page.firstleaf.club Open in urlscan Pro
2606:4700:10::6816:2be0 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sailthru.perkspot.com/click/27080417.4496367/aHR0cHM6Ly9lbWFpbC5wZXJrc3BvdC5jb20vZS92My9jbGljay9vZmZlci8xNDMxNjA5P21lc...
Effective URL:
https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC...
Submission: On April 01 via api (April 1st 2022, 8:51:11 pm UTC) from US — Scanned from DE

Summary HTTP 129 Redirects Behaviour Indicators

Summary

This website contacted 43 IPs in 5 countries across 42 domains to perform 129 HTTP transactions. The main IP is 2606:4700:10::6816:2be0, located in United States and belongs to CLOUDFLARENET, US. The main domain is page.firstleaf.club.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 13th 2021. Valid for: a year.

This is the only time page.firstleaf.club was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.226.166.212 3.226.166.212	14618 (AMAZON-AES) (AMAZON-AES)
2 18	168.62.244.248 168.62.244.248	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6811:f349	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:bdf::44 2620:1ec:bdf::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	99.84.158.11 99.84.158.11	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.9 13.32.99.9	16509 (AMAZON-02) (AMAZON-02)
1 4	2a00:1450:400... 2a00:1450:400c:c1b::9c	15169 (GOOGLE) (GOOGLE)
1	13.32.121.41 13.32.121.41	16509 (AMAZON-02) (AMAZON-02)
1	18.64.115.56 18.64.115.56	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1 3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
4	99.83.154.140 99.83.154.140	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1 13	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	3.213.41.181 3.213.41.181	14618 (AMAZON-AES) (AMAZON-AES)
1	104.18.70.113 104.18.70.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.69.106.89 13.69.106.89	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	104.16.53.111 104.16.53.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	89.207.16.72 89.207.16.72	41041 (VCLK-EU-SE) (VCLK-EU-SE)
3	2606:4700:10:... 2606:4700:10::6816:2be0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	35.244.137.202 35.244.137.202	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20d... 2600:9000:20d7:be00:b:dc44:3680:21	16509 (AMAZON-02) (AMAZON-02)
1 1	104.92.74.173 104.92.74.173	() ()
1	35.222.120.150 35.222.120.150	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:440e::6812:2fe6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.120.27.38 34.120.27.38	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:710... 2a02:26f0:7100:18e::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	108.138.7.93 108.138.7.93	16509 (AMAZON-02) (AMAZON-02)
1	108.157.5.251 108.157.5.251	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
18	2606:4700::68... 2606:4700::6812:9e3	() ()
1	2a00:1450:400... 2a00:1450:4001:810::2003	() ()
1	2600:9000:223... 2600:9000:223f:5200:15:decf:f580:21	() ()
1	2606:4700::68... 2606:4700::6812:318	() ()
1	104.92.92.80 104.92.92.80	() ()
1	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	() ()
1	99.86.113.64 99.86.113.64	() ()
129	43

1 3.226.166.212 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-166-212.compute-1.amazonaws.com

sailthru.perkspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 168.62.244.248 (Chicago, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

email.perkspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
walgreens.perkspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f349 (United States)

ASN13335 (CLOUDFLARENET, US)

hello.myfonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

psprods3ep.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.158.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-158-11.txl52.r.cloudfront.net

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-9.fra60.r.cloudfront.net

cdn.rollbar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c1b::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-41.fra60.r.cloudfront.net

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.115.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-115-56.txl50.r.cloudfront.net

js.go2sdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.83.154.140 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.18.72.113 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

assets.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.213.41.181 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-41-181.compute-1.amazonaws.com

heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)

ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.69.106.89 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)

perkspot.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 89.207.16.72 (United States) 3 redirects

ASN41041 (VCLK-EU-SE, US)

www.jdoqocy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cj.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.emjcd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:2be0 (United States)

ASN13335 (CLOUDFLARENET, US)

page.firstleaf.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.firstleaf.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.137.202 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 202.137.244.35.bc.googleusercontent.com

g.fastcdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20d7:be00:b:dc44:3680:21 (United States)

ASN16509 (AMAZON-02, US)

d1hdjv7b05hja2.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.74.173 (None, ) 1 redirects

ASN- ()

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.222.120.150 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 150.120.222.35.bc.googleusercontent.com

heatmap-events-collector.instapage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::6812:2fe6 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.27.38 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 38.27.120.34.bc.googleusercontent.com

cdn.instapagemetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100:18e::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-93.fra56.r.cloudfront.net

init.blackcrow.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.5.251 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-5-251.dus51.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

11295779.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700::6812:9e3 (None, )

ASN- ()

v.fastcdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:5200:15:decf:f580:21 (None, )

ASN- ()

d38xvr37kwwhcm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:318 (None, )

ASN- ()

www.kind-loving-strawberry.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.92.80 (None, )

ASN- ()

aa.trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:12:face:b00c:0:3 (None, )

ASN- ()

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.113.64 (None, )

ASN- ()

cdn1-res.sundaysky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	fastcdn.co g.fastcdn.co — Cisco Umbrella Rank: 46128 v.fastcdn.co	1 MB
19	perkspot.com 3 redirects sailthru.perkspot.com — Cisco Umbrella Rank: 178358 email.perkspot.com — Cisco Umbrella Rank: 322496 walgreens.perkspot.com	795 KB
13	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 2153 ekr.zdassets.com — Cisco Umbrella Rank: 2392	527 KB
8	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	80 KB
7	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 95 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 11295779.fls.doubleclick.net	21 KB
5	zendesk.com 1 redirects assets.zendesk.com — Cisco Umbrella Rank: 7785 perkspot.zendesk.com — Cisco Umbrella Rank: 253797	3 KB
5	heapanalytics.com cdn.heapanalytics.com — Cisco Umbrella Rank: 3629 heapanalytics.com — Cisco Umbrella Rank: 3083	46 KB
4	sail-personalize.com api.sail-personalize.com — Cisco Umbrella Rank: 2606	994 B
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 76	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 390	13 KB
3	firstleaf.club page.firstleaf.club www.firstleaf.club rbv9j7km.firstleaf.club Failed	212 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5640	628 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	202 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 772	1 KB
2	cloudfront.net d1hdjv7b05hja2.cloudfront.net d38xvr37kwwhcm.cloudfront.net	17 KB
2	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 877	303 B
2	azureedge.net psprods3ep.azureedge.net — Cisco Umbrella Rank: 217393	29 KB
1	sundaysky.com cdn1-res.sundaysky.com
1	facebook.net connect.facebook.net
1	kind-loving-strawberry.com www.kind-loving-strawberry.com
1	trkn.us trkn.us Failed aa.trkn.us	166 B
1	gstatic.com fonts.gstatic.com	31 KB
1	sc-static.net sc-static.net — Cisco Umbrella Rank: 1187	7 KB
1	blackcrow.ai init.blackcrow.ai — Cisco Umbrella Rank: 19506	402 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 622	6 KB
1	instapagemetrics.com cdn.instapagemetrics.com — Cisco Umbrella Rank: 52094	19 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1209	5 KB
1	instapage.com heatmap-events-collector.instapage.com — Cisco Umbrella Rank: 48949 anthill.instapage.com Failed	9 KB
1	typography.com 1 redirects cloud.typography.com	437 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	1 KB
1	emjcd.com 1 redirects www.emjcd.com — Cisco Umbrella Rank: 14772	1 KB
1	dotomi.com 1 redirects cj.dotomi.com — Cisco Umbrella Rank: 14932	1 KB
1	jdoqocy.com 1 redirects www.jdoqocy.com — Cisco Umbrella Rank: 62293	630 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 105	15 KB
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 1889	40 KB
1	go2sdk.com js.go2sdk.com — Cisco Umbrella Rank: 24624	18 KB
1	rollbar.com cdn.rollbar.com — Cisco Umbrella Rank: 5306	23 KB
1	sail-horizon.com ak.sail-horizon.com — Cisco Umbrella Rank: 2701	43 KB
1	myfonts.net hello.myfonts.net — Cisco Umbrella Rank: 5405	352 B
0	twitter.com Failed analytics.twitter.com Failed
0	clarity.ms Failed k.clarity.ms Failed
0	t.co Failed t.co Failed
129	42

	Domain	Requested by
18	v.fastcdn.co	page.firstleaf.club
17	walgreens.perkspot.com	1 redirects walgreens.perkspot.com
12	static.zdassets.com	walgreens.perkspot.com assets.zendesk.com static.zdassets.com www.googletagmanager.com
8	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com walgreens.perkspot.com page.firstleaf.club
6	g.fastcdn.co	page.firstleaf.club
4	perkspot.zendesk.com	static.zdassets.com
4	heapanalytics.com	walgreens.perkspot.com
4	api.sail-personalize.com	cdn.rollbar.com
4	stats.g.doubleclick.net	1 redirects walgreens.perkspot.com cdn.rollbar.com www.google-analytics.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com page.firstleaf.club
3	www.google.de	walgreens.perkspot.com
3	www.google.com	1 redirects walgreens.perkspot.com
3	www.googletagmanager.com	walgreens.perkspot.com www.googletagmanager.com page.firstleaf.club
2	11295779.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	s.pinimg.com	www.googletagmanager.com s.pinimg.com
2	page.firstleaf.club	walgreens.perkspot.com page.firstleaf.club
2	dc.services.visualstudio.com	cdn.rollbar.com
2	psprods3ep.azureedge.net	walgreens.perkspot.com
1	cdn1-res.sundaysky.com	www.googletagmanager.com
1	connect.facebook.net	walgreens.perkspot.com
1	aa.trkn.us	walgreens.perkspot.com
1	www.kind-loving-strawberry.com	walgreens.perkspot.com
1	d38xvr37kwwhcm.cloudfront.net	walgreens.perkspot.com
1	fonts.gstatic.com	fonts.googleapis.com
1	adservice.google.com	11295779.fls.doubleclick.net
1	sc-static.net	www.googletagmanager.com
1	init.blackcrow.ai	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	cdn.instapagemetrics.com	page.firstleaf.club
1	static.cloudflareinsights.com	page.firstleaf.club
1	heatmap-events-collector.instapage.com	page.firstleaf.club
1	www.firstleaf.club	page.firstleaf.club
1	cloud.typography.com	1 redirects
1	d1hdjv7b05hja2.cloudfront.net	page.firstleaf.club
1	fonts.googleapis.com	page.firstleaf.club
1	www.emjcd.com	1 redirects
1	cj.dotomi.com	1 redirects
1	www.jdoqocy.com	1 redirects
1	ekr.zdassets.com	assets.zendesk.com
1	assets.zendesk.com	1 redirects
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	az416426.vo.msecnd.net	walgreens.perkspot.com
1	js.go2sdk.com	walgreens.perkspot.com
1	cdn.heapanalytics.com	walgreens.perkspot.com
1	cdn.rollbar.com	walgreens.perkspot.com
1	ak.sail-horizon.com	walgreens.perkspot.com
1	hello.myfonts.net	walgreens.perkspot.com
1	email.perkspot.com	1 redirects
1	sailthru.perkspot.com	1 redirects
0	anthill.instapage.com Failed	page.firstleaf.club
0	rbv9j7km.firstleaf.club Failed	walgreens.perkspot.com
0	analytics.twitter.com Failed	static.ads-twitter.com
0	k.clarity.ms Failed	bat.bing.com
0	trkn.us Failed	page.firstleaf.club
0	t.co Failed	page.firstleaf.club
129	56

This site contains no links.

Subject Issuer	Validity	Valid
*.perkspot.com Go Daddy Secure Certificate Authority - G2	`2021-07-22` - `2022-08-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-10` - `2022-07-09`	a year	crt.sh
*.azureedge.net Microsoft Azure TLS Issuing CA 05	`2022-03-25` - `2023-03-20`	a year	crt.sh
ak.sail-horizon.com Amazon	`2022-01-06` - `2023-02-02`	a year	crt.sh
cdn.rollbar.com Amazon	`2021-07-11` - `2022-08-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
cdn.heapanalytics.com Amazon	`2021-08-28` - `2022-09-26`	a year	crt.sh
js.go2sdk.com Amazon	`2021-10-07` - `2022-11-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
api.sail-personalize.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
heapanalytics.com Amazon	`2021-12-09` - `2023-01-06`	a year	crt.sh
ssl1036557.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2021-07-08` - `2022-07-07`	a year	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 02	`2022-02-08` - `2023-02-08`	a year	crt.sh
perkspot.zendesk.com Cloudflare Inc ECC CA-3	`2021-06-16` - `2022-06-15`	a year	crt.sh
g.fastcdn.co GTS CA 1D4	`2022-02-16` - `2022-05-17`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
heatmap-events-collector.instapage.com R3	`2022-02-21` - `2022-05-22`	3 months	crt.sh
cdn.instapagemetrics.com GTS CA 1D4	`2022-02-16` - `2022-05-17`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.blackcrow.ai Amazon	`2021-12-21` - `2023-01-18`	a year	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-27` - `2023-01-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.fastcdn.co E1	`2022-02-08` - `2022-05-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
cert1.a1.atm.aqfer.net R3	`2022-01-20` - `2022-04-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-09` - `2022-04-09`	3 months	crt.sh
*.sundaysky.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-26` - `2022-06-26`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Frame ID: 940FFE9AFACC295431259F44C25F664C
Requests: 111 HTTP requests in this frame

Frame: https://static.zdassets.com/ekr/asset_composer.js
Frame ID: A96C9F44E52222AC20C9560B5A750F31
Requests: 2 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/web-widget-framework-40cac614c9635fb7d134.js
Frame ID: 2200FC4E0624F72E37A1A147D27B5857
Requests: 14 HTTP requests in this frame

Frame: https://11295779.fls.doubleclick.net/activityi;dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d;u2=other;u4=undefined;u5=undefined;~oref=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d
Frame ID: 6E2CEADD2FD86508748EF0E06C047EF4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://sailthru.perkspot.com/click/27080417.4496367/aHR0cHM6Ly9lbWFpbC5wZXJrc3BvdC5jb20vZS92My9jbGljay9vZ... HTTP 302
https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&cmpn... HTTP 302
https://walgreens.perkspot.com/auth/email?sid=1108a752-8cc9-4dbb-bd03-d19015095d0e&auth=ab35287f83345ff16f6... HTTP 302
https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast Page URL
https://www.jdoqocy.com/click-2097062-13413294?sid=EPVE3BF10Q6890MZSAACRUVBD HTTP 302
https://cj.dotomi.com/db111kjsr9/jqv/8AB8A9GB/97GE7D9/7/7/7?m=qwmh%3DITZI7FJ54UACD4QdWEEGVYZFH%3c%... HTTP 302
https://www.emjcd.com/a5100mu21M/u05/JLMJLKRM/KIRPIOK/I/MIIKIMNRPPQNQMMLNO:-w0d3GF-VInU/PNOIwRvJtJ... HTTP 302
https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=185077... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Heap (Analytics) Expand

