05 GMT

GET
H3 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/49/12/intl/de_ALL/ 245 KB
245 KB 50ms
19ms Script
text/javascript 2a00:1450:4001:82a::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/49/12/intl/de_ALL/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d5dedc806286a7d226bde30c269a5e60c9a4dfb543157efa8601a18901d67c6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 00:35:10 GMT
x-content-type-options: nosniff
age: 222659
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251180
x-xss-protection: 0
last-modified: Mon, 01 Aug 2022 19:29:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Oct 2023 00:35:10 GMT

GET
H3 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/49/12/intl/de_ALL/ 157 KB
58 KB 45ms
16ms Script
text/javascript 2a00:1450:4001:82a::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/49/12/intl/de_ALL/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c87ba071e51ec2da1b0e1155cd24a5b2b6f0c2d671d3c6e8ec771355af87001e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vystarcu.savings.workingadvantage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 03:58:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58987
x-xss-protection: 0
last-modified: Mon, 01 Aug 2022 19:29:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Oct 2023 03:58:11 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/styles.ecb83e0bf67d42eed671.css

Domain: vystarcu.savings.workingadvantage.com
URL: https://vystarcu.savings.workingadvantage.com/styles.ecb83e0bf67d42eed671.css

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.beneplace.com/	1970-01-20 15:46:56	Name: wp4326 Value: "XWVZDL-WKIU-s-WWBM:WMJBBBDtlnDl-UIMH-VVUTDDDUUKVBVWDgNssDDLFl-UIMH-VVUTFJmY_T^UZZZBBTAYCD"
.workingadvantage.com/	1970-01-20 07:01:22	Name: __cf_bm Value: Lnlq_wqkF7rJnOtq6oxNSh_UdB1yqa4mHV2JL6U0OG4-1666880759-0-AfDo3aPZfXoraYhlJ0dB1BklH+OxfwIkIu5U2roVEZvV087gRNGqhKjaFo1ANnTvFa33H/+4V2S5i8rPQsdccoU=
vystarcu.savings.workingadvantage.com/	1970-01-20 07:01:24	Name: cf_chl_2 Value: 90dcb38783f8ec5
vystarcu.savings.workingadvantage.com/	1970-01-20 07:01:24	Name: cf_chl_prog Value: F17
vystarcu.savings.workingadvantage.com/	1970-01-20 07:01:24	Name: cf_chl_rc_ni Value: 1

