urlscan.io logo urlscan.io
SecurityTrails logo

offer.fevo.com Open in urlscan Pro
54.85.220.244  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.go.attcenter.com/e/er?utm_campaign=Citi*20Offer*20*28Nancy*29&utm_medium=email&utm_source=Eloqua&s=602383747&lid=...
Effective URL: https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
Submission: On September 01 via manual from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 3 countries across 17 domains to perform 77 HTTP transactions. The main IP is 54.85.220.244, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is offer.fevo.com.
TLS certificate: Issued by R3 on August 27th 2021. Valid for: 3 months.
This is the only time offer.fevo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 142.0.160.54 7160 (NETDYNAMICS)
1 1 67.199.248.13 396982 (GOOGLE-PR...)
15 54.85.220.244 14618 (AMAZON-AES)
6 52.216.105.229 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
6 151.101.12.176 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a03:2880:f01... 32934 (FACEBOOK)
2 2a03:2880:f12... 32934 (FACEBOOK)
2 2a03:2880:f11... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 151.101.14.217 54113 (FASTLY)
4 35.201.81.77 15169 (GOOGLE)
12 204.236.254.0 14618 (AMAZON-AES)
2 34.215.192.98 16509 (AMAZON-02)
2 107.23.169.222 14618 (AMAZON-AES)
2 54.90.64.222 14618 (AMAZON-AES)
77 20
1    142.0.160.54 (Ashburn, United States)

ASN7160 (NETDYNAMICS, US)
app.go.attcenter.com
1    67.199.248.13 (United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: cname.bitly.com
fevo.me
15    54.85.220.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-220-244.compute-1.amazonaws.com
offer.fevo.com
6    52.216.105.229 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com
2    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
6    151.101.12.176 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js.stripe.com
m.stripe.network
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2a00:1450:400c:c09::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    151.101.14.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
app.launchdarkly.com
4    35.201.81.77 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 77.81.201.35.bc.googleusercontent.com
api.rollbar.com
12    204.236.254.0 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-204-236-254-0.compute-1.amazonaws.com
gtw-customer.offer.fevo.com
2    34.215.192.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-192-98.us-west-2.compute.amazonaws.com
m.stripe.com
2    107.23.169.222 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-169-222.compute-1.amazonaws.com
events.launchdarkly.com
2    54.90.64.222 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-64-222.compute-1.amazonaws.com
event-collection.fevo.com
Domain Requested by
15 offer.fevo.com offer.fevo.com
12 gtw-customer.offer.fevo.com cdnjs.cloudflare.com
6 www.google-analytics.com www.googletagmanager.com
cdnjs.cloudflare.com
www.google-analytics.com
6 s3.amazonaws.com offer.fevo.com
4 api.rollbar.com cdnjs.cloudflare.com
4 stats.g.doubleclick.net cdnjs.cloudflare.com
4 www.facebook.com offer.fevo.com
4 connect.facebook.net offer.fevo.com
connect.facebook.net
4 js.stripe.com offer.fevo.com
js.stripe.com
2 event-collection.fevo.com cdnjs.cloudflare.com
2 events.launchdarkly.com cdnjs.cloudflare.com
2 m.stripe.com m.stripe.network
2 m.stripe.network js.stripe.com
m.stripe.network
2 app.launchdarkly.com cdnjs.cloudflare.com
2 www.google.de offer.fevo.com
2 www.google.com offer.fevo.com
2 www.youtube.com offer.fevo.com
www.youtube.com
1 www.googletagmanager.com offer.fevo.com
1 cdnjs.cloudflare.com offer.fevo.com
1 fevo.me 1 redirects
1 app.go.attcenter.com 1 redirects
77 21

This site contains no links.

Subject Issuer Validity Valid
offer.fevo.com
R3		 2021-08-27 -
2021-11-25		 3 months crt.sh
s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2021-06-23 -
2022-07-24		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2021-07-09 -
2021-11-03		 4 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-07-20 -
2021-10-18		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
app.launchdarkly.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
api.rollbar.com
DigiCert SHA2 Secure Server CA		 2020-07-13 -
2022-07-27		 2 years crt.sh
gtw-customer.offer.fevo.com
R3		 2021-08-27 -
2021-11-25		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-13 -
2021-11-03		 4 months crt.sh
events.launchdarkly.com
Amazon		 2020-10-19 -
2021-11-17		 a year crt.sh
*.fevo.com
Amazon		 2020-11-14 -
2021-12-13		 a year crt.sh

This page contains 6 frames:

Primary Page: https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
Frame ID: 853FAC1E8DC73CD0BD34BF1F37192B10
Requests: 5 HTTP requests in this frame