Overall confidence: 100%
Detected patterns

heap-\d+\.js

Page Statistics

129
Requests

91 %
HTTPS

47 %
IPv6

42
Domains

56
Subdomains

43
IPs

5
Countries

3225 kB
Transfer

8845 kB
Size

42
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sailthru.perkspot.com/click/27080417.4496367/aHR0cHM6Ly9lbWFpbC5wZXJrc3BvdC5jb20vZS92My9jbGljay9vZmZlci8xNDMxNjA5P21lcmNoYW50TmFtZT1GaXJzdGxlYWZXaW5lQ2x1YiZhc3NldFR5cGU9U21hbGwmY21wbmlkPTE3MyZwcD0xNSZwdD1zc3MmYXQ9cyZhcD0xJnBrPTEmZHQ9cyZhbz0xNDMxNjA5JjE9MS8mZW1haWw9Y2FwcmljZS5oYXllcyU0MHdhbGdyZWVucy5jb20mZW1haWxCbGFzdElkPTI3MDgwNDE3JmVudGl0eUVtYWlsVHlwZUNvZGU9d2Vla2x5Ymxhc3QmdXNlcklkPTI2NzQzOTkxJmNvbW11bml0eWlkPTQwNSZhdXRoPTk2ODNlYzhlZTI3NjI2NzIxNWI1ZjZlMWYwY2QwN2RmJmNvbW11bml0eW5hbWU9V2FsZ3JlZW5zJnJlY29tbWlkPSZtc2dpZD0yNzA4MDQxNy40NDk2MzY3/622660706962f425044a378aB96e2e3ac HTTP 302
https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&cmpnid=173&pp=15&pt=sss&at=s&ap=1&pk=1&dt=s&ao=1431609&1=1/&email=caprice.hayes%40walgreens.com&emailBlastId=27080417&entityEmailTypeCode=weeklyblast&userId=26743991&communityid=405&auth=9683ec8ee276267215b5f6e1f0cd07df&communityname=Walgreens&recommid=&msgid=27080417.4496367 HTTP 302
https://walgreens.perkspot.com/auth/email?sid=1108a752-8cc9-4dbb-bd03-d19015095d0e&auth=ab35287f83345ff16f6bf99849b43121&redirectUrl=%2foffer%2f1431609%2fnone%3futm_medium%3demail%26utm_id%3dweeklyblast&furtherRedirect= HTTP 302
https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast Page URL
https://www.jdoqocy.com/click-2097062-13413294?sid=EPVE3BF10Q6890MZSAACRUVBD HTTP 302
https://cj.dotomi.com/db111kjsr9/jqv/8AB8A9GB/97GE7D9/7/7/7?m=qwmh%3DITZI7FJ54UACD4QdWEEGVYZFH%3c%3clxxtw%3A%2F%2F000.nhsusg2.gsq%3AC4%2Fgpmgo-64DB4A6-578576D8%3c%3cK%3clxxtw%3A%2F%2F0epkviirw.tivowtsx.gsq%2F%3c%3c5%3c5%3c4%3c4%3c4%3c HTTP 302
https://www.emjcd.com/a5100mu21M/u05/JLMJLKRM/KIRPIOK/I/MIIKIMNRPPQNQMMLNO:-w0d3GF-VInU/PNOIwRvJtJxvJJwuQJxOIMPMIsJQINIv?t=evlg%3DHSYH6EI43T9BC3PcVDDFUXYEG%3cfmr!05s2-gzrAhhd%3ckwwsv%3A%2F%2Fzzz.mgrtrf1.frp%3AB3%2Ffolfn-53CA395-467465C7%3c%3cJ%3ckwwsv%3A%2F%2Fzdojuhhqv.shunvsrw.frp%2F%3cCh4f6BCf-Ag7e-7B9g-dA3i-3dBi3d4i86eg%3c4%3c4%3c3%3c3%3c3%3c HTTP 302
https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://sailthru.perkspot.com/click/27080417.4496367/aHR0cHM6Ly9lbWFpbC5wZXJrc3BvdC5jb20vZS92My9jbGljay9vZmZlci8xNDMxNjA5P21lcmNoYW50TmFtZT1GaXJzdGxlYWZXaW5lQ2x1YiZhc3NldFR5cGU9U21hbGwmY21wbmlkPTE3MyZwcD0xNSZwdD1zc3MmYXQ9cyZhcD0xJnBrPTEmZHQ9cyZhbz0xNDMxNjA5JjE9MS8mZW1haWw9Y2FwcmljZS5oYXllcyU0MHdhbGdyZWVucy5jb20mZW1haWxCbGFzdElkPTI3MDgwNDE3JmVudGl0eUVtYWlsVHlwZUNvZGU9d2Vla2x5Ymxhc3QmdXNlcklkPTI2NzQzOTkxJmNvbW11bml0eWlkPTQwNSZhdXRoPTk2ODNlYzhlZTI3NjI2NzIxNWI1ZjZlMWYwY2QwN2RmJmNvbW11bml0eW5hbWU9V2FsZ3JlZW5zJnJlY29tbWlkPSZtc2dpZD0yNzA4MDQxNy40NDk2MzY3/622660706962f425044a378aB96e2e3ac HTTP 302
https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&cmpnid=173&pp=15&pt=sss&at=s&ap=1&pk=1&dt=s&ao=1431609&1=1/&email=caprice.hayes%40walgreens.com&emailBlastId=27080417&entityEmailTypeCode=weeklyblast&userId=26743991&communityid=405&auth=9683ec8ee276267215b5f6e1f0cd07df&communityname=Walgreens&recommid=&msgid=27080417.4496367 HTTP 302
https://walgreens.perkspot.com/auth/email?sid=1108a752-8cc9-4dbb-bd03-d19015095d0e&auth=ab35287f83345ff16f6bf99849b43121&redirectUrl=%2foffer%2f1431609%2fnone%3futm_medium%3demail%26utm_id%3dweeklyblast&furtherRedirect= HTTP 302
https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Request Chain 26

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=267050035&utmhn=walgreens.perkspot.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&utmhid=20688138&utmr=-&utmp=%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&utmht=1648846267045&utmac=UA-652375-6&utmcc=__utma%3D196031274.794515305.1648846267.1648846267.1648846267.1%3B%2B__utmz%3D196031274.1648846267.1.1.utmcid%3Dweeklyblast%7Cutmccn%3D(not%2520set)%7Cutmcmd%3Demail%3B&utmjid=393959800&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-652375-6&cid=794515305.1648846267&jid=393959800&_v=5.7.2dc&z=267050035 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-652375-6&cid=794515305.1648846267&jid=393959800&_v=5.7.2dc&z=267050035&slf_rd=1&random=1535961764

Request Chain 42

https://assets.zendesk.com/embeddable_framework/main.js HTTP 301
https://static.zdassets.com/ekr/asset_composer.js

Request Chain 73

https://cloud.typography.com/7410416/6307592/css/fonts.css HTTP 302
https://www.firstleaf.club/fonts/687751/007ADF49EA9D333D0.css

Request Chain 87

https://11295779.fls.doubleclick.net/activityi;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d;u2=other;u4=undefined;u5=undefined;~oref=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d HTTP 302
https://11295779.fls.doubleclick.net/activityi;dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d;u2=other;u4=undefined;u5=undefined;~oref=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d

129 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

none Show response
walgreens.perkspot.com/offer/1431609/
Redirect Chain

https://sailthru.perkspot.com/click/27080417.4496367/aHR0cHM6Ly9lbWFpbC5wZXJrc3BvdC5jb20vZS92My9jbGljay9vZmZlci8xNDMxNjA5P21lcmNoYW50TmFtZT1GaXJzdGxlYWZXaW5lQ2x1YiZhc3NldFR5cGU9U21hbGwmY21wbmlkPTE3...
https://email.perkspot.com/e/v3/click/offer/1431609?merchantName=FirstleafWineClub&assetType=Small&cmpnid=173&pp=15&pt=sss&at=s&ap=1&pk=1&dt=s&ao=1431609&1=1/&email=caprice.hayes%40walgreens.com&em...
https://walgreens.perkspot.com/auth/email?sid=1108a752-8cc9-4dbb-bd03-d19015095d0e&auth=ab35287f83345ff16f6bf99849b43121&redirectUrl=%2foffer%2f1431609%2fnone%3futm_medium%3demail%26utm_id%3dweekly...
https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

61 KB
20 KB

326ms
325ms

Document
text/html

168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

6922dedeefd6111962cf4a6bef17145ce2a9fda6081bd04acf71f100c9a85749

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Content-Encoding: gzip
Content-Length: 19668
Content-Security-Policy: frame-ancestors *.perkspot.com
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2022 20:51:05 GMT
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Vary: Accept-Encoding
X-Content-Security-Policy: frame-ancestors *.perkspot.com
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET

Redirect headers

Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Content-Length: 206
Content-Security-Policy: frame-ancestors *.perkspot.com
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2022 20:51:05 GMT
Location: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
X-Content-Security-Policy: frame-ancestors *.perkspot.com
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET

GET
H2 200 2b1ecf
hello.myfonts.net/count/ 0
352 B 65ms
28ms Stylesheet
text/css 2606:4700::6811:f349
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hello.myfonts.net/count/2b1ecf
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:f349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:06 GMT
server: cloudflare
age: 1
expect-ct: null
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 6f54336ccda723f7-ZRH
content-length: 0
expires: Sat, 01 Apr 2023 20:51:06 GMT

GET
H/1.1 200
OK core
walgreens.perkspot.com/Content/css/ 198 KB
54 KB 123ms
121ms Stylesheet
text/css 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/Content/css/core?v=22.3.55607.1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

94c6483dadce933e499cc7f0a7cbd22d2565bbaf160f19086d55bd2e2df69f7b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 20:51:05 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Expires: -1
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: no-cache
Content-Security-Policy: frame-ancestors *.perkspot.com
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 55078
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK perxcss.css
walgreens.perkspot.com/Content/sass/ 525 KB
58 KB 337ms
114ms Stylesheet
text/css 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/Content/sass/perxcss.css?v=22.3.55607.1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

f975e6b7d7f05e2dc2dea38b8b7b7bdc35dfebc93c9f15f763a3326db8713e95

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Content-Encoding: gzip
ETag: "8051a5b54545d81:0"
Last-Modified: Thu, 31 Mar 2022 21:24:31 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Date: Fri, 01 Apr 2022 20:51:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 59205
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK community-css
walgreens.perkspot.com/ 56 KB
11 KB 369ms
131ms Stylesheet
text/css 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/community-css

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

f4769b41850b3447078340a01bff92d5f18e37f667c9b6d273bdb0c1fccbcdbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Expose-Headers: Request-Context
Cache-Control: private
Date: Fri, 01 Apr 2022 20:51:05 GMT
Content-Disposition: attachment; filename=global.css
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 10675
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK insights Show response
walgreens.perkspot.com/bundles/ 4 KB
3 KB 564ms
227ms Script
text/javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/bundles/insights?v=to06oIlwehQWm-xrmEMdoBd0yB91KJAuDMMP4SAO9aI1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

79990ca8962ccf1d3948a73a50bcdc3d4a671ecc49c2f59f2db84cf7c7b552a6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 20:51:06 GMT
Content-Encoding: gzip
Vary: User-Agent,Accept-Encoding
Expires: Sat, 01 Apr 2023 20:51:06 GMT
Last-Modified: Fri, 01 Apr 2022 20:51:06 GMT
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Content-Security-Policy: frame-ancestors *.perkspot.com
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 2628
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H2 200 logo_405.png
psprods3ep.azureedge.net/cdn.perkspot.com/images/communities/ 12 KB
13 KB 161ms
11ms Image
image/png 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://psprods3ep.azureedge.net/cdn.perkspot.com/images/communities/logo_405.png
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8e90f40c2498772e7159835ee29733b3cfbb8a86fc537dc4bef5edb69eeaea8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-meta-createdby: not-implemented
date: Fri, 01 Apr 2022 20:51:06 GMT
x-amz-meta-uploader: S3StorageService
last-modified: Mon, 22 Apr 2019 14:41:19 GMT
server: AmazonS3
x-amz-request-id: B2CQHP3BB6J4YNED
etag: "9d4ef29f4a5366fc457699d4264833d3"
x-azure-ref: 0u2VHYgAAAAB7Fv6NViFrQb3ng1+kcDvbRlJBRURHRTEwMTEANzA3ZDAxY2MtZTQ0NC00MTliLTg3NTktMDhjMjdlNDJkMjU2
x-cache: TCP_HIT
content-type: image/png
cache-control: public, max-age=18000
x-azure-ref-originshield: 0DWNHYgAAAACuba5kh3EmQoru+btK9MAXQU1TMDRFREdFMTgxOQA3MDdkMDFjYy1lNDQ0LTQxOWItODc1OS0wOGMyN2U0MmQyNTY=
accept-ranges: bytes
content-length: 12679
x-amz-id-2: GFy6C9YTL6SB+/C59Es1r1tuGLRsNrEdYzcotHBiyiGbNzxXVd20xyiJC1KDB858qJbk0ZTBoeA=

GET
H2 200 logo_44971.jpg
psprods3ep.azureedge.net/cdn.perkspot.com/images/merchants/ 16 KB
16 KB 168ms
18ms Image
image/jpeg 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://psprods3ep.azureedge.net/cdn.perkspot.com/images/merchants/logo_44971.jpg
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7a58cec4842503db6949177b80ece47d5f5aba937676400675bfea596bc7492b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-meta-createdby: not-implemented
date: Fri, 01 Apr 2022 20:51:06 GMT
x-amz-meta-uploader: api
last-modified: Thu, 16 Jul 2020 16:31:14 GMT
server: AmazonS3
x-amz-request-id: 6YXAGDYKA9SM9TSA
etag: "eea31b3902773b178a36ba617964cafb"
x-azure-ref: 0u2VHYgAAAAADG0aQE/B3RJ4ggFVvqfekRlJBRURHRTEwMTEANzA3ZDAxY2MtZTQ0NC00MTliLTg3NTktMDhjMjdlNDJkMjU2
x-cache: TCP_HIT
content-type: image/jpeg
cache-control: public, max-age=172800
x-azure-ref-originshield: 0FmRHYgAAAACRQgCCWvPKRLU/5/jVKJ83QU1TMDRFREdFMTgwOAA3MDdkMDFjYy1lNDQ0LTQxOWItODc1OS0wOGMyN2U0MmQyNTY=
accept-ranges: bytes
content-length: 16032
x-amz-id-2: TR8K5Tq7aveOmSnR1KAJLYTX/DQ3T07VBKYey33GRTKFyHL59Zl5JPvon7GlII0JHXLS3i3NZIs=

GET
H/1.1 200
OK video.min.js Show response
walgreens.perkspot.com/Scripts/libraries/ 507 KB
140 KB 114ms
113ms Script
application/x-javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/Scripts/libraries/video.min.js

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d9aeeae782fdde78411155839930b81c16fa4154002c1573462fa61806910409

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Content-Encoding: gzip
ETag: "807ed6b64545d81:0"
Last-Modified: Thu, 31 Mar 2022 21:24:33 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Date: Fri, 01 Apr 2022 20:51:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 143375
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK video-js.min.css
walgreens.perkspot.com/Content/css/libraries/ 39 KB
10 KB 114ms
114ms Stylesheet
text/css 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/Content/css/libraries/video-js.min.css

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

fdf5dfab742b9d6c8c626174cd7e8899d2350d3ada34202ad6f3e87dadabb36c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Content-Encoding: gzip
ETag: "80ab7b84545d81:0"
Last-Modified: Thu, 31 Mar 2022 21:24:35 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Date: Fri, 01 Apr 2022 20:51:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 10275
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK jquery Show response
walgreens.perkspot.com/bundles/ 826 KB
314 KB 146ms
145ms Script
text/javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/bundles/jquery?v=RoLe5u4M4BcWdot36PxLn5G-v6C74ojSrxDQ677T6DQ1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

1523a004df491d0f20d413bb4a23f5ca97fdfb17fe3d29ab571c822bff407bb8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Content-Encoding: gzip
Vary: User-Agent,Accept-Encoding
Expires: Sat, 01 Apr 2023 20:51:06 GMT
Last-Modified: Fri, 01 Apr 2022 20:51:06 GMT
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Transfer-Encoding: chunked
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Date: Fri, 01 Apr 2022 20:51:06 GMT
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK jqueryval Show response
walgreens.perkspot.com/bundles/ 40 KB
16 KB 120ms
118ms Script
text/javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/bundles/jqueryval?v=YzRBe6gfD164-CLYW2zoB8py-eOZPLHUgoPct44VgDo1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

40f2d552c0db3ead874ec52bf624d9ec88007d8b659cd7189fecc3ff19d3d248

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 20:51:06 GMT
Content-Encoding: gzip
Vary: User-Agent,Accept-Encoding
Expires: Sat, 01 Apr 2023 20:51:06 GMT
Last-Modified: Fri, 01 Apr 2022 20:51:06 GMT
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Content-Security-Policy: frame-ancestors *.perkspot.com
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 15663
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK bootstrap Show response
walgreens.perkspot.com/bundles/ 41 KB
14 KB 342ms
117ms Script
text/javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/bundles/bootstrap?v=7jtbseVPa_P_wxk-ANB0JbEiqz4vMc1fIXNwp0ieQEk1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

60035f8d3292fc0b3155089baabc76fce2178f8d104ef606e4e31cbe0a2803b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 20:51:06 GMT
Content-Encoding: gzip
Vary: User-Agent,Accept-Encoding
Expires: Sat, 01 Apr 2023 20:51:07 GMT
Last-Modified: Fri, 01 Apr 2022 20:51:07 GMT
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Content-Security-Policy: frame-ancestors *.perkspot.com
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 14262
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK modernizr Show response
walgreens.perkspot.com/bundles/ 11 KB
6 KB 349ms
116ms Script
text/javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/bundles/modernizr?v=K-FFpFNtIXPUlQamnX3qHX_A5r7TM2xbAgcuEmpm3O41

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

9f0fab72c8a1fea1df1d6c5d128115031a8c44ccbc7f37e314acee6acb98779b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 20:51:07 GMT
Content-Encoding: gzip
Vary: User-Agent,Accept-Encoding
Expires: Sat, 01 Apr 2023 20:51:07 GMT
Last-Modified: Fri, 01 Apr 2022 20:51:07 GMT
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Content-Security-Policy: frame-ancestors *.perkspot.com
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 5284
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK perkspot.interstitial Show response
walgreens.perkspot.com/bundles/ 293 B
871 B 173ms
129ms Script
text/javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/bundles/perkspot.interstitial?v=28sMf-4eikWGwH8jT73aNOieIJ5dmnbjZqY22C7OpPY1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

494c930541fbc70c38fdfc729200fa32feab910a67d1132062add8519e69280a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 20:51:06 GMT
Content-Encoding: gzip
Vary: User-Agent,Accept-Encoding
Expires: Sat, 01 Apr 2023 20:51:07 GMT
Last-Modified: Fri, 01 Apr 2022 20:51:07 GMT
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Content-Security-Policy: frame-ancestors *.perkspot.com
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 297
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK addtohomescreen Show response
walgreens.perkspot.com/bundles/ 9 KB
4 KB 179ms
120ms Script
text/javascript 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/bundles/addtohomescreen?v=dQY7ReEN3P6AvpTV4mVTeWSR8WQitK0nH1fxax2VNoA1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

65e4d18477e0e194ae2b3848fe053621a40508eeb817ab8c832b8005edd2c6af

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 20:51:06 GMT
Content-Encoding: gzip
Vary: User-Agent,Accept-Encoding
Expires: Sat, 01 Apr 2023 20:51:07 GMT
Last-Modified: Fri, 01 Apr 2022 20:51:07 GMT
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Expose-Headers: Request-Context
Cache-Control: public
Content-Security-Policy: frame-ancestors *.perkspot.com
Request-Context: appId=cid-v1:12044e8b-5494-457f-8033-cf6208c05b82
Content-Length: 3536
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 121 KB
43 KB 83ms
22ms Script
application/javascript 99.84.158.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.158.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-158-11.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:48:01 GMT
content-encoding: gzip
last-modified: Tue, 08 Jun 2021 04:22:34 GMT
server: AmazonS3
age: 186
etag: W/"b22b4f4738e8722be1636447be239da2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 03c38fb105b43128049da1df5835ab5e.cloudfront.net (CloudFront)
cache-control: max-age=600; must-revalidate
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: 18o6QQeFWPq8y61ddXIZBs66-59sLmCOy2-d5lXT1M-CzUfG1GLZfQ==

GET
H/1.1 200
OK rollbar.min.js Show response
cdn.rollbar.com/rollbarjs/refs/tags/v2.21.1/ 75 KB
23 KB 43ms
7ms Script
application/javascript 13.32.99.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.21.1/rollbar.min.js
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-9.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eee2bc6e4edf311a6a0337c339dbd85d0d8d4040b25e390ab18237e2fa84f1c9