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://vystarcu.savings.workingadvantage.com/my-profile/details Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://vystarcu.savings.workingadvantage.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://vystarcu.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/g/pat/760c1aac8f755be5/1666880760102/2f3b95481b0805ffb4cd428605a2941f460b9870dda5363bee8d5b917464ba7d/JEfWyd79cIUkg3g Message: Failed to load resource: the server responded with a status of 401 ()
security	error	URL: https://vystarcu.savings.workingadvantage.com/my-profile/details Message: Refused to apply style from 'https://vystarcu.savings.workingadvantage.com/styles.ecb83e0bf67d42eed671.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://vystarcu.savings.workingadvantage.com/runtime.59f1daeeb5fe85400c4a.js Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://vystarcu.savings.workingadvantage.com/main.2f6aaa24835482b69717.js Message: Failed to load resource: the server responded with a status of 503 ()
security	error	URL: https://vystarcu.savings.workingadvantage.com/my-profile/details(Line 36) Message: Refused to apply style from 'https://vystarcu.savings.workingadvantage.com/styles.ecb83e0bf67d42eed671.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://vystarcu.savings.workingadvantage.com/polyfills.b9d9e6a9e2bd25627a0e.js Message: Failed to load resource: the server responded with a status of 503 ()
security	error	URL: https://vystarcu.savings.workingadvantage.com/my-profile/details Message: Refused to execute script from 'https://vystarcu.savings.workingadvantage.com/runtime.59f1daeeb5fe85400c4a.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://vystarcu.savings.workingadvantage.com/my-profile/details Message: Refused to execute script from 'https://vystarcu.savings.workingadvantage.com/polyfills.b9d9e6a9e2bd25627a0e.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://vystarcu.savings.workingadvantage.com/my-profile/details Message: Refused to execute script from 'https://vystarcu.savings.workingadvantage.com/main.2f6aaa24835482b69717.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cdn.boomtrain.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
com-wag3.netmng.com
dpm.demdex.net
events.api.boomtrain.com
fonts.googleapis.com
live.rezync.com
maps.googleapis.com
marketing.beneplace.com
people.api.boomtrain.com
smetrics.workingadvantage.com
vystarcu.savings.workingadvantage.com
vystarcu.savings.workingadvantage.com
13.32.27.70
13.32.27.99
13.36.218.177
172.64.151.143
199.38.167.54
2001:4de0:ac18::1:a:1b
207.189.124.33
2606:4700::6810:5514
2606:4700::6811:190e
2a00:1450:4001:82a::200a
2a00:1450:4001:831::200a
2a02:26f0:3500:591::1e80
52.45.50.76
54.229.2.193
54.81.23.211
00b312d0999d9512ae3a4763f0b0fb2100f5871bbfa73253b8ad00783b6fe2f3
06d0b97894b3a88281be52e6aadf475ea4f803b9b3d6a55a70c9821cc206ddb0
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28ce1b1646357fae2a448de8eabfb40e35c25871638fd93c6450bd5e1d1fa715
3298907ceed017acd329c68597e32d0ea29c462d2c08460e0ae07b3345165b22
33be00f4da262b9776854af91f3a9ee10fa502fc4a021ad79319c4fae89369fd
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
51c28a44c986a235c6d74f2abfbafd9c9a01452515258628e10cbe3024c45a4e
546d5f2e1bc2bef4a8b3bc06c6513ceeb7793933cf46c209fb44c237b36b9712
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56727e931548df298bd14b26ed24766058edae4b217ece662ef5539f98b5ae32
5ef043454b128260dda530a42312fbb985505034036cd3f3ea23cfe324a7905b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
71cbe27bdf00c304f50b4a4a23f2f5104bc6f52788e72c7aba0062370789c5fd
79e20bace9b909d9ee9538e275a00193160a9209c59f663846d2d3750e1894de
7bf7d79c2124503815df2732e90da86210ebd4854d94ae57fcb65a31d2149b6d
7ecf26b424a7f990de06441bf239389e6bc68be655378de13980937ea78cd509
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
90f82bca12544b99d05c8b84cdb7a71856b9d56a19a2bc8313d1638544e64158
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
9492a23d863c82e77604a4dcf763726774dc3a2325c4f9d5880fc32b4b816e2c
b6561681083cf9fd32b2fdff0dbf739df3c54be0aa38f7250b4f191f9fcea580
c87ba071e51ec2da1b0e1155cd24a5b2b6f0c2d671d3c6e8ec771355af87001e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
cc6b208ab1c26bdf5f04117525cf5aa452edddd1a5e30a3ea8bde7968b16906a
d2f9635e91192863bba2bff4891d69b67971ef131dea10902348d16cfc70f11b
d5184b49201d9ca12a23f95330f9b9276f6f43579d9f40df204867b17d2ed682
d5dedc806286a7d226bde30c269a5e60c9a4dfb543157efa8601a18901d67c6d
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0e31476a59a908f3e726ed8ef24287dd660bd37fdfde938d8b9bb9a48ce258c
f20d0df0b1a8d1437f74e6b2cd383e0ca5615f6b5d642f59d0b36af59bd88a4f
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f89c42dcc303ac7afbdee0167b64078d4ffeb33231450d88a68b7c402808eedb
faa67d3b2b2220dc526c921c1fc47df5b956559a293d5e07fbaf58a52462f6bd
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa
ff95ba4478ad1db8fec82f03031b0a6915ded3bcb4954b632eefb44f84642be9

vystarcu.savings.workingadvantage.com Open in urlscan Pro 172.64.151.143 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

95 %HTTPS

40 %IPv6

11 Domains

15 Subdomains

15 IPs

1 Countries

793 kBTransfer

1991 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

vystarcu.savings.workingadvantage.com Open in urlscan Pro
172.64.151.143 Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

95 %
HTTPS

40 %
IPv6

11
Domains

15
Subdomains

15
IPs

1
Countries

793 kB
Transfer

1991 kB
Size

5
Cookies

43 HTTP transactions
2 data transactions