Request headers

Referer: https://walgreens.perkspot.com/
Origin: https://walgreens.perkspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 06:56:03 GMT
Content-Encoding: gzip
Age: 309304
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Access-Control-Allow-Origin: *
Last-Modified: Wed, 17 Mar 2021 15:55:23 GMT
Server: AmazonS3
ETag: W/"62dacaf8a5369242def33a2dcc503021"
Vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
Cache-Control: max-age=30672000,public
X-Amz-Cf-Pop: FRA60-P3
X-Amz-Cf-Id: tgBb5u4ahiOZfKEYtiwZhUrHYFZJek3fXIqPC3MV0JMbP6N9dM1RIg==

GET
H2 200 dc.js Show response
stats.g.doubleclick.net/ 45 KB
17 KB 61ms
19ms Script
text/javascript 2a00:1450:400c:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5534
date: Fri, 01 Apr 2022 19:18:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17093
expires: Fri, 01 Apr 2022 21:18:53 GMT

GET
H2 200 heap-1214792821.js Show response
cdn.heapanalytics.com/js/ 121 KB
45 KB 68ms
11ms Script
application/javascript 13.32.121.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.heapanalytics.com/js/heap-1214792821.js

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-41.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

03666829b209fdd936bcbb7429efce57d6b0ab7f3a3fb74710137dbaf284709f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:50:54 GMT
content-encoding: gzip
server: nginx
age: 13
etag: W/"1e537-LSwaEzdxFz/dCZaEgqypDQ"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
cache-control: public, max-age=120
x-amz-cf-pop: FRA60-P1
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: z4jY7iahm6XDGlT9Xu9B0Bgk94JdBWYn2b3dfPISkzGiWys16HHQDA==

GET
H2 200 tune.js Show response
js.go2sdk.com/v2/ 18 KB
18 KB 86ms
21ms Script
application/javascript 18.64.115.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.go2sdk.com/v2/tune.js
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.115.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-115-56.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cca8ce472cbf8c44acf7ac24067c2d6075acd1e0cd4c9003de6055289ac5c68a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 b9d6da6afb687529eac0ec6c19319d48.cloudfront.net (CloudFront)
etag: "074c9e70b17ef9db8aced963fef4e2d9"
last-modified: Wed, 06 Jan 2021 18:55:14 GMT
server: AmazonS3
age: 50031
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 01 Apr 2022 06:57:24 GMT
x-amz-cf-pop: TXL50-P4
accept-ranges: bytes
content-length: 17921
x-amz-cf-id: PKcYpyO0Pd_FE-4swU55eeXPVrHOrw1_EstZJcUlD38DAmTplTQGuw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 137 KB
52 KB 39ms
15ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-578DK6

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bb65fea2b7e20a93b4c7ea1d7ac6c9a189641dad2445f9929d6c38afafbcb8e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52525
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Apr 2022 20:51:07 GMT

GET
H/1.1 200
OK 35A1AD_0_0.woff2
walgreens.perkspot.com/Content/fonts/ 28 KB
28 KB 222ms
114ms Font
font/woff2 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/Content/fonts/35A1AD_0_0.woff2

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/Content/sass/perxcss.css?v=22.3.55607.1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

42ae1eb8cc55b4e2382e02323c96a40e80432d3e810bce85f10c75ddacbd2e2b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://walgreens.perkspot.com/Content/sass/perxcss.css?v=22.3.55607.1
Origin: https://walgreens.perkspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Last-Modified: Thu, 31 Mar 2022 21:24:30 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "901117b54545d81:0"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
Date: Fri, 01 Apr 2022 20:51:07 GMT
Accept-Ranges: bytes
Content-Length: 28718
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK fontawesome-webfont.woff2
walgreens.perkspot.com/Content/fonts/ 69 KB
69 KB 231ms
115ms Font
font/woff2 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/Content/fonts/fontawesome-webfont.woff2?v=4.6.1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/Content/css/core?v=22.3.55607.1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://walgreens.perkspot.com/Content/css/core?v=22.3.55607.1
Origin: https://walgreens.perkspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Last-Modified: Thu, 31 Mar 2022 21:24:30 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "8b5b43b54545d81:0"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
Date: Fri, 01 Apr 2022 20:51:06 GMT
Accept-Ranges: bytes
Content-Length: 70728
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H/1.1 200
OK 35A1AD_3_0.woff2
walgreens.perkspot.com/Content/fonts/ 41 KB
41 KB 318ms
115ms Font
font/woff2 168.62.244.248
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://walgreens.perkspot.com/Content/fonts/35A1AD_3_0.woff2

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/Content/sass/perxcss.css?v=22.3.55607.1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

168.62.244.248 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

255733aa26ecbe1a2608fc086d6b510fafce3647ad1ddf22392c390a1306e640

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://walgreens.perkspot.com/Content/sass/perxcss.css?v=22.3.55607.1
Origin: https://walgreens.perkspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.perkspot.com
Last-Modified: Thu, 31 Mar 2022 21:24:30 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "905a27b54545d81:0"
X-Frame-Options: SAMEORIGIN
Content-Type: font/woff2
Date: Fri, 01 Apr 2022 20:51:06 GMT
Accept-Ranges: bytes
Content-Length: 42010
X-Content-Security-Policy: frame-ancestors *.perkspot.com

GET
H2 200 ai.2.min.js Show response
az416426.vo.msecnd.net/scripts/b/ 120 KB
40 KB 156ms
39ms Script
text/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/bundles/insights?v=to06oIlwehQWm-xrmEMdoBd0yB91KJAuDMMP4SAO9aI1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6BBE) /
Resource Hash: feb5a95f889fd1ecdabaab0aece26b232bdb83017971c4636dce99105898f318

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-07 00:07:47
content-md5: kIbzAcz/m2O65DekgfwJzw==
age: 387
x-cache: HIT
x-ms-meta-aijssdksrc: [cdn]/scripts/b/ai.2.7.4.min.js
content-length: 40497
x-ms-lease-status: unlocked
last-modified: Wed, 02 Mar 2022 20:08:25 GMT
server: ECAcc (mil/6BBE)
x-ms-meta-aijssdkver: 2.7.4
etag: 0x8D9FC8868AFB46B
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: cc89ee42-201e-0089-2809-4652a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-ms-version: 2009-09-19
expires: Fri, 01 Apr 2022 21:21:07 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=267050035&utmhn=walgreens.perkspot.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utm...
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-652375-6&cid=794515305.1648846267&jid=393959800&_v=5.7.2dc&z=267050035
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-652375-6&cid=794515305.1648846267&jid=393959800&_v=5.7.2dc&z=267050035&slf_rd=1&random=1535961764

42 B
501 B

50ms
24ms

Image
image/gif

2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-652375-6&cid=794515305.1648846267&jid=393959800&_v=5.7.2dc&z=267050035&slf_rd=1&random=1535961764

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-652375-6&cid=794515305.1648846267&jid=393959800&_v=5.7.2dc&z=267050035&slf_rd=1&random=1535961764
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 176 KB
65 KB 33ms
17ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8J161FED5Z&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-578DK6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f5737dd842ce630392146b7fbde4ec1ac50e9cc436fae3627d09925237f48f12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66066
x-xss-protection: 0
expires: Fri, 01 Apr 2022 20:51:07 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 46ms
23ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-578DK6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

9616865a4344d7bd7631fb93925d422d89ea1db93bc52f9d217354841c2bdf3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14883
x-xss-protection: 0
server: cafe
etag: 14534967036905587165
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 01 Apr 2022 20:51:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-578DK6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2781
date: Fri, 01 Apr 2022 20:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 01 Apr 2022 22:04:46 GMT

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 288 B
498 B 103ms
103ms Fetch
application/json 99.83.154.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0&page=utm_medium%3Demail&page=utm_id%3Dweeklyblast&messageId=27080417.4496367&userIdKey=hid&userIdValue=b53047f737df0c42086e5eed8e8c3d46622660706962f425044a378a5698660defe270fbb25b37f69fd07f15
Requested by: Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.21.1/rollbar.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: 95485d7a237619eb6a05c4e0513a3ab33ab1cf3d782d0f222464fa00cba8c45c

Request headers

x-lib-version: v1.0.1
Accept-Language: de-DE,de;q=0.9
authorization: Bearer 294681006d1c69c4a7d06d0165dc3500
content-type: application/json
accept: application/json
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-referring-url: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 197
allowedmethods: GET,OPTIONS
expires: -1

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 308ms
96ms Preflight
text/plain 99.83.154.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0&page=utm_medium%3Demail&page=utm_id%3Dweeklyblast&messageId=27080417.4496367&userIdKey=hid&userIdValue=b53047f737df0c42086e5eed8e8c3d46622660706962f425044a378a5698660defe270fbb25b37f69fd07f15
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method: GET
Origin: https://walgreens.perkspot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin: https://walgreens.perkspot.com
access-control-max-age: 1800
allow: HEAD,GET,OPTIONS
content-length: 18
content-type: text/plain
date: Fri, 01 Apr 2022 20:51:07 GMT

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 22ms
8ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 19:59:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3087
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 01 Apr 2022 20:59:40 GMT

GET
BLOB 200
OK b7191126-3d9d-47c8-8a07-6076f4893aa8
https://walgreens.perkspot.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://walgreens.perkspot.com/b7191126-3d9d-47c8-8a07-6076f4893aa8
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-8J161FED5Z&gtm=2oe3u0&_p=20688138&sr=1600x1200&ul=en-us&cid=794515305.1648846267&_s=1&dl=https%3A%2F%2Fwalgreens.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&dt=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&sid=1648846267&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8J161FED5Z&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://walgreens.perkspot.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/978685899/ 3 KB
2 KB 45ms
23ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/978685899/?random=1648846267205&cv=9&fst=1648846267205&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3u0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwalgreens.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&tiba=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

058077732f7d331b041540d0a01ef7d72d977a7895da466d515e0348b07ab54d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1149
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 20ms
20ms XHR
text/plain 2a00:1450:400c:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-652375-6&cid=794515305.1648846267&jid=1020834538&uid=26743991&gjid=1853075299&_gid=450164611.1648846267&_u=aSBCgAAjAAAAAE~&z=1366875399

Requested by

Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.21.1/rollbar.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://walgreens.perkspot.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 01 Apr 2022 20:51:07 GMT
content-type: text/plain
access-control-allow-origin: https://walgreens.perkspot.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=20688138&t=pageview&_s=1&dl=https%3A%2F%2Fwalgreens.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&ul=en-us&de=UTF-8&dt=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=196031274.794515305.1648846267.1648846267.1648846267.1&_utmz=196031274.1648846267.1.1.utmcid%3Dweeklyblast%7Cutmccn%3D(not%2520set)%7Cutmcmd%3Demail&_utmht=1648846267209&_u=aSBCgAAj~&jid=1020834538&gjid=1853075299&cid=794515305.1648846267&uid=26743991&tid=UA-652375-6&_gid=450164611.1648846267&gtm=2wg3u0578DK6&z=171201761

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 16:31:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 15555
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 38ms
19ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-652375-6&cid=794515305.1648846267&jid=1020834538&_u=aSBCgAAjAAAAAE~&z=547932735

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 35ms
18ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-652375-6&cid=794515305.1648846267&jid=1020834538&_u=aSBCgAAjAAAAAE~&z=547932735

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/978685899/ 42 B
64 B 21ms
20ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/978685899/?random=1648846267205&cv=9&fst=1648843200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3u0&sendb=1&frm=0&url=https%3A%2F%2Fwalgreens.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&tiba=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&async=1&fmt=3&is_vtc=1&random=3878016863&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/978685899/ 42 B
64 B 21ms
21ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/978685899/?random=1648846267205&cv=9&fst=1648843200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3u0&sendb=1&frm=0&url=https%3A%2F%2Fwalgreens.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&tiba=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&async=1&fmt=3&is_vtc=1&random=3878016863&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

asset_composer.js Show response
static.zdassets.com/ekr/ Frame A96C
Redirect Chain

https://assets.zendesk.com/embeddable_framework/main.js
https://static.zdassets.com/ekr/asset_composer.js

20 KB
6 KB

35ms
17ms

Script
application/javascript

104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/asset_composer.js

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f1d6d4cc75e4aa9496b424cd30b080acfdc983a42910afcd0069560cf2b11d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: TSCBBGC8AJDCK15Q
x-amz-id-2: 3deHm0AskH12DTjWTMzkyOCVTevdlj9P4AL6ifCJFt6pfPPXFbVilvkE7uy/P8bMqSVBFkJWv4A=
last-modified: Wed, 02 Mar 2022 22:42:26 GMT
server: cloudflare
etag: W/"b687c8c87e4bb1d316102239ec8bdb5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9L00qeXmYBkWfrUdU%2FhZzrmUBobEycjsB1TCX7y%2FPWEGyNaEgBRepPIXbs%2BrlmdWiTPzmBCW15kfNlm7J51ygU6OwYOfhnd%2FkXSSNkAfvXu1KOhnN8%2Fmlf%2BWVYbBNoONio1gLcU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: rXde8s8BlECdf5RKhFwYf.Kqlg9PwoNh
cf-ray: 6f543373db1990ac-FRA

Redirect headers

date: Fri, 01 Apr 2022 20:51:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rk2JXxT%2BNRAT30RDtuPcb8UT7bc5PvGNQUpXpkqZjNbYkGxD2r824XO2I%2Fg3%2FdNlStgsZip%2B3a%2Bds19jeJooGtYjMJhA2H8rfuF8LeupdMT21tKo9AYyHab9ueJ9s48ZckWCTA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://static.zdassets.com/ekr/asset_composer.js
cache-control: max-age=3600
strict-transport-security: max-age=0
cf-ray: 6f543373ae549229-FRA
expires: Fri, 01 Apr 2022 21:51:07 GMT

GET
H2 200 telemetry
heapanalytics.com/api/ 37 B
259 B 300ms
97ms Image
image/gif 3.213.41.181
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/api/telemetry?a=1214792821&te=type&te=data&te=cm&te=eventPropertiesTelemetry%20-%20added%20new%20properties&te=val&te=2&st=1648846267394&hv=4.17.1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.213.41.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-41-181.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
server: nginx
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 95ms
95ms Preflight
text/plain 99.83.154.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=2&isMobile=0&page=utm_medium%3Demail&page=utm_id%3Dweeklyblast&messageId=27080417.4496367&userIdKey=hid&userIdValue=b53047f737df0c42086e5eed8e8c3d46622660706962f425044a378a5698660defe270fbb25b37f69fd07f15
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method: GET
Origin: https://walgreens.perkspot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin: https://walgreens.perkspot.com
access-control-max-age: 1800
allow: HEAD,GET,OPTIONS
content-length: 18
content-type: text/plain
date: Fri, 01 Apr 2022 20:51:07 GMT

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 288 B
496 B 102ms
102ms Fetch
application/json 99.83.154.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=2&isMobile=0&page=utm_medium%3Demail&page=utm_id%3Dweeklyblast&messageId=27080417.4496367&userIdKey=hid&userIdValue=b53047f737df0c42086e5eed8e8c3d46622660706962f425044a378a5698660defe270fbb25b37f69fd07f15
Requested by: Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.21.1/rollbar.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: 99aeb70a4dd2f63436785c821aca7ac0565eae70ad93fee876e79b8014943731

Request headers

x-lib-version: v1.0.1
Accept-Language: de-DE,de;q=0.9
authorization: Bearer 294681006d1c69c4a7d06d0165dc3500
content-type: application/json
accept: application/json
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-referring-url: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 195
allowedmethods: GET,OPTIONS
expires: -1

GET
H2 200 h
heapanalytics.com/ 37 B
258 B 239ms
98ms Image
image/gif 3.213.41.181
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/h?a=1214792821&u=8566430518393329&v=8525280637679062&s=2370300631419418&b=web&tv=4.0&z=0&h=%2Foffer%2F1431609%2Fnone&q=%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&d=walgreens.perkspot.com&t=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&um=email&k=CommunityId&k=405&k=StatusId&k=2&ts=1648846267452&st=1648846267453

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.213.41.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-41-181.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
server: nginx
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

GET
H2 200 identify_v3
heapanalytics.com/api/ 37 B
258 B 240ms
99ms Image
image/gif 3.213.41.181
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/api/identify_v3?a=1214792821&u=8566430518393329&v=8525280637679062&s=2370300631419418&i=26743991&b=web&tv=4.0&z=0&st=1648846267455

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.213.41.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-41-181.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
server: nginx
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

GET
H2 200 add_user_properties_v3
heapanalytics.com/api/ 37 B
258 B 239ms
98ms Image
image/gif 3.213.41.181
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heapanalytics.com/api/add_user_properties_v3?a=1214792821&u=8566430518393329&v=8525280637679062&s=2370300631419418&i=26743991&b=web&tv=4.0&_CommunityId=405&_StatusId=2&st=1648846267455

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.213.41.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-41-181.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:07 GMT
server: nginx
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 37

GET
H2 200 perkspot.zendesk.com Show response
ekr.zdassets.com/compose/web_widget/ Frame A96C 619 B
1 KB 722ms
684ms XHR
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/web_widget/perkspot.zendesk.com

Requested by

Host: assets.zendesk.com
URL: https://assets.zendesk.com/embeddable_framework/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc1708ac299032b5ad6ee01fe199b5a82674fb04c3780afbf0150a54d1764ee7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Origin, Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
status: 200 OK
access-control-allow-methods: GET, POST, OPTIONS
strict-transport-security: max-age=0
x-request-id: 19b62720-9ecf-4017-bcc1-e73f9f00bdb1
x-runtime: 0.003282
server: cloudflare
etag: W/"dc1708ac299032b5ad6ee01fe199b5a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uWUhEKunUwzWY%2FVp8X3k2ci2AhicOLXgFZCYlxz4poRt9wXb7tot0w98cMoL2a9jkDNOp20KaT%2FXyaIdjcVYSZ%2FwTSBfjKlsdzis4JsODR32d8n3Nj2j4ZzRBzdkt65biO4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=600, public, s-maxage=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray: 6f5433743baa91d5-FRA

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ Frame 0
0 188ms
14ms Preflight 13.69.106.89
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.69.106.89 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sdk-context
Access-Control-Request-Method: POST
Origin: https://walgreens.perkspot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Fri, 01 Apr 2022 20:51:07 GMT
x-content-type-options: nosniff

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
303 B 314ms
314ms XHR
application/json 13.69.106.89
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: cdn.rollbar.com
URL: https://cdn.rollbar.com/rollbarjs/refs/tags/v2.21.1/rollbar.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.69.106.89 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

746801e81f62e92a886d8ddd2166ddc7f6cbf15e7ebd653f9005f188315ecf51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://walgreens.perkspot.com/
Accept-Language: de-DE,de;q=0.9
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 2D225828-4ED0-4252-95A2-15E4D865FA1F
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Fri, 01 Apr 2022 20:51:08 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length: 96

GET
H2 200 web-widget-framework-40cac614c9635fb7d134.js Show response
static.zdassets.com/web_widget/latest/ Frame 2200 212 KB
71 KB 44ms
43ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/web-widget-framework-40cac614c9635fb7d134.js

Requested by

Host: assets.zendesk.com
URL: https://assets.zendesk.com/embeddable_framework/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1ae643ca558d78642160bd62f18692a1afa42c41b17d42b6dc1bc33888f20ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65783
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: G8W2TSNPQK7M3YH0
x-amz-id-2: 3TYK47juX2RDdeQ6J6EThWYkKw8td3sLFEy6NR4kk9sUwDfyGDa7Oo/tokt6q6O5Lm/sEpFIedE=
last-modified: Fri, 01 Apr 2022 01:57:00 GMT
server: cloudflare
etag: W/"d5f484486f2c58b72b64717cba2a6608"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TqwWACa8v3gbpzAfbyiz2epzcWKb6xB4OUty%2FwuoLjvujyKRPvPlZT%2F%2FkfZINUNzew%2FMlZf6hbYNLmsNC3KKSHYP3RLWaiZMxHaV1rLZ2fbBDugc9TiH7F4seYgD7MndwkNde1w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: tJdq_Hc3X6G7EOFsJdPmGpaeRSNv_abW
cf-ray: 6f543378a8d090ac-FRA
expires: Sat, 01 Apr 2023 01:56:59 GMT

GET
H2 200 web-widget-chat-sdk-58987df92c8073e96c0f.js Show response
static.zdassets.com/web_widget/latest/ Frame 2200 203 KB
52 KB 32ms
31ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/web-widget-chat-sdk-58987df92c8073e96c0f.js

Requested by

Host: assets.zendesk.com
URL: https://assets.zendesk.com/embeddable_framework/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6cd361fc4dd2ddf8db6c3ea7d3e8e62d38832bd9336e595aafa4abcd024b1ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5748992
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: NSATTV999AET4VDF
x-amz-id-2: Ytbxxsm/pwPLhl5fJj+3RVKer/FjRfqHu4DsEV3qREk0hzV70QZ4M88VNyiBOTaOFF6Uvd+fxHw=
last-modified: Tue, 25 Jan 2022 04:20:35 GMT
server: cloudflare
etag: W/"f4e9b6a21f729895e00473e7f3947ed7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ia3%2F2ilEbGAVlP3K%2FhgSadO0p7l4rkdyg6Ii9sv2wFUNuLzftrhrl4LyekA47yrnIah3tfxaRnTy2itWckx%2FoadObuUsu8teedPfRPOFF1cG7A%2F5vu2LOVNJk%2F1FMKyiN7jCgac%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: hO1DIHORch6.DP3H4BMDsmSFesw.pN9O
cf-ray: 6f543378a8d490ac-FRA
expires: Wed, 25 Jan 2023 04:20:34 GMT

GET
H2 200 web-widget-talk-sdk-4429ef381d9945ea330b.js Show response
static.zdassets.com/web_widget/latest/ Frame 2200 69 KB
20 KB 22ms
21ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/web-widget-talk-sdk-4429ef381d9945ea330b.js

Requested by

Host: assets.zendesk.com
URL: https://assets.zendesk.com/embeddable_framework/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b35d3e897a1a8f22d150d817221e7f2e67a389e78700951288ddd39622bc26b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2773021
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 3VXTQ3C2MV8838JD
x-amz-id-2: bKYUgHaLZypTLa6Vp29MKWypppLXRMa715czAhOAZn8wP06j+MMHmiJC7tQteF4NqvfM23nyg0I=
last-modified: Mon, 28 Feb 2022 03:30:48 GMT
server: cloudflare
etag: W/"91f254b8f1663ed198dc9a9c9ee15c84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iA8EXFW%2B4h94XWIh2zRPshPmbKzluZqDTvLQPrPKf0NEiVbGLlmp38t3Jir%2BeKOfhTcCxv3RpS0Ar7xTzSWxGbz4N5h78QQvVRel8VRJydHpYLrtweCVTeErBX7xGe5r0zBXBAE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: aikfibxBK2DgXUSiK2sWs1SDeJPVy6YN
cf-ray: 6f543378a8d590ac-FRA
expires: Tue, 28 Feb 2023 03:30:47 GMT

GET
H2 200 config Show response
perkspot.zendesk.com/embeddable/ Frame 2200 815 B
1 KB 68ms
33ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://perkspot.zendesk.com/embeddable/config

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-40cac614c9635fb7d134.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49f9413fd8c892755d42514aa696d6237a9fa17ceed0d73a42784447d84d8078

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
x-envoy-decorator-operation: embeddable.embeddable.svc.cluster.local:80/*
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19
x-zendesk-origin-server: embeddable-app-server-8965f9f49-xg6kx
x-envoy-upstream-service-time: 4
zendesk-api-version: 2022-01-01
access-control-allow-methods: GET
content-encoding: br
vary: Origin, Accept-Encoding
x-cached: STALE
x-request-id: 6f542dcb0ea8906c-FRA
x-runtime: 0.001335
last-modified: Fri, 01 Apr 2022 20:50:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSBQZWaHcrAFgBa7yDlVDACFdvMAqIkEYeiKqnK4P5XZr%2BswiVAA4Z19it4mpTc1MJC3n6scuBPL0CW3dshsF%2Fb6icIpy1s%2BqsLUwltRPYCZtqzSSyUxYCp%2F59KbWb3pOZ3Xt4m1"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray: 6f5433795f2b690f-FRA

GET
H2 200 web-widget-classic-a41eaa2.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame 2200 13 KB
5 KB 37ms
37ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-a41eaa2.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-40cac614c9635fb7d134.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

589ac21ac5bc519525e3cbefa2c11586e687584a5e603ef6bdad879b82f16aae

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65783
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: G8W3RJ5ZGTPYZE95
x-amz-id-2: kwNo52+Se5j9CNfd796RkxPiSsH6VMOTRJQhvKzanXlQAbTh7ITQ9WW4as5j5GazjgvXNWGpjoI=
last-modified: Fri, 01 Apr 2022 02:02:27 GMT
server: cloudflare
etag: W/"89bc070dca0e7792b26f7c06100313b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7q%2FxCTLTFWccBZXoCtWtjpBeXOR%2FhX5dWKxSN2F2LwQtAOv%2BVvh2IaOuJ2PINBiwvZ4J3bsZnBW5QsAvrj88icPMbOLGhd2CazzYdvxJAqsPDtKfStv6eX1o%2BqmTw7QnuLEBf04%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 1GLj5RAsA5k9pIdMVox6acaorXRSMUsY
cf-ray: 6f54337999d890ac-FRA
expires: Sat, 01 Apr 2023 02:02:26 GMT

GET
H2 200 web-widget-1561-a41eaa2.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame 2200 608 KB
184 KB 43ms
43ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-1561-a41eaa2.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-a41eaa2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76e71ed72e054dbe4cd97c84a89a38a2ddd333b9fdf42d69844fef0f518afab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65783
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: G8W0MC2PXJNZDCDK
x-amz-id-2: rsHkjDxmp8lFP2YTAH+cXBRqlEdVAX+4doj/DhSRUTLj2qA6RPeZKlronSOKAvRIDcbyuXp5tys=
last-modified: Fri, 01 Apr 2022 02:03:20 GMT
server: cloudflare
etag: W/"6b0a1ed2e89075faddaf5dabffb3fcb3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7onMjrmyHR93Gl7%2FS8CSsWPqpzAto2cwQ54yVtqfhcvXKjIalENKmxkT%2BB7lFEx5YbJUCpTYZaawj4F4AtogS2UiPOWRqnlLGV0704aYc21JhVhSJi9dMGreEVsTSHi%2BSjEQPHE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: jc2ak0bWmeRCK_ZE.VMNg3.wTDTK8axY
cf-ray: 6f543379da2890ac-FRA
expires: Sat, 01 Apr 2023 02:03:19 GMT

GET
H2 200 web-widget-4794-a41eaa2.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame 2200 463 KB
104 KB 32ms
32ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-4794-a41eaa2.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-a41eaa2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be5b5141456b2b6b10ebfbb4a9f686eb68871f65186c39ffade85cfd84ccda4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65783
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: G8WD5EPM0TP5GJ95
x-amz-id-2: uL4EDW0jydNRStTOWWMsw5/3kZsJebg4urEmLsJzisCwQDx/uz5pPlQloYNazgvXMRE8frr/al4=
last-modified: Fri, 01 Apr 2022 02:03:19 GMT
server: cloudflare
etag: W/"2baa7713105dccf17648ef1accb953d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b81RGl5uALoJOR1I6Me1NWWFuZ%2BXtpDh8gV6k4XzUU%2FWPdkPSyg0oBWuG8llLpfyLX1YqJTfrcuHHI3HsTLGRURLYDqlJznKzKxAav1WHJMPVW4WcxrrvrhRJpRNsFjZNPWQFYg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 0W8cmVVT7BRBp3ZYF5sJoZmetX5MJ3bE
cf-ray: 6f543379da2b90ac-FRA
expires: Sat, 01 Apr 2023 02:03:18 GMT

GET
H2 200 embeddable_blip Show response
perkspot.zendesk.com/ Frame 2200 0
374 B 178ms
178ms XHR
text/plain 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://perkspot.zendesk.com/embeddable_blip?type=analytics&data=eyJhbmFseXRpY3MiOnsidmFsdWUiOnsicmF3Q2xpZW50TG9jYWxlIjoiZW4tVVMiLCJyYXdTZXJ2ZXJMb2NhbGUiOiJkZS1ERSIsImNsaWVudExvY2FsZSI6ImVuLXVzIiwic2VydmVyTG9jYWxlIjoiZGUtZGUiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAwLjAuNDg5Ni42MCBTYWZhcmkvNTM3LjM2IiwiaXNNb2JpbGUiOmZhbHNlfSwiYWN0aW9uIjoibG9jYWxlTWlzbWF0Y2giLCJjYXRlZ29yeSI6ImxvY2FsZSJ9LCJidWlkIjoiN2VhODdhYWE2NTg4NDRkMGI4YjcxMjExY2I4ZDcxMmYiLCJzdWlkIjoiY2VhYTc5MTg3ZTFhNDBkZWIzZTUyNTI1NGI0MTY3YjciLCJ2ZXJzaW9uIjoiYTQxZWFhMiIsInRpbWVzdGFtcCI6IjIwMjItMDQtMDFUMjA6NTE6MDguNTc4WiIsInVybCI6Imh0dHBzOi8vd2FsZ3JlZW5zLnBlcmtzcG90LmNvbSJ9

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-40cac614c9635fb7d134.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time: 0
zendesk-api-version: 2022-01-01
content-length: 0
x-zendesk-zorg: yes
x-request-id: 80f1a3812eb4eb6e02a5026235a74430
last-modified: Fri, 01 Apr 2022 20:51:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ivjYo3wAPcfD0M3X%2FOmmbu2Vv6GdLuArZvOio5kifs%2F5QfmxQwWq9fXDV3zWM7TzzBr2s0W80kJtr%2BXP%2BNLH2hplxozPlSR74Af%2B9Bv8uwF8hI4ELXbHEkl7nel392lSTrIfrKxm"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://walgreens.perkspot.com
accept-ranges: bytes
cf-ray: 6f54337aa904690f-FRA

GET
H2 200 embeddable_blip Show response
perkspot.zendesk.com/ Frame 2200 0
428 B 598ms
597ms XHR
text/plain 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://perkspot.zendesk.com/embeddable_blip?type=settings&data=eyJzZXR0aW5ncyI6eyJ3ZWJXaWRnZXQiOnsib2Zmc2V0Ijp7Imhvcml6b250YWwiOiI1cHgiLCJ2ZXJ0aWNhbCI6IjVweCIsIm1vYmlsZSI6eyJob3Jpem9udGFsIjoiNXB4IiwidmVydGljYWwiOiI1cHgifX0sInpJbmRleCI6MTk5OX19LCJidWlkIjoiN2VhODdhYWE2NTg4NDRkMGI4YjcxMjExY2I4ZDcxMmYiLCJzdWlkIjoiY2VhYTc5MTg3ZTFhNDBkZWIzZTUyNTI1NGI0MTY3YjciLCJ2ZXJzaW9uIjoiYTQxZWFhMiIsInRpbWVzdGFtcCI6IjIwMjItMDQtMDFUMjA6NTE6MDguNTg1WiIsInVybCI6Imh0dHBzOi8vd2FsZ3JlZW5zLnBlcmtzcG90LmNvbSJ9

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-40cac614c9635fb7d134.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:09 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time: 0
zendesk-api-version: 2022-01-01
content-length: 0
x-zendesk-zorg: yes
x-request-id: 02032c53f786a44001810175de621d29
last-modified: Fri, 01 Apr 2022 20:51:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QGG30NDX%2F38Qw3k0niDmHgRxnemFhWB%2BmxV%2FAJhsgnq7%2B0S8TPY%2BEsLcX0TtbkgvTmGhBGqV4LwClR4jLhshed7K2C3xLVo7%2Fken949XMUbm5ZyEHIu37Toeo4W9x8q5WTUlPPSL"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://walgreens.perkspot.com
accept-ranges: bytes
cf-ray: 6f54337aa90d690f-FRA

GET
H2 200 de-de-json-a41eaa2.js Show response
static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/ Frame 2200 28 KB
7 KB 29ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/de-de-json-a41eaa2.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-a41eaa2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98753a47a585b364d46318037a18c5525261dd84fd2075c78ccd06650d660e7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65779
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 4KDPDXDZW50XWKMJ
x-amz-id-2: MJsyyER2gaAZiUDE4kvnUSbxakdEA5MMcsP/hSWDBiDwqjyzOZVyIKh61wNuQgWGCIc2Wzu3Q3s=
last-modified: Fri, 01 Apr 2022 02:02:32 GMT
server: cloudflare
etag: W/"92dd55bc0b79e58bbb059b550a8b2f0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2BkBhfG6sqYS0Q%2BinZoyzsRNYmWxaZHDm6M%2Ba4aRugnU7jft1kOmtqkGJO72ON6LXErVaf563qTGEiAl5IxpG5WY6EiQRf%2BsOzJ0V9JrYEA8%2F950omGeN1LSNlT7MgOA066p6ME%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: BpjptQi__1.GIexG5F3AvuhfUp6wW8DX
cf-ray: 6f54337aab0090ac-FRA
expires: Sat, 01 Apr 2023 02:02:31 GMT

GET
H2 200 web-widget-chat-sdk-a41eaa2.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame 2200 203 KB
52 KB 27ms
26ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-chat-sdk-a41eaa2.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-a41eaa2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c3421df03d44b5d9ee6bcf4bccc63f812a00adc11a7ccaf9abc51eb394afd1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65781
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: FCF2AZ992GS9ZGX2
x-amz-id-2: vmZd4MHQ7LP/9NJajIizlstXuKJNCsub2Kcj837ElaVdp6Np9aEMxeArB/dPfFI23q6majeEL0c=
last-modified: Fri, 01 Apr 2022 02:03:17 GMT
server: cloudflare
etag: W/"c624cabdb69aa0a4168fc7c064b06150"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3uU9ilzQMvnE14YMURYNHMTSaIn8fDLTGd36N59mOZH1dX13ostNOLyYl08SLQ%2FvSidYLkfn0sb7v8A8Wi8LMVZ7Hk%2BaXVaB1ajFfJskUWt%2F0mWJBEPQguPVkp%2BZdCpwkkRpB1I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: JN6hZqgP0ADRmzSVYQQyI_PMAM184iAp
cf-ray: 6f54337aeb6290ac-FRA
expires: Sat, 01 Apr 2023 02:03:16 GMT

GET
H2 200 embeddable_blip Show response
perkspot.zendesk.com/ Frame 2200 0
286 B 182ms
182ms XHR
text/plain 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://perkspot.zendesk.com/embeddable_blip?type=pageView&data=eyJjaGFubmVsIjoid2ViX3dpZGdldCIsInBhZ2VWaWV3Ijp7InJlZmVycmVyIjoiaHR0cHM6Ly93YWxncmVlbnMucGVya3Nwb3QuY29tIiwidGltZSI6NjcsImxvYWRUaW1lIjpudWxsLCJuYXZpZ2F0b3JMYW5ndWFnZSI6ImVuLVVTIiwicGFnZVRpdGxlIjoiWW91J3JlIG9uIHlvdXIgd2F5IHRvIHNhdmluZyBhdCBGaXJzdGxlYWYgV2luZSBDbHViIHwgV2VsY29tZSB0byBUaGUgV2FsZ3JlZW5zIEZhbWlseSBvZiBDb21wYW5pZXMgVGVhbSBNZW1iZXIgRGlzY291bnQgUHJvZ3JhbSIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2LjYwIFNhZmFyaS81MzcuMzYiLCJpc01vYmlsZSI6ZmFsc2UsImlzUmVzcG9uc2l2ZSI6dHJ1ZSwidmlld3BvcnRNZXRhIjoid2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEiLCJoZWxwQ2VudGVyRGVkdXAiOmZhbHNlfSwiYnVpZCI6IjdlYTg3YWFhNjU4ODQ0ZDBiOGI3MTIxMWNiOGQ3MTJmIiwic3VpZCI6ImNlYWE3OTE4N2UxYTQwZGViM2U1MjUyNTRiNDE2N2I3IiwidmVyc2lvbiI6ImE0MWVhYTIiLCJ0aW1lc3RhbXAiOiIyMDIyLTA0LTAxVDIwOjUxOjA4LjY0NVoiLCJ1cmwiOiJodHRwczovL3dhbGdyZWVucy5wZXJrc3BvdC5jb20ifQ%3D%3D

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-40cac614c9635fb7d134.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time: 1
zendesk-api-version: 2022-01-01
content-length: 0
x-zendesk-zorg: yes
x-request-id: 6ee39586d3f709f03ac1fc1c6642b4da
last-modified: Fri, 01 Apr 2022 20:51:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jLFGUlIC%2BdCSgXYovyV2xUOW59v9hA9C3s66yVu%2BSt%2BBblQjLUf21OuWTQIeZOGVSGsDaJOXpX3jR3alLoLxNWa9YkuSOSGLiocCiThtQi4FGkidMOq67IsrS449beykVGcCYrF2"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://walgreens.perkspot.com
accept-ranges: bytes
cf-ray: 6f54337b099c690f-FRA

GET
H2 200 web-widget-chat-incoming-message-notification-a41eaa2.js Show response
static.zdassets.com/web_widget/latest/classic/ Frame 2200 208 B
678 B 25ms
24ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/web-widget-chat-incoming-message-notification-a41eaa2.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-a41eaa2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65779
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: 4KDV2658189YQXWF
x-amz-id-2: NM2HD8IvFLfFtPGCOILuezjqPXtYLECUmYm+a1nTu4lDjLov7lOn46nHJeYrtb7CWBaCfHJ8XJ4=
last-modified: Fri, 01 Apr 2022 02:03:19 GMT
server: cloudflare
etag: W/"659635f5ad1b6653645380f46aa42236"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZhtpesU2Wd%2FQjo2YoqiC1iiJZVuQLU4ZCuHuq%2F%2BbdffFn0ctN0y36H9q1GC5IzARksRH9H5XQ%2FDmmou131NbIGISxJqb6Q%2FoBBuMwsCq%2FhEveSd%2FN3rVk6CEW1z7jDtiDutpYSo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: XGcruUBasl5U72.f6Es9HipXRvj4Dzhk
cf-ray: 6f54337c5d1c90ac-FRA
expires: Sat, 01 Apr 2023 02:03:18 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/latest/classic/ Frame 2200 19 KB
20 KB 19ms
18ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/classic/fda6cd35495c75f83508d9d2e77ee33d.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 01 Apr 2022 20:51:08 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1966787
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
x-amz-request-id: JV82F2Q75Q9SH52X
x-amz-id-2: 7jRFkhSGoKTJKa8EYsHFT7mixTiGbrFuRCEe9amr3u4nOjnEEnskKoBmwOPPi3COT51zpfkpZQ4xLKaA5ZBQTg==
last-modified: Wed, 09 Mar 2022 06:43:05 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Zakax3J0TSbeD1xHq8WFAjLYIjbHSW4Gl3iKsfsGRH4KYArSTolm%2FFT801d22P9D8NILSzERu4PINaifSmIp1yKflYg4XcK1xg3qub%2BxBpCqmEiI6jJj4fyyPjZ2pSuIqhilgA%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: ngeCnQamEcRo6kgSgz9pTF5J7hCEPwJW
Content-Length: 19698
cf-ray: 6f54337c8d5c90ac-FRA
expires: Thu, 09 Mar 2023 06:43:04 GMT

GET
H2

200

Primary Request quiz Show response
page.firstleaf.club/
Redirect Chain

https://www.jdoqocy.com/click-2097062-13413294?sid=EPVE3BF10Q6890MZSAACRUVBD
https://cj.dotomi.com/db111kjsr9/jqv/8AB8A9GB/97GE7D9/7/7/7?m=qwmh%3DITZI7FJ54UACD4QdWEEGVYZFH%3c%3clxxtw%3A%2F%2F000.nhsusg2.gsq%3AC4%2Fgpmgo-64DB4A6-578576D8%3c%3cK%3clxxtw%3A%2F%2F0epkviirw.tivo...
https://www.emjcd.com/a5100mu21M/u05/JLMJLKRM/KIRPIOK/I/MIIKIMNRPPQNQMMLNO:-w0d3GF-VInU/PNOIwRvJtJxvJJwuQJxOIMPMIsJQINIv?t=evlg%3DHSYH6EI43T9BC3PcVDDFUXYEG%3cfmr!05s2-gzrAhhd%3ckwwsv%3A%2F%2Fzzz.mg...
https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+...

93 KB
16 KB

147ms
104ms

Document
text/html

2606:4700:10::6816:2be0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2be0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fd017b0f3d31ccfa303e0ef2d05fd68c69823bcbdb640f7f019a13f8a2e743c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://walgreens.perkspot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 6f5433820b370225-ZRH
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 01 Apr 2022 20:51:09 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 google, 1.1 google

Redirect headers

Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Apr 2022 20:51:09 GMT
Expires: Fri, 01 Apr 2022 20:51:09 GMT
Location: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Pragma: no-cache
Server: Server
Transfer-Encoding: chunked

POST collect
www.google-analytics.com/g/ 0
0

GET
H2 200 utils.baec6ab095abccec712d.js Show response
g.fastcdn.co/js/ 47 KB
16 KB 34ms
8ms Script
application/javascript 35.244.137.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g.fastcdn.co/js/utils.baec6ab095abccec712d.js
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 202.137.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7ab78f93643518cef1096cfc0cea5888a5b76431331a2cf697957a218295a88b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 16:52:32 GMT
content-encoding: gzip
age: 619117
x-guploader-uploadid: ADPycdvRxHnGQgGvQeFc1VgyQaevAIeD0-TI2S0oZJhCUhKpZuZXFklkD_Veu38ooTXSuTAEFBUtWOmSC9IkOKwcZKAlTjvUww
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16056
last-modified: Thu, 24 Mar 2022 16:23:38 GMT
server: UploadServer
etag: "90f82c64595bd1998e4968871b14cffa"
vary: Accept-Encoding
x-goog-hash: crc32c=oFv1Wg==, md5=kPgsZFlb0ZmOSWiHGxTP+g==
x-goog-generation: 1645597395001460
cache-control: public, max-age=31536000
x-goog-stored-content-length: 16056
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 25 Mar 2023 16:52:32 GMT

GET
H2 200 Cradle.4dac59f2328b0387640d.js Show response
g.fastcdn.co/js/ 20 KB
6 KB 35ms
10ms Script
application/javascript 35.244.137.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g.fastcdn.co/js/Cradle.4dac59f2328b0387640d.js
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 202.137.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 871a395274807a496ca51c603b7320eca9fc11a7949c0df992be96f29dcb7211

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 15:24:43 GMT
content-encoding: gzip
age: 192386
x-guploader-uploadid: ADPycdsZ15_Io74y9yVs5ZttkvnJFZcM1mpF9y74BzuKYBGA2BURynq8qKZfbrcwlC9FobK0fouiC42M2Y589T2ll1DmnVlyIg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5581
last-modified: Wed, 30 Mar 2022 10:00:34 GMT
server: UploadServer
etag: "e65424f8c2aaa7264ae3eaf852934882"
vary: Accept-Encoding
x-goog-hash: crc32c=MHgq+w==, md5=5lQk+MKqpyZK4+r4UpNIgg==
x-goog-generation: 1638284785395024
cache-control: public, max-age=31536000
x-goog-stored-content-length: 5581
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 30 Mar 2023 15:24:43 GMT

GET
H2 200 LazyImage.b311ea858a228d7bc9b2.js Show response
g.fastcdn.co/js/ 3 KB
2 KB 40ms
14ms Script
application/javascript 35.244.137.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g.fastcdn.co/js/LazyImage.b311ea858a228d7bc9b2.js
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 202.137.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7e7c84efcf8e336f390d7a51a24cba3873782769b33470b31d2cef95b2f01cee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 04:56:50 GMT
content-encoding: gzip
age: 2130859
x-guploader-uploadid: ADPycdu8n1M5Y_M15N3Q8ynEt7NcfYc8GTpEp8iEUwPaaVHqcIF94fcmBpsc3ktIU_TP-3Aynldrz_ozWufFPsn1tm4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1563
last-modified: Tue, 08 Mar 2022 04:21:09 GMT
server: UploadServer
etag: "4fada7192ed3976ed69f137f5aaeab12"
vary: Accept-Encoding
x-goog-hash: crc32c=FGzgaA==, md5=T62nGS7Tl27WnxN/Wq6rEg==
x-goog-generation: 1641505470022281
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1563
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 08 Mar 2023 04:56:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 39ms
16ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700

Requested by

Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c0088d08089d4ecfd95333d9db3b56ac6a3b9af2374e083680b39391f7a75ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 19:34:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 01 Apr 2022 20:51:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Apr 2022 20:51:09 GMT

GET
H2 200 LegacyVendors.d341954906ae69acee39.js Show response
g.fastcdn.co/js/ 95 KB
33 KB 40ms
15ms Script
application/javascript 35.244.137.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g.fastcdn.co/js/LegacyVendors.d341954906ae69acee39.js
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 202.137.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 95bdb8a3cd90e91621c9e68d4b157dd7fedab021ee89e9e173d17f93f0f03305

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 09:03:00 GMT
content-encoding: gzip
age: 1943289
x-guploader-uploadid: ADPycdvUem_4ytQGNVw916tafp5y6Xrx4wBSZrvP1JjhuGLS6McimuO9HVVz0LazwN5J8tUWoEuEdtKDJVOHjW7CmS4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33710
last-modified: Tue, 08 Mar 2022 22:12:40 GMT
server: UploadServer
etag: "fc551ad7e347bf019785e719fab1ba31"
vary: Accept-Encoding
x-goog-hash: crc32c=MgUolg==, md5=/FUa1+NHvwGXhecZ+rG6MQ==
x-goog-generation: 1641581573405792
cache-control: public, max-age=31536000
x-goog-stored-content-length: 33710
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 10 Mar 2023 09:03:00 GMT

GET
H2 200 caslon.css
d1hdjv7b05hja2.cloudfront.net/fonts/ 2 KB
1 KB 96ms
23ms Stylesheet
text/css 2600:9000:20d7:be00:b:dc44:3680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1hdjv7b05hja2.cloudfront.net/fonts/caslon.css
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20d7:be00:b:dc44:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c77d5979a9eb0e45bd243053b0724ea63b2d3381a0b43a3ec80ad58df66cf781

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:56:32 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2017 18:11:11 GMT
server: AmazonS3
age: 240878
etag: W/"b57f1c931d356c98dde8a5d98c98605d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 2285d262a6b5edcf46f904cd07877cdc.cloudfront.net (CloudFront)
x-amz-cf-pop: ZAG50-C1
x-amz-cf-id: PL3oBWRXHtu5fPbqSrySyzz_NeZolis9Iz6n1RiQbAsa_iGmNlQ0Ew==

GET
H2

200

007ADF49EA9D333D0.css
www.firstleaf.club/fonts/687751/
Redirect Chain

https://cloud.typography.com/7410416/6307592/css/fonts.css
https://www.firstleaf.club/fonts/687751/007ADF49EA9D333D0.css

250 KB
186 KB

47ms
35ms

Stylesheet
text/css

2606:4700:10::6816:2be0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.club/fonts/687751/007ADF49EA9D333D0.css
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Server: 2606:4700:10::6816:2be0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7160bf300aedb0d16945e3ee5e15851ac0f21c571e2d4632e121eb6f1ab1d9aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
via: 1.1 8e487d5d50ba943ec340041b0945bbf4.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 420
cf-polished: origSize=257416
x-cache: Miss from cloudfront
content-encoding: br
last-modified: Mon, 28 Oct 2019 20:45:31 GMT
server: cloudflare
etag: W/"07e30349aeb157501123c221264ec810"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000, immutable
x-amz-cf-pop: DUS51-P1
cf-ray: 6f54338c1b0a0225-ZRH
x-amz-cf-id: aPrI8xOttvm-89KHv1ZXsPwfsF2cAEvjL-zQv9jD9E8ugsC5rQt6ig==
cf-bgj: minify

Redirect headers

Date: Fri, 01 Apr 2022 20:51:11 GMT
Last-Modified: Fri, 21 Sep 2018 14:37:41 GMT
Server: AkamaiNetStorage
ETag: "a71d9ac9ba4b6206174d8d4e5688ba41:1537540658"
Content-Type: text/html
Location: https://www.firstleaf.club/fonts/687751/007ADF49EA9D333D0.css
Cache-Control: must-revalidate, private
Connection: keep-alive
X-HCo-pid: 16
Content-Length: 154
Expires: Fri, 01 April 2022 20:51:10 GMT

GET
H2 200 api.js Show response
page.firstleaf.club/cdn-cgi/bm/cv/669835187/ 35 KB
9 KB 15ms
15ms Script
text/javascript 2606:4700:10::6816:2be0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://page.firstleaf.club/cdn-cgi/bm/cv/669835187/api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2be0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=604800, public
cf-ray: 6f5433835d280225-ZRH

GET
H2 200 lib.js Show response
heatmap-events-collector.instapage.com/static/ 24 KB
9 KB 351ms
114ms Script
application/javascript 35.222.120.150
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://heatmap-events-collector.instapage.com/static/lib.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.222.120.150 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

150.120.222.35.bc.googleusercontent.com

Software

Resource Hash

9f4331078abd467835bcf0b2367872f497045d37ebfb32fe7d9f82cf6843d282

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
strict-transport-security: max-age=315360000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 14 Mar 2022 08:57:35 GMT
x-frame-options: SAMEORIGIN
date: Fri, 01 Apr 2022 20:51:10 GMT
expect-ct: max-age=0
vary: Accept-Encoding, Accept-Encoding
x-download-options: noopen
content-type: application/javascript; charset=UTF-8
cache-control: public, must-revalidate, public
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Apr 2022 20:56:10 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 83ms
49ms Script
text/javascript 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://page.firstleaf.club/
Origin: https://page.firstleaf.club
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6f5433868f4f01df-ZRH

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 295 KB
86 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

788f86e987a73df682f581a2c83ac12987beb4c373d0aef1d54e6cd1bee3624d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87526
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Apr 2022 20:51:10 GMT

GET
H2 200 it.js Show response
cdn.instapagemetrics.com/t/js/3/ 54 KB
19 KB 44ms
14ms Script
application/javascript 34.120.27.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.instapagemetrics.com/t/js/3/it.js
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.27.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.27.120.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 853d7ef6b54d838c009d01e4857b499d7ec4f71f6fced1e2e3c463fd393ccb29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 05:50:04 GMT
content-encoding: gzip
age: 1350066
x-guploader-uploadid: ADPycdsqcaqrO2z-t138Q_Ojbb_qYKoUjadoedbU4EJFHHIfiNN8OuiS6fgm3hoNB4t41Y9S-s1BV0Gw9R0a4rzdHEQ24d2tsg
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
x-goog-meta-tracker-version: 3
alt-svc: clear
content-length: 18709
last-modified: Tue, 28 Sep 2021 11:50:58 GMT
server: UploadServer
etag: "84d2ba50a82d2c43fac196cf9ce05f68"
x-goog-hash: crc32c=9jCvxw==, md5=hNK6UKgtLEP6wZbPnOBfaA==
x-goog-generation: 1632829858360680
cache-control: no-transform
x-goog-stored-content-length: 18709
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Mar 2023 05:50:04 GMT

GET
H3 200 sptw.3.js Show response
g.fastcdn.co/js/ 50 KB
15 KB 17ms
8ms Script
application/javascript 35.244.137.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g.fastcdn.co/js/sptw.3.js
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 202.137.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 966c577d8c64cc8e8e188e59481d3598a186c7f29bcc29ecebaab3355d1b93b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 17:18:20 GMT
content-encoding: gzip
age: 358370
x-guploader-uploadid: ADPycdtJDMlHacE7nhJabLj-nAabYzhX8aF2KXrk1QkBRRXfkswD5j-79ARuuC11XbQ3hWPML8hzlGZQRlKec_G0dr0ZbG1wNg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15765
last-modified: Thu, 24 Mar 2022 16:23:37 GMT
server: UploadServer
etag: "fdbb65aabbd682b8e93dc8badf98a7ad"
vary: Accept-Encoding
x-goog-hash: crc32c=6UqJ+A==, md5=/btlqrvWgrjpPci635inrQ==
x-goog-generation: 1637865418772281
cache-control: public, max-age=31536000
x-goog-stored-content-length: 15765
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 28 Mar 2023 17:18:20 GMT

GET
H3 200 cm.js Show response
g.fastcdn.co/js/ 41 KB
14 KB 9ms
9ms Script
application/javascript 35.244.137.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g.fastcdn.co/js/cm.js
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.137.202 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 202.137.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7ddcb58132fd471f416950300b932930d367500c3c9f0c2b1e01c0d80f93c293

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 04:20:26 GMT
content-encoding: gzip
age: 1787444
x-guploader-uploadid: ADPycdtf-26NBQPG7RousokzWEHe1t_jMCfjv_01YoflOHDKZW79Mf82br5N5uRRs1b48SXXEmlfrlv9XbHSW7-dEECm8i34pg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13838
last-modified: Fri, 11 Mar 2022 16:10:05 GMT
server: UploadServer
etag: "680c97952347751d906b00edfd5b24b8"
vary: Accept-Encoding
x-goog-hash: crc32c=yRel5w==, md5=aAyXlSNHdR2QawDt/VskuA==
x-goog-generation: 1636669944343894
cache-control: public, max-age=31536000
x-goog-stored-content-length: 13838
accept-ranges: bytes
content-type: application/javascript
expires: Sun, 12 Mar 2023 04:20:26 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 79ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 319E983CF7D14B0BBD0B7BB37ABC2FE6 Ref B: FRAEDGE1407 Ref C: 2022-04-01T20:51:10Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Fri, 01 Apr 2022 20:51:09 GMT
accept-ranges: bytes
content-length: 11333

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
1 KB 159ms
114ms Script
application/javascript 2a02:26f0:7100:18e::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:18e::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
x-cdn: akamai
etag: "c4a0eea377c5e0da574e46f4d6e838e5"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
accept-ranges: bytes
content-length: 1142
access-control-expose-headers: X-CDN

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 136ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 00:09:12 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100176-IAD, cache-hhn11570-HHN

GET
H3 200 optimize.js Show response
www.google-analytics.com/gtm/ 103 KB
39 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=OPT-WRCDBFX

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0c3ab2c0c9ac9ded9d521617e90699c430dfd6b22c4a857afab23bab216f9916

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40253
x-xss-protection: 0
expires: Fri, 01 Apr 2022 20:51:11 GMT

GET
H2 200 firstleaf.js Show response
init.blackcrow.ai/js/core/ 0
402 B 42ms
6ms Script
application/javascript 108.138.7.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://init.blackcrow.ai/js/core/firstleaf.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-93.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:07:09 GMT
via: 1.1 57eb57a4c7d431365ab5b2e18c495bf4.cloudfront.net (CloudFront)
content-type: application/javascript
last-modified: Fri, 01 Apr 2022 20:06:59 GMT
server: AmazonS3
age: 2643
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-cache: Error from cloudfront
x-amz-version-id: 1BxQV6fsaD1AOo8pNpe6cGu.Mx_SBZhx
cache-control: max-age=600
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
x-robots-tag: noindex
content-length: 0
x-amz-cf-id: eH7pZJSPTXYpJKDEoYXyipU5_-Kp8EflCg_aMgbl-5qzFGkkSTMMdA==

GET
H2 200 scevent.min.js Show response
sc-static.net/ 17 KB
7 KB 90ms
41ms Script
application/javascript 108.157.5.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.5.251 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-5-251.dus51.r.cloudfront.net
Software: CloudFront /
Resource Hash: f2f087eac841d5433c3c3fa9ea481b474ff8370b9d9eec1ace18f0300a76ffd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: DUS51-P2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 6336
via: 1.1 ba922c695b86542cbfc03c782d8776d4.cloudfront.net (CloudFront)
x-amz-cf-id: rBSuxQAUOPZhdkWwyv32R-_gDD7xjx-9y3sXKR-ezP_bk-ZXeLAjVw==

GET
H3

200

activityi;dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtru... Show response
11295779.fls.doubleclick.net/ Frame 6E2C
Redirect Chain

https://11295779.fls.doubleclick.net/activityi;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3D...
https://11295779.fls.doubleclick.net/activityi;dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage....

1 KB
571 B

38ms
22ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11295779.fls.doubleclick.net/activityi;dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d;u2=other;u4=undefined;u5=undefined;~oref=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

ab6686990749c593db6ef1357f3c8c5030b5b2c79bd6750c8282c5b62dd2e200

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 546
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 20:51:10 GMT
expires: Fri, 01 Apr 2022 20:51:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 20:51:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11295779.fls.doubleclick.net/activityi;dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d;u2=other;u4=undefined;u5=undefined;~oref=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5565374.js Show response
bat.bing.com/p/action/ 873 B
877 B 229ms
229ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5565374.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

89eed5e467769c906b587908e2ae01fc01cec709c7f7b620b2ccd02852b28d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 411F37FFCB1C4E3EAD882A0E98AF2906 Ref B: FRAEDGE1407 Ref C: 2022-04-01T20:51:11Z
date: Fri, 01 Apr 2022 20:51:10 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 688

GET
H2 200 dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=*;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate...
adservice.google.com/ddm/fls/z/ Frame 6E2C 42 B
494 B 66ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=*;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d;u2=other;u4=undefined;u5=undefined;~oref=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d

Requested by

Host: 11295779.fls.doubleclick.net
URL: https://11295779.fls.doubleclick.net/activityi;dc_pre=CMLrhILf8_YCFQjhGwodmUENpg;src=11295779;type=counter;cat=first0;ord=8171834643042;gtm=2wg3u0;auiddc=785065410.1648846271;u1=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d;u2=other;u4=undefined;u5=undefined;~oref=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11295779.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.32155010.js
s.pinimg.com/ct/lib/ 52 KB
0 121ms
121ms Script
application/javascript 2a02:26f0:7100:18e::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.32155010.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:18e::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: gzip
x-cdn: akamai
etag: "fd86de14455274a7c147dc95b77e18e3"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18298
access-control-expose-headers: X-CDN

GET adsct
t.co/i/ 0
0

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2785
date: Fri, 01 Apr 2022 20:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 01 Apr 2022 22:04:46 GMT

GET
H2 200 60643260-0-Firstleaf-Logo-One-L.png
v.fastcdn.co/u/814df80e/ 80 KB
80 KB 66ms
27ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60643260-0-Firstleaf-Logo-One-L.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: eaa9014e20caa4f72b45bea431741bdd91a428c952dc8dc50049dda90f444afc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 219994
age: 420
cf-polished: origSize=219994
x-guploader-uploadid: ADPycdv3YN800KzRs4uL_1TEyMQlL44ZGJQCCKgWXlUNmCNSs5JX1_8Hdc9SctLNFullToMFDG4hyu6L5aq4RVIUeu9D1Wbl5w
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 12 Mar 2023 13:34:32 GMT
content-length: 81849
last-modified: Wed, 19 Jan 2022 21:34:33 GMT
server: cloudflare
etag: "89c804fc514e0c63bbc89c5df5d33e3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=X5kb7Q==, md5=icgE/FFODGO7yJxd9dM+Og==
content-type: image/png
x-goog-generation: 1642628073014474
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cca782325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60819981-0-Main-Image.jpg
v.fastcdn.co/u/814df80e/ 753 KB
754 KB 83ms
44ms Image
image/jpeg 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60819981-0-Main-Image.jpg
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 844020
age: 420
cf-polished: origSize=844020
x-guploader-uploadid: ADPycdtPeAbVqUJyuU7M6QDAChMNZQEpH8IAboWcKrqk3Kc1PTkmudEw4DsQ4YeNfJ1J87KezMHFV61TJBRrVZ6pU9zJieglWQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:23:43 GMT
content-length: 771349
last-modified: Wed, 02 Feb 2022 17:23:43 GMT
server: cloudflare
etag: "fd93dc2f12ef201a99e7673cd6b34be6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=N+n/qQ==, md5=/ZPcLxLvIBqZ52c81rNL5g==
content-type: image/jpeg
x-goog-generation: 1643822623574100
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 844020
accept-ranges: bytes
cf-ray: 6f54338cca772325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 30 KB
31 KB 27ms
6ms Font
font/woff2 2a00:1450:4001:810::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://page.firstleaf.club
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 08:55:44 GMT
x-content-type-options: nosniff
age: 215727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30876
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:11:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 30 Mar 2023 08:55:44 GMT

GET ppt=18168;g=landing_page;gid=41654;ord=1487692799
trkn.us/pixel/conv/ 0
0

GET
H2 200 grin-sdk.js Show response
d38xvr37kwwhcm.cloudfront.net/js/ 45 KB
16 KB 43ms
7ms Script
application/javascript 2600:9000:223f:5200:15:decf:f580:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d38xvr37kwwhcm.cloudfront.net/js/grin-sdk.js
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5200:15:decf:f580:21 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d3c788a6469d3de15f844df644f328c04c222d1f34cf29850bcda1386da0fd56

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 01:45:04 GMT
content-encoding: gzip
etag: W/"1f6c0af887baf74e41d5bc75d3fb2fda"
last-modified: Mon, 28 Jun 2021 22:43:09 GMT
server: AmazonS3
age: 68768
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 fc562aab29280948aa0691960bee3d6a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: LHtKsHBjnon2pUTYzvxUhB1o1ZajPgAU-NgRgLUKweW7WY273yng1Q==

GET
H2 200 YBLybdE1xjBHVETuQF7WOLKczjAYRp35qsBbVpPj9sVWb6APci4tLov0nislgboT0F35K_YUfCE9jEOm0QrH9Q~~
www.kind-loving-strawberry.com/ 89 KB
0 324ms
278ms Script
application/javascript 2606:4700::6812:318

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kind-loving-strawberry.com/YBLybdE1xjBHVETuQF7WOLKczjAYRp35qsBbVpPj9sVWb6APci4tLov0nislgboT0F35K_YUfCE9jEOm0QrH9Q~~?hid=&uid=&v=3.2.1

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:318 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-backend-connect-time: 0.000
x-backend-status: 200
x-backend-server: hydra-mesh1
x-xss-protection: 0
pragma: no-cache
referrer-policy: never, no-referrer
x-robots-tag: none
x-backend-response-time: 0.016
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript; charset=utf-8
cache-control: no-cache
content-security-policy: upgrade-insecure-requests
cf-ray: 6f54338ce9e6021d-ZRH
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bdeda331b720b33bf5b8bc88d52d16a1c40da840b41f4692e3ed70253fed9486

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 60820766-0-22Firstleaf-Logo-000.png
v.fastcdn.co/u/814df80e/ 7 KB
7 KB 65ms
43ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820766-0-22Firstleaf-Logo-000.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e46191b005afa346ea83b35c255c44e57a365b80f6413e93e94d49d82329ff4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 11595
age: 420
cf-polished: origSize=11595
x-guploader-uploadid: ADPycdtUWvgGR_SUdn-dsaSqw8xhI9qz0-5qsZmFgrsdW2thH20xn46i9H5rV-DPyBSLsCNwNE5CJiEQ5WK-PfMUjX8
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:59:13 GMT
content-length: 6745
last-modified: Wed, 02 Feb 2022 17:59:14 GMT
server: cloudflare
etag: "d8c7afcc3f6b74cf49b80fcb6902809f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Agq6iw==, md5=2MevzD9rdM9JuA/LaQKAnw==
content-type: image/png
x-goog-generation: 1643824754089757
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cca792325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820756-0-22Firstleaf-Logo-000.png
v.fastcdn.co/u/814df80e/ 5 KB
5 KB 66ms
44ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820756-0-22Firstleaf-Logo-000.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: ea4e6f927b6e2c5fbb7e13bb482f491a43f09ee06af6aa54e9c8122a9c51900e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 8292
age: 420
cf-polished: origSize=8292
x-guploader-uploadid: ADPycdtUg7UPGqIR2MJfPE7EXfcrHMYmy1G1ZtYCyqnZVe4wRQbFKC16h2yk6kizNVw8I-s91Ipgf1qe0Z7mlUGb95Q
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:59:13 GMT
content-length: 5067
last-modified: Wed, 02 Feb 2022 17:59:14 GMT
server: cloudflare
etag: "2953a5acbcfb8b20550e703174734a23"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=/hcEvw==, md5=KVOlrLz7iyBVDnAxdHNKIw==
content-type: image/png
x-goog-generation: 1643824754112078
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cda9d2325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820746-0-22Firstleaf-Logo-000.png
v.fastcdn.co/u/814df80e/ 7 KB
7 KB 48ms
26ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820746-0-22Firstleaf-Logo-000.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 36eed064633c78512850999baf67675aa901c854e40a141a94fba555d312eedf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 10790
age: 420
cf-polished: origSize=10790
x-guploader-uploadid: ADPycdsvHTK35Kbu2aP6TIupvCuu7_060w6r1noCp_1C0CZOrngx46jJ3Rs31FnhUpSAkz0uY-ZjYy1hGre99E2cmQplfJbaZw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:59:13 GMT
content-length: 6753
last-modified: Wed, 02 Feb 2022 17:59:14 GMT
server: cloudflare
etag: "bead19f482a0aaa959e68e656095555f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=okcEqQ==, md5=vq0Z9IKgqqlZ5o5lYJVVXw==
content-type: image/png
x-goog-generation: 1643824754012077
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cca7b2325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820761-0-22Firstleaf-Logo-000.png
v.fastcdn.co/u/814df80e/ 2 KB
3 KB 64ms
42ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820761-0-22Firstleaf-Logo-000.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e84aedfed78c5ba5dadb039b4864c556534f68acc513a9d2ff2871fa9bce020

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 4033
age: 420
cf-polished: origSize=4033
x-guploader-uploadid: ADPycdvnCGs6JdPH73PEYpkMA9r5DalSm-uT5G_IBRPKUnbtzjDNIOGSWKBfEPQEJtV0a7xxTdj9qiHHL9Pg3oYYc0o
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:59:13 GMT
content-length: 2526
last-modified: Wed, 02 Feb 2022 17:59:14 GMT
server: cloudflare
etag: "c7e6d9406c9527a636c7de6d6c94d14a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=T4b0/A==, md5=x+bZQGyVJ6Y2x95tbJTRSg==
content-type: image/png
x-goog-generation: 1643824754105879
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cca7d2325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820741-0-22Firstleaf-Logo-000.png
v.fastcdn.co/u/814df80e/ 5 KB
6 KB 63ms
43ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820741-0-22Firstleaf-Logo-000.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e1d260bfc590fcd88b7d0897f9bde5a8191eefe40615ee35eabc285aaf61127

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 8805
age: 420
cf-polished: origSize=8805
x-guploader-uploadid: ADPycds2MJWluQBjQ2MJRhW4ejjc-wudCFZKR8OiCYs0TIYN9dVpra1rwN96woYITUJ6l0ykMGBxA5HvceobJbZaQIYMyVCWGQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:59:13 GMT
content-length: 5519
last-modified: Wed, 02 Feb 2022 17:59:13 GMT
server: cloudflare
etag: "ddf2f48ffcfd5e45c7c8e838627f3cb3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Dzx4wA==, md5=3fL0j/z9XkXHyOg4Yn88sw==
content-type: image/png
x-goog-generation: 1643824753966947
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cca742325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820751-0-22Firstleaf-Logo-000.png
v.fastcdn.co/u/814df80e/ 4 KB
4 KB 61ms
42ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820751-0-22Firstleaf-Logo-000.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 9654ce268ddf99f0715db898247f15e1a75a8d83c2cf23c87ab4cc820f9839f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 6661
age: 420
cf-polished: origSize=6661
x-guploader-uploadid: ADPycdtIVygpmxM0XxHgcX-x7hQWUyCHtzxrZQl0dPODCCMvagmUdInlOofBnKP4PmI65D7IkdcK1-B2cj0It0ljMQp0W5R4iw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:59:13 GMT
content-length: 3739
last-modified: Wed, 02 Feb 2022 17:59:14 GMT
server: cloudflare
etag: "0fe0451bf800d73d88762f1a4fe107df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Gxw1HA==, md5=D+BFG/gA1z2Idi8aT+EH3w==
content-type: image/png
x-goog-generation: 1643824753973109
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cca7f2325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820771-0-22Firstleaf-Logo-000.png
v.fastcdn.co/u/814df80e/ 6 KB
6 KB 63ms
44ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820771-0-22Firstleaf-Logo-000.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 872eba15c255252e9e9f909be31972136a84b028162d13435d4175fd7575ebea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 9441
age: 420
cf-polished: origSize=9441
x-guploader-uploadid: ADPycdtBUQr1iVVkktwYnAMnz2dyC5mf5NG11a430ecq6IFYFTnArcBrWN63cIyqreH1ME58Nt-n3XF4zG8pRVM3zKVfGLzj7g
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 09:59:13 GMT
content-length: 5885
last-modified: Wed, 02 Feb 2022 17:59:14 GMT
server: cloudflare
etag: "16eb33e23c6f04a38c8d09a92130c67a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=6jyyEg==, md5=Fusz4jxvBKOMjQmpITDGeg==
content-type: image/png
x-goog-generation: 1643824754189642
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cca802325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 61090591-0-Firstleaf-Logo-One-L.png
v.fastcdn.co/u/814df80e/ 55 KB
55 KB 30ms
29ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/61090591-0-Firstleaf-Logo-One-L.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e9a0877314d4fa830de499cb7b51fd58c95df2004547cdedc42d55d546cdec5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 66373
age: 420
cf-polished: origSize=66373
x-guploader-uploadid: ADPycdvkL0bwahTSAm9AoF16nUKEDzRM6uPf2QeTYFyI-FvvR7ALibHL9VAaaGq4jHg0tEBkmgJlYJ_wAL27JQ5rZy8
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Fri, 21 Apr 2023 02:33:42 GMT
content-length: 56128
last-modified: Mon, 28 Feb 2022 10:33:42 GMT
server: cloudflare
etag: "a86422bd24a25965f3ebfb1a2cdbb4a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=vThQqg==, md5=qGQivSSiWWXz6/saLNu0pA==
content-type: image/png
x-goog-generation: 1646044422677180
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cdaa22325-ZRH
cf-bgj: imgq:100,h2pri

GET clarity.js
k.clarity.ms/s/0.6.34/ 0
0

GET
H2 200 60824736-0-Satisfaction-Guarant.jpg
v.fastcdn.co/u/814df80e/ 1 MB
0 30ms
30ms Image
image/jpeg 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60824736-0-Satisfaction-Guarant.jpg
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 1927899
age: 420
cf-polished: origSize=1927899
x-guploader-uploadid: ADPycdvCzNpElz6RUGJ-p2q6Tf5GuWx8f9OvbFwveE3ecymHDMVKF_t_S2i3pmpLW3DEGTCAH545EH8frvI2p53seq0
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 15:06:16 GMT
content-length: 1754828
last-modified: Wed, 02 Feb 2022 23:06:16 GMT
server: cloudflare
etag: "6e09af65a0d0d5d88567df22eef37d51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=cUn90w==, md5=bgmvZaDQ1diFZ98i7vN9UQ==
content-type: image/jpeg
x-goog-generation: 1643843176492673
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338cdaa32325-ZRH
cf-bgj: imgq:100,h2pri

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c

Request headers

Referer
Origin: https://page.firstleaf.club
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70

Request headers

Referer
Origin: https://page.firstleaf.club
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=210378960&t=pageview&_s=1&dl=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d&dr=https%3A%2F%2Fwalgreens.perkspot.com%2F&ul=en-us&de=UTF-8&dt=Buying%20Award-Winning%20Wine%20Is%20Simple%20With%20Firstleaf&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABRAAAAC~&jid=1014287262&gjid=674494513&cid=323684375.1648846271&tid=UA-68049103-4&_gid=2005313984.1648846271&_r=1&gtm=2wg3u0TKCVNW&z=1054798744

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://page.firstleaf.club/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 20:51:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://page.firstleaf.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=210378960&t=event&ni=1&_s=1&dl=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d&dr=https%3A%2F%2Fwalgreens.perkspot.com%2F&ul=en-us&de=UTF-8&dt=Buying%20Award-Winning%20Wine%20Is%20Simple%20With%20Firstleaf&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Page&ea=Quiz-Branded-control&el=%2Fquiz&_u=aGDACEABRAAAAC~&jid=&gjid=&cid=323684375.1648846271&tid=UA-68049103-4&_gid=2005313984.1648846271&gtm=2wg3u0TKCVNW&z=403753120

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 16:31:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 15559
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET adsct
analytics.twitter.com/i/ 0
0

GET
H/1.1 204
No Content cs.js
aa.trkn.us/1/e/ 0
166 B 205ms
44ms Script
text/plain 104.92.92.80

General

Check archive.org

Show headers Download Go to

Full URL: https://aa.trkn.us/1/e/cs.js?cid=c013&evid=5713e69f-ed70-4bb9-9079-619171b397f7&suu=1&dmn=page.firstleaf.club
Requested by: Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.92.80 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 20:51:11 GMT
Cache-Control: private, max-age=3600
Connection: keep-alive
Expires: Fri, 01 Apr 2022 21:51:11 GMT

GET wxyz.rb.js
rbv9j7km.firstleaf.club/assets/ 0
0

GET
H2 200 fbevents.js
connect.facebook.net/en_US/ 99 KB
0 50ms
21ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: walgreens.perkspot.com
URL: https://walgreens.perkspot.com/offer/1431609/none?utm_medium=email&utm_id=weeklyblast

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26313
x-xss-protection: 0
pragma: public
x-fb-debug: QAyBOZdEdvii9Ag06iucx2CAWlRAaDB83/JOx8WPvWcRR5HyUU/IdToIwjaukFxWYQPpHh1focIsMSrRU3GdRQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 01 Apr 2022 20:51:11 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 snippet.js
static.zdassets.com/ekr/ 20 KB
6 KB 22ms
21ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=b253b5fa-0522-4fcb-b2f3-9056b25ec9b1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-request-id: HVHEDHXMS3N5GDP3
x-amz-id-2: FsKgtYdvdy8bCGYUkcv+TuT2CHO2/6ZAyR9+ZNqxtwOQ/lHkUIvs00icMyWBzQJ1T/93KLyA3no=
last-modified: Wed, 02 Mar 2022 22:42:26 GMT
server: cloudflare
etag: W/"b687c8c87e4bb1d316102239ec8bdb5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q5W7x2FQ%2Bjugqd7z8dT7ZigDCSJXp684OrecC43XclvAL0xGhg3i4Nn0Fz7tV2ndGnt81H%2FPfklwWgOowC7bXgEmu9A8TOr5e7TTMGLoXWE7FnchdYG%2FGcEZco7htUB2XGCfCNI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: _Dpi7A8IulKqwnfX5Ya9rojoN_2lK2xr
cf-ray: 6f54338cead890ac-FRA

GET
H/1.1 200
OK t.js
cdn1-res.sundaysky.com/vop/v2/ 3 KB
0 256ms
57ms Script
application/javascript 99.86.113.64

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn1-res.sundaysky.com/vop/v2/t.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.113.64 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 28 Mar 2022 22:00:06 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 341465
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 09 Mar 2022 09:50:50 GMT
X-Frame-Options: DENY
ETag: W/"2603-1646819450000"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 591fc133cda27edbedf7edb3f0231464.cloudfront.net (CloudFront)
Cache-Control: public, max-age=604800
X-Amz-Cf-Pop: LHR61-C1
X-Amz-Cf-Id: p5Sc3thYukKhQq8ljPl8VCe2d1x4v-bkn1T-4wofU6OOf39LQE_mUA==

GET ppt=18168;g=landing_page;gid=41654;ord=1330791203
trkn.us/pixel/conv/ 0
0

GET visit
anthill.instapage.com/projects/56c2f3d796773d0a7e96a536/events/ 0
0

GET
H2 204 0
bat.bing.com/action/ 0
162 B 45ms
44ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5565374&tm=gtm002&Ver=2&mid=e1c18413-4245-404f-b4a5-5a7090d5d3da&sid=76871880b1fd11ec8717830fcd0ca44d&vid=76875670b1fd11eca4446f3fc337a3e6&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Buying%20Award-Winning%20Wine%20Is%20Simple%20With%20Firstleaf&kw=wine,%20wine%20club&p=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d&r=https%3A%2F%2Fwalgreens.perkspot.com%2F&lt=2109&evt=pageLoad&msclkid=N&sv=1&rn=404891

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F1707B6CA5EC4833AEBA9B53E60FC334 Ref B: FRAEDGE1407 Ref C: 2022-04-01T20:51:11Z
date: Fri, 01 Apr 2022 20:51:10 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 61265034-0-How-it-works-circle-.png
v.fastcdn.co/u/814df80e/ 3 KB
3 KB 63ms
59ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/61265034-0-How-it-works-circle-.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 8564
age: 420
cf-polished: origSize=8564
x-guploader-uploadid: ADPycdv50es0fT0S325WxqTKVJSU6vrygo8B6k1Nf_j04wtfX8wYTL3NV1-enLX8889CZpteAnifaNlzQW70MKm58o2nE8N8Jg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Fri, 12 May 2023 10:44:42 GMT
content-length: 3158
last-modified: Mon, 21 Mar 2022 18:44:42 GMT
server: cloudflare
etag: "e15c00b2073924b7899a5bfcd2d105d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=1/sDJw==, md5=4VwAsgc5JLeJmlv80tEF0Q==
content-type: image/png
x-goog-generation: 1647888282235305
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338d1aee2325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 61265039-0-How-it-works-circle-.png
v.fastcdn.co/u/814df80e/ 4 KB
4 KB 67ms
64ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/61265039-0-How-it-works-circle-.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 10949
age: 420
cf-polished: origSize=10949
x-guploader-uploadid: ADPycdtnDgvWI_PZFFJkeDp5ZaawAbEpdTFomwrhKMS-I38Kc14XfLwt8ABD6cCkCXAfSWXzyniIUMVKA9SvROpW7aI
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Fri, 12 May 2023 10:44:42 GMT
content-length: 3791
last-modified: Mon, 21 Mar 2022 18:44:42 GMT
server: cloudflare
etag: "5016a8293e64f906fe4221f8b11c127f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=pbs8ww==, md5=UBaoKT5k+Qb+QiH4sRwSfw==
content-type: image/png
x-goog-generation: 1647888282357152
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338d1aef2325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 61265035-0-How-it-works-circle-.png
v.fastcdn.co/u/814df80e/ 4 KB
4 KB 74ms
71ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/61265035-0-How-it-works-circle-.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 11517
age: 420
cf-polished: origSize=11517
x-guploader-uploadid: ADPycdsPotZgFddN_6IlSCZBYujPwvsrabUwOS0pOsgg4QHchEkUrdvz1qnDSmIfCKRwmF5icmPAwMopWjNAm-MCsnDwVKUxRg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Fri, 12 May 2023 10:44:42 GMT
content-length: 3906
last-modified: Mon, 21 Mar 2022 18:44:42 GMT
server: cloudflare
etag: "3a52ae52503fef6f2850d9d77e5ce7de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=NzsOBQ==, md5=OlKuUlA/728oUNnXflzn3g==
content-type: image/png
x-goog-generation: 1647888282317480
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338d1af02325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820831-0-Icon-4.png
v.fastcdn.co/u/814df80e/ 4 KB
4 KB 81ms
78ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820831-0-Icon-4.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 9661
age: 420
cf-polished: origSize=9661
x-guploader-uploadid: ADPycdvs5cJEIQxDZ5Z16iLNWf5Zdj4oOyrNHn15X3zfgLhnqlhlaWsJq8vSi-ga-cnAzA7rR6oyWVAQ9FIbwLW2rOA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 10:03:09 GMT
content-length: 4028
last-modified: Wed, 02 Feb 2022 18:03:09 GMT
server: cloudflare
etag: "84f840338ea819a24c908762ce6b0c98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=aH7+Ow==, md5=hPhAM46oGaJMkIdizmsMmA==
content-type: image/png
x-goog-generation: 1643824989367136
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338d1af22325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820826-0-Icon-1.png
v.fastcdn.co/u/814df80e/ 9 KB
9 KB 62ms
59ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820826-0-Icon-1.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 14738
age: 420
cf-polished: origSize=14738
x-guploader-uploadid: ADPycdvWtvHxHfLddayMYX2m3047VWR_hfn6bPF6_xILnDLNXjUuFsIxGPLA5fWA4Bqq44TYe9RDMxtl2jDZPaOxFxo
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 10:03:09 GMT
content-length: 8835
last-modified: Wed, 02 Feb 2022 18:03:09 GMT
server: cloudflare
etag: "e176ffe64a3b5822d4bc10531805bdcc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=DmUbBQ==, md5=4Xb/5ko7WCLUvBBTGAW9zA==
content-type: image/png
x-goog-generation: 1643824989456831
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338d1af32325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 61335998-0-Icon-3.png
v.fastcdn.co/u/814df80e/ 6 KB
6 KB 74ms
71ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/61335998-0-Icon-3.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 10463
age: 420
cf-polished: origSize=10463
x-guploader-uploadid: ADPycdt5KrKMXw1XGmaPECiFf9WQsI54rZVDtRQ2nmIgWa95NcGZOR57lxqTR9PW0jynV_VS8c7jEMQPZsbqyNYOV1JIWV9lQQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sat, 20 May 2023 10:24:37 GMT
content-length: 6017
last-modified: Tue, 29 Mar 2022 18:24:37 GMT
server: cloudflare
etag: "6df402610b8f5e243b99d65744c1e3bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Q59AaQ==, md5=bfQCYQuPXiQ7mdZXRMHjvQ==
content-type: image/png
x-goog-generation: 1648578277407026
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338d1af52325-ZRH
cf-bgj: imgq:100,h2pri

GET
H2 200 60820836-0-Icon-2.png
v.fastcdn.co/u/814df80e/ 6 KB
6 KB 62ms
59ms Image
image/png 2606:4700::6812:9e3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v.fastcdn.co/u/814df80e/60820836-0-Icon-2.png
Requested by: Host: page.firstleaf.club
URL: https://page.firstleaf.club/quiz?friends=true&utm_source=cj_affiliate&utm_medium=cpa&utm_campaign=1850771_12+Interactive+LLC_2097062&utm_term=&utm_content=13413294_6+Bottles+for+%2439.95+Plus+Free+Shipping+for+a+Year&utm_subcampaign=2097062&cjevent=7560e9d1b1fd11ec81f604740a18050d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9e3 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://page.firstleaf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 20:51:11 GMT
cf-cache-status: HIT
x-goog-stored-content-length: 14707
age: 420
cf-polished: origSize=14707
x-guploader-uploadid: ADPycdutMtXAh6m7gY76yNFTgiQ-LeP9U7qSCxUffofDLcVcZ-hrXdYC4cdyuUBn_1CvL0QlBL8X5AX6WmL6gOeUn8w
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-meta-expires: Sun, 26 Mar 2023 10:03:09 GMT
content-length: 5852
last-modified: Wed, 02 Feb 2022 18:03:09 GMT
server: cloudflare
etag: "d7dae043da045af6fa473d4fa6d115ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=5jCGyw==, md5=19rgQ9oEWvb6Rz1PptEVzg==
content-type: image/png
x-goog-generation: 1643824989415519
expires: Mon, 29 Mar 2032 20:51:11 GMT
cache-control: public, max-age=315360000
x-goog-meta-content-length: 0
accept-ranges: bytes
cf-ray: 6f54338d1af62325-ZRH
cf-bgj: imgq:100,h2pri

POST
H3 200 collect
stats.g.doubleclick.net/j/ 1 B
22 B 51ms
50ms XHR
text/plain 2a00:1450:400c:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-68049103-4&cid=323684375.1648846271&jid=1014287262&gjid=674494513&_gid=2005313984.1648846271&_u=YGBACEAARAAAAC~&z=1320755893

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://page.firstleaf.club/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 01 Apr 2022 20:51:11 GMT
content-type: text/plain
access-control-allow-origin: https://page.firstleaf.club
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/g/collect?v=2&tid=G-8J161FED5Z&gtm=2oe3u0&_p=20688138&sr=1600x1200&ul=en-us&cid=794515305.1648846267&dl=https%3A%2F%2Fwalgreens.perkspot.com%2Foffer%2F1431609%2Fnone%3Futm_medium%3Demail%26utm_id%3Dweeklyblast&dt=You%27re%20on%20your%20way%20to%20saving%20at%20Firstleaf%20Wine%20Club%20%7C%20Welcome%20to%20The%20Walgreens%20Family%20of%20Companies%20Team%20Member%20Discount%20Program&sid=1648846267&sct=1&seg=0&_s=2

Domain: t.co
URL: https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nzfyd&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=d97f534d-3359-41ff-973e-c38e48a54bd8&tw_document_href=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d

Domain: trkn.us
URL: https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1487692799

Domain: k.clarity.ms
URL: https://k.clarity.ms/s/0.6.34/clarity.js

Domain: analytics.twitter.com
URL: https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nzfyd&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=d97f534d-3359-41ff-973e-c38e48a54bd8&tw_document_href=https%3A%2F%2Fpage.firstleaf.club%2Fquiz%3Ffriends%3Dtrue%26utm_source%3Dcj_affiliate%26utm_medium%3Dcpa%26utm_campaign%3D1850771_12%2BInteractive%2BLLC_2097062%26utm_term%3D%26utm_content%3D13413294_6%2BBottles%2Bfor%2B%252439.95%2BPlus%2BFree%2BShipping%2Bfor%2Ba%2BYear%26utm_subcampaign%3D2097062%26cjevent%3D7560e9d1b1fd11ec81f604740a18050d&tpx_cb=twttr.conversion.loadPixels

Domain: rbv9j7km.firstleaf.club
URL: https://rbv9j7km.firstleaf.club/assets/wxyz.rb.js

Domain: trkn.us
URL: https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1330791203

Domain: anthill.instapage.com
URL: https://anthill.instapage.com/projects/56c2f3d796773d0a7e96a536/events/visit?api_key=4dcd7785ff76425fa044a46760f90f264abe467644ef3de941b67b71c63e9880d5cd6a9be9a01d0179fc7cf2c4b02c561ed47d8c3bc0e996e4405bd9fffba73b0a6dd361a665a4f35df44b112f2ae3a7b306489850dbcd7fd882c002fd179389264a82f0854959377dab52e8a5e146567484ff253780ed9f448baedfab9dd5a185914d8a37844c7e43f5bdb1ac839690&data=eyJwYWdlX3VybCI6Imh0dHBzOi8vcGFnZS5maXJzdGxlYWYuY2x1Yi9xdWl6P2ZyaWVuZHM9dHJ1ZSZ1dG1fc291cmNlPWNqX2FmZmlsaWF0ZSZ1dG1fbWVkaXVtPWNwYSZ1dG1fY2FtcGFpZ249MTg1MDc3MV8xMitJbnRlcmFjdGl2ZStMTENfMjA5NzA2MiZ1dG1fdGVybT0mdXRtX2NvbnRlbnQ9MTM0MTMyOTRfNitCb3R0bGVzK2ZvcislMjQzOS45NStQbHVzK0ZyZWUrU2hpcHBpbmcrZm9yK2ErWWVhciZ1dG1fc3ViY2FtcGFpZ249MjA5NzA2MiZjamV2ZW50PTc1NjBlOWQxYjFmZDExZWM4MWY2MDQ3NDBhMTgwNTBkIiwib3duZXJfaWQiOjE5NzM0NzYsImN1c3RvbWVyX2lkIjoyMzQ0MDkxLCJwYWdlX2lkIjoyMzAwNTg4MCwicHVibGlzaGVkX3ZlcnNpb24iOjksInZhcmlhdGlvbl9uYW1lIjoiRVEiLCJ2YXJpYXRpb25faWQiOjI5NSwibGlua2VkX3ZhcmlhdGlvbl9pZCI6Mjk2LCJ2YXJpYXRpb24iOiJFUSIsInF1YW50aXR5IjoxLCJpbml0aWFsX3Jlc3BvbnNpdmVfbW9kZSI6bnVsbCwic3RhdGljX3BhZ2UiOmZhbHNlLCJqYXZhc2NyaXB0Ijp0cnVlLCJ2aWV3cG9ydF9oZWlnaHQiOjEyMDAsInZpZXdwb3J0X3dpZHRoIjoxNjAwLCJjYW1wYWlnbl9pZCI6ZmFsc2UsImFkX2lkIjpmYWxzZSwiY2FtcGFpZ25fc291cmNlIjpmYWxzZSwidmlzaXRlZCI6MCwicmVzcG9uc2l2ZV9tb2RlIjpudWxsLCJyZWYiOiJodHRwczovL3dhbGdyZWVucy5wZXJrc3BvdC5jb20vIn0=&t=1648846271503

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 02:02:12	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
.perkspot.com/	1970-01-20 10:46:43	Name: sailthru_hid Value: b53047f737df0c42086e5eed8e8c3d46622660706962f425044a378a5698660defe270fbb25b37f69fd07f15
.perkspot.com/	1970-01-20 02:02:12	Name: sailthru_bid Value: 27080417.4496367
.email.perkspot.com/	1970-01-20 02:00:49	Name: TiPMix Value: 35.3305562563848
.email.perkspot.com/	1970-01-20 02:00:49	Name: x-ms-routing-name Value: self
email.perkspot.com/	1970-01-20 02:00:47	Name: SessionHolder Value: 311befc4-3254-4e9d-8337-704437248181
email.perkspot.com/	1970-01-20 02:00:47	Name: ps_sid Value: 311befc4-3254-4e9d-8337-704437248181
.walgreens.perkspot.com/	1970-01-20 02:00:49	Name: TiPMix Value: 48.3220600748072
.walgreens.perkspot.com/	1970-01-20 02:00:49	Name: x-ms-routing-name Value: self
.perkspot.com/	1970-01-20 10:46:22	Name: perkspot-auth Value: {"accessToken":{"authenticationMode":0,"value":null,"expiration":"0001-01-01T00:00:00+00:00","isExpired":true},"refreshToken":null,"clientId":null,"userId":26743991,"userSystemId":"1108a752-8cc9-4dbb-bd03-d19015095d0e"}
walgreens.perkspot.com/	1970-01-20 02:00:47	Name: SessionHolder Value: dd613d8c-e6c3-4c82-9e8c-46bca1759b2b
walgreens.perkspot.com/	1970-01-20 02:00:47	Name: ps_sid Value: dd613d8c-e6c3-4c82-9e8c-46bca1759b2b
.myfonts.net/	1970-01-20 02:00:48	Name: __cf_bm Value: 2AEc6HnY.DKLOFOmohy4aSmAxdvPfc7EP2ngMEMpN.I-1648846266-0-AaF/VYFTxDTq9kt/wfHdaXRfZfgFZMHDgoe4Ekoqu1IKnsvK/pvuZAABbOJmIe8QX5XRLUiFx+/9ccoLDiMFnP0=
.walgreens.perkspot.com/	1970-01-20 19:31:58	Name: __utma Value: 196031274.794515305.1648846267.1648846267.1648846267.1
.walgreens.perkspot.com/	1969-12-31 23:59:59	Name: __utmc Value: 196031274
.walgreens.perkspot.com/	1970-01-20 06:23:34	Name: __utmz Value: 196031274.1648846267.1.1.utmcid=weeklyblast\|utmccn=(not%20set)\|utmcmd=email
.walgreens.perkspot.com/	1970-01-20 02:00:46	Name: __utmt Value: 1
.walgreens.perkspot.com/	1970-01-20 02:00:48	Name: __utmb Value: 196031274.1.10.1648846267
.perkspot.com/	1970-01-20 04:10:22	Name: _gcl_au Value: 1.1.1990526016.1648846267
.walgreens.perkspot.com/	1970-01-20 19:31:58	Name: _ga Value: GA1.3.794515305.1648846267
.walgreens.perkspot.com/	1970-01-20 02:02:12	Name: _gid Value: GA1.3.450164611.1648846267
.perkspot.com/	1970-01-20 19:31:58	Name: _ga Value: GA1.1.794515305.1648846267
walgreens.perkspot.com/	1970-01-20 10:46:22	Name: ai_user Value: cf5iv0umQtS5kkfWlbRa4y\|2022-04-01T20:51:07.195Z
.walgreens.perkspot.com/	1970-01-20 02:00:46	Name: _dc_gtm_UA-652375-6 Value: 1
walgreens.perkspot.com/	1970-01-20 02:00:48	Name: ai_session Value: CgcmH26e4itlUXCaE8PeTT\|1648846267262\|1648846267262
.perkspot.com/	1970-01-20 11:28:43	Name: _hp2_props.1214792821 Value: %7B%22CommunityId%22%3A405%2C%22StatusId%22%3A2%7D
walgreens.perkspot.com/	1970-01-20 02:00:48	Name: sailthru_pageviews Value: 2
.perkspot.com/	1970-01-20 11:28:43	Name: _hp2_id.1214792821 Value: %7B%22userId%22%3A%228566430518393329%22%2C%22pageviewId%22%3A%228525280637679062%22%2C%22sessionId%22%3A%222370300631419418%22%2C%22identity%22%3A%2226743991%22%2C%22trackerVersion%22%3A%224.0%22%2C%22identityField%22%3Anull%2C%22isIdentified%22%3A1%7D
walgreens.perkspot.com/	1970-01-20 10:46:22	Name: sailthru_content Value: f5fd89d518446b86c2559aa6aed1d7af
walgreens.perkspot.com/	1970-01-20 10:46:22	Name: sailthru_visitor Value: 292f9d8d-577b-492a-ae9d-86e73d3012ed
.perkspot.com/	1970-01-20 02:00:48	Name: _hp2_ses_props.1214792821 Value: %7B%22um%22%3A%22email%22%2C%22ts%22%3A1648846267452%2C%22d%22%3A%22walgreens.perkspot.com%22%2C%22h%22%3A%22%2Foffer%2F1431609%2Fnone%22%2C%22q%22%3A%22%3Futm_medium%3Demail%26utm_id%3Dweeklyblast%22%7D
widget-mediator.zopim.com/	1970-01-20 02:10:51	Name: AWSALBCORS Value: D6w4nJHmyGu5dcW1Kzs6JsPTJEcgwn+ZRyK6kfq5RKSQJCykl0WdWVI2AYhW01Udxqrqssi+OOm6Cti9lXf61FzIxqKNrGJGwBge1426c544t9NW/DCzZWEoADUG
.perkspot.com/	1970-01-20 10:46:22	Name: __zlcmid Value: 19Hkosx0yjd2BPz
.dotomi.com/	1970-01-20 11:28:07	Name: cjae Value: iejLmzyiD0VC
.dotomi.com/	1970-01-20 11:28:07	Name: DotomiUser Value: 400204597785844356$0$1
.dotomi.com/	1970-01-20 11:28:07	Name: LCLK Value: cjo!x2pz-dwo7eea
.emjcd.com/	1970-01-20 11:28:07	Name: S Value: 400204597785844356:iejLmzyiD0VC
.emjcd.com/	1970-01-20 11:28:07	Name: LCLK Value: cjo!x2pz-dwo7eea
.perkspot.com/	1970-01-20 19:31:58	Name: _ga_8J161FED5Z Value: GS1.1.1648846267.1.0.1648846269.0
.firstleaf.club/	1970-01-20 04:10:22	Name: _gcl_au Value: 1.1.785065410.1648846271
.bing.com/	1970-01-20 11:22:22	Name: MUID Value: 3E90B021DBAD627835A3A158DAC6634E
.doubleclick.net/	1970-01-20 11:22:22	Name: IDE Value: AHWqTUnWiPPEUAM9bBR_pgfYtWI5mP_obsEcpiLf3AjrW8yNvWSmddB-LMiKzZh21tw

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors *.perkspot.com
X-Content-Security-Policy	frame-ancestors *.perkspot.com
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11295779.fls.doubleclick.net
aa.trkn.us
adservice.google.com
ak.sail-horizon.com
analytics.twitter.com
anthill.instapage.com
api.sail-personalize.com
assets.zendesk.com
az416426.vo.msecnd.net
bat.bing.com
cdn.heapanalytics.com
cdn.instapagemetrics.com
cdn.rollbar.com
cdn1-res.sundaysky.com
cj.dotomi.com
cloud.typography.com
connect.facebook.net
d1hdjv7b05hja2.cloudfront.net
d38xvr37kwwhcm.cloudfront.net
dc.services.visualstudio.com
ekr.zdassets.com
email.perkspot.com
fonts.googleapis.com
fonts.gstatic.com
g.fastcdn.co
googleads.g.doubleclick.net
heapanalytics.com
heatmap-events-collector.instapage.com
hello.myfonts.net
init.blackcrow.ai
js.go2sdk.com
k.clarity.ms
page.firstleaf.club
perkspot.zendesk.com
psprods3ep.azureedge.net
rbv9j7km.firstleaf.club
s.pinimg.com
sailthru.perkspot.com
sc-static.net
static.ads-twitter.com
static.cloudflareinsights.com
static.zdassets.com
stats.g.doubleclick.net
t.co
trkn.us
v.fastcdn.co
walgreens.perkspot.com
www.emjcd.com
www.firstleaf.club
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.jdoqocy.com
www.kind-loving-strawberry.com
analytics.twitter.com
anthill.instapage.com
k.clarity.ms
rbv9j7km.firstleaf.club
t.co
trkn.us
www.google-analytics.com
104.16.53.111
104.18.70.113
104.18.72.113
104.92.74.173
104.92.92.80
108.138.7.93
108.157.5.251
13.32.121.41
13.32.99.9
13.69.106.89
142.250.185.226
142.250.185.230
168.62.244.248
18.64.115.56
199.232.136.157
2600:9000:20d7:be00:b:dc44:3680:21
2600:9000:223f:5200:15:decf:f580:21
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:4700:10::6816:2be0
2606:4700:440e::6812:2fe6
2606:4700::6811:f349
2606:4700::6812:318
2606:4700::6812:9e3
2620:1ec:bdf::44
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:829::2003
2a00:1450:4001:830::200a
2a00:1450:4001:831::2008
2a00:1450:400c:c1b::9c
2a02:26f0:7100:18e::1931
2a03:2880:f02d:12:face:b00c:0:3
3.213.41.181
3.226.166.212
34.120.27.38
35.222.120.150
35.244.137.202
89.207.16.72
99.83.154.140
99.84.158.11
99.86.113.64
03666829b209fdd936bcbb7429efce57d6b0ab7f3a3fb74710137dbaf284709f
04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c
058077732f7d331b041540d0a01ef7d72d977a7895da466d515e0348b07ab54d
0c3ab2c0c9ac9ded9d521617e90699c430dfd6b22c4a857afab23bab216f9916
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
1523a004df491d0f20d413bb4a23f5ca97fdfb17fe3d29ab571c822bff407bb8
255733aa26ecbe1a2608fc086d6b510fafce3647ad1ddf22392c390a1306e640
36eed064633c78512850999baf67675aa901c854e40a141a94fba555d312eedf
40f2d552c0db3ead874ec52bf624d9ec88007d8b659cd7189fecc3ff19d3d248
42ae1eb8cc55b4e2382e02323c96a40e80432d3e810bce85f10c75ddacbd2e2b
494c930541fbc70c38fdfc729200fa32feab910a67d1132062add8519e69280a
49f9413fd8c892755d42514aa696d6237a9fa17ceed0d73a42784447d84d8078
4c0088d08089d4ecfd95333d9db3b56ac6a3b9af2374e083680b39391f7a75ca
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e1d260bfc590fcd88b7d0897f9bde5a8191eefe40615ee35eabc285aaf61127
4e84aedfed78c5ba5dadb039b4864c556534f68acc513a9d2ff2871fa9bce020
53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407
589ac21ac5bc519525e3cbefa2c11586e687584a5e603ef6bdad879b82f16aae
60035f8d3292fc0b3155089baabc76fce2178f8d104ef606e4e31cbe0a2803b2
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
65e4d18477e0e194ae2b3848fe053621a40508eeb817ab8c832b8005edd2c6af
6922dedeefd6111962cf4a6bef17145ce2a9fda6081bd04acf71f100c9a85749
7160bf300aedb0d16945e3ee5e15851ac0f21c571e2d4632e121eb6f1ab1d9aa
746801e81f62e92a886d8ddd2166ddc7f6cbf15e7ebd653f9005f188315ecf51
76e71ed72e054dbe4cd97c84a89a38a2ddd333b9fdf42d69844fef0f518afab9
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
788f86e987a73df682f581a2c83ac12987beb4c373d0aef1d54e6cd1bee3624d
79990ca8962ccf1d3948a73a50bcdc3d4a671ecc49c2f59f2db84cf7c7b552a6
7a58cec4842503db6949177b80ece47d5f5aba937676400675bfea596bc7492b
7ab78f93643518cef1096cfc0cea5888a5b76431331a2cf697957a218295a88b
7ddcb58132fd471f416950300b932930d367500c3c9f0c2b1e01c0d80f93c293
7e7c84efcf8e336f390d7a51a24cba3873782769b33470b31d2cef95b2f01cee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
853d7ef6b54d838c009d01e4857b499d7ec4f71f6fced1e2e3c463fd393ccb29
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
871a395274807a496ca51c603b7320eca9fc11a7949c0df992be96f29dcb7211
872eba15c255252e9e9f909be31972136a84b028162d13435d4175fd7575ebea
89eed5e467769c906b587908e2ae01fc01cec709c7f7b620b2ccd02852b28d2a
8c3421df03d44b5d9ee6bcf4bccc63f812a00adc11a7ccaf9abc51eb394afd1a
8e90f40c2498772e7159835ee29733b3cfbb8a86fc537dc4bef5edb69eeaea8a
8f1d6d4cc75e4aa9496b424cd30b080acfdc983a42910afcd0069560cf2b11d4
8fd017b0f3d31ccfa303e0ef2d05fd68c69823bcbdb640f7f019a13f8a2e743c
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
94c6483dadce933e499cc7f0a7cbd22d2565bbaf160f19086d55bd2e2df69f7b
95485d7a237619eb6a05c4e0513a3ab33ab1cf3d782d0f222464fa00cba8c45c
95bdb8a3cd90e91621c9e68d4b157dd7fedab021ee89e9e173d17f93f0f03305
9616865a4344d7bd7631fb93925d422d89ea1db93bc52f9d217354841c2bdf3a
9654ce268ddf99f0715db898247f15e1a75a8d83c2cf23c87ab4cc820f9839f4
966c577d8c64cc8e8e188e59481d3598a186c7f29bcc29ecebaab3355d1b93b3
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
98753a47a585b364d46318037a18c5525261dd84fd2075c78ccd06650d660e7a
99aeb70a4dd2f63436785c821aca7ac0565eae70ad93fee876e79b8014943731
9f0fab72c8a1fea1df1d6c5d128115031a8c44ccbc7f37e314acee6acb98779b
9f4331078abd467835bcf0b2367872f497045d37ebfb32fe7d9f82cf6843d282
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6cd361fc4dd2ddf8db6c3ea7d3e8e62d38832bd9336e595aafa4abcd024b1ce
ab6686990749c593db6ef1357f3c8c5030b5b2c79bd6750c8282c5b62dd2e200
b35d3e897a1a8f22d150d817221e7f2e67a389e78700951288ddd39622bc26b4
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb65fea2b7e20a93b4c7ea1d7ac6c9a189641dad2445f9929d6c38afafbcb8e0
bdeda331b720b33bf5b8bc88d52d16a1c40da840b41f4692e3ed70253fed9486
be5b5141456b2b6b10ebfbb4a9f686eb68871f65186c39ffade85cfd84ccda4f
c77d5979a9eb0e45bd243053b0724ea63b2d3381a0b43a3ec80ad58df66cf781
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
cca8ce472cbf8c44acf7ac24067c2d6075acd1e0cd4c9003de6055289ac5c68a
d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf
d1ae643ca558d78642160bd62f18692a1afa42c41b17d42b6dc1bc33888f20ef
d3c788a6469d3de15f844df644f328c04c222d1f34cf29850bcda1386da0fd56
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
d9aeeae782fdde78411155839930b81c16fa4154002c1573462fa61806910409
dc1708ac299032b5ad6ee01fe199b5a82674fb04c3780afbf0150a54d1764ee7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46191b005afa346ea83b35c255c44e57a365b80f6413e93e94d49d82329ff4b
e9a0877314d4fa830de499cb7b51fd58c95df2004547cdedc42d55d546cdec5a
ea4e6f927b6e2c5fbb7e13bb482f491a43f09ee06af6aa54e9c8122a9c51900e
eaa9014e20caa4f72b45bea431741bdd91a428c952dc8dc50049dda90f444afc
eee2bc6e4edf311a6a0337c339dbd85d0d8d4040b25e390ab18237e2fa84f1c9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e
f2f087eac841d5433c3c3fa9ea481b474ff8370b9d9eec1ace18f0300a76ffd8
f4769b41850b3447078340a01bff92d5f18e37f667c9b6d273bdb0c1fccbcdbc
f5737dd842ce630392146b7fbde4ec1ac50e9cc436fae3627d09925237f48f12
f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70
f975e6b7d7f05e2dc2dea38b8b7b7bdc35dfebc93c9f15f763a3326db8713e95
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fdf5dfab742b9d6c8c626174cd7e8899d2350d3ada34202ad6f3e87dadabb36c
feb5a95f889fd1ecdabaab0aece26b232bdb83017971c4636dce99105898f318

page.firstleaf.club Open in urlscan Pro 2606:4700:10::6816:2be0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

129 Requests

91 %HTTPS

47 %IPv6

42 Domains

56 Subdomains

43 IPs

5 Countries

3225 kBTransfer

8845 kBSize

42 Cookies

0 Outgoing links

Page URL History

Redirected requests

129 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

page.firstleaf.club Open in urlscan Pro
2606:4700:10::6816:2be0 Public Scan

Screenshot
Live screenshot

Full Image

129
Requests

91 %
HTTPS

47 %
IPv6

42
Domains

56
Subdomains

43
IPs

5
Countries

3225 kB
Transfer

8845 kB
Size

42
Cookies

129 HTTP transactions
3 data transactions