Frame: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Frame ID: DCC9468BB18E1B1F1A9FBC6C78A2D427
Requests: 46 HTTP requests in this frame

Frame: https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2
Frame ID: FF0A4C280A64CA2670A0DF04C898FAC6
Requests: 8 HTTP requests in this frame

Frame: https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Foffer.fevo.com&stripe_xdm_c=default762586&stripe_xdm_p=1
Frame ID: 21F47CF40405B8EA9B2ABF5DE9CC3BB4
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v2/m/outer.html
Frame ID: 4CD0D9C6C9FBD969118B72BA143B8C56
Requests: 1 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: BC02142B2C99395BD6CE15197D2F4D6C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Citi Employee Perks - Spurs Discount Tickets

Page URL History Show full URLs

  1. http://app.go.attcenter.com/e/er?utm_campaign=Citi*20Offer*20*28Nancy*29&utm_medium=email&utm_source=Elo... HTTP 302
    https://fevo.me/citi?utm_campaign=Citi%2A20Offer%2A20%2A28Nancy%2A29&utm_medium=email&utm_so... HTTP 302
    https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

77
Requests

100 %
HTTPS

50 %
IPv6

17
Domains

21
Subdomains

20
IPs

3
Countries

2064 kB
Transfer

6349 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.go.attcenter.com/e/er?utm_campaign=Citi*20Offer*20*28Nancy*29&utm_medium=email&utm_source=Eloqua&s=602383747&lid=5095&elqTrackId=4efed6e114f7459e9d8732fdffcbcd59&elq=bfdd07d9d77a4a99b766ff2c9ba61b66&elqaid=8819&elqat=1 HTTP 302
    https://fevo.me/citi?utm_campaign=Citi%2A20Offer%2A20%2A28Nancy%2A29&utm_medium=email&utm_source=Eloqua HTTP 302
    https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

77 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request citi-employee-perks-spurs-discount-tickets--5b33fb2
offer.fevo.com/
Redirect Chain
  • http://app.go.attcenter.com/e/er?utm_campaign=Citi*20Offer*20*28Nancy*29&utm_medium=email&utm_source=Eloqua&s=602383747&lid=5095&elqTrackId=4efed6e114f7459e9d8732fdffcbcd59&elq=bfdd07d9d77a4a99b766...
  • https://fevo.me/citi?utm_campaign=Citi%2A20Offer%2A20%2A28Nancy%2A29&utm_medium=email&utm_source=Eloqua
  • https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
52db8b84be561a11875eab250c7a6992be06245cbcc92a68e9a64d6f666a5371
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' offer.fevo.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js; img-src 'self' https://s3.amazonaws.com https://s.ytimg.com https://i.ytimg.com/; style-src 'self' 'unsafe-inline' offer.fevo.com; font-src https://s3.amazonaws.com; manifest-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
offer.fevo.com
:scheme
https
:path
/citi-employee-perks-spurs-discount-tickets--5b33fb2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:42 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=15724800; includeSubDomains
x-powered-by
Express
x-fevo-launch-darkly-user
{"key":"f310e12f-9904-4623-b713-30f78322e62d","anonymous":true}
content-security-policy
default-src 'self'; frame-src 'self' offer.fevo.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js; img-src 'self' https://s3.amazonaws.com https://s.ytimg.com https://i.ytimg.com/; style-src 'self' 'unsafe-inline' offer.fevo.com; font-src https://s3.amazonaws.com; manifest-src 'self'
etag
W/"802-3N/dZxR+Dc31nnYTKmoKhhd97as"
content-encoding
gzip

Redirect headers

cache-control
private, max-age=90
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Wed, 01 Sep 2021 08:04:42 GMT
location
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
referrer-policy
unsafe-url
server
nginx
set-cookie
_bit=l8184G-ecf49516968a980beb-002; Domain=fevo.me; Expires=Mon, 28 Feb 2022 08:04:42 GMT
content-length
161
typefaces.css
offer.fevo.com/ 		4 KB
770 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/typefaces.css
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
bfd3c968e90f5b8797eaa53b8c16d3d1973397e26b74d1c0d4d9f0f6627f1860
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/typefaces.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
offer.fevo.com
referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:42 GMT
content-encoding
gzip
etag
W/"11fa-17a87e16ec0"
last-modified
Thu, 08 Jul 2021 20:48:56 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
fevo.js
offer.fevo.com/js/ 		100 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/js/fevo.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
8f1e3ee7580719afe5e2edf2a48ffa0e1e57cb9c00edbd40da97320293f9117a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/js/fevo.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
offer.fevo.com
referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:42 GMT
content-encoding
gzip
etag
W/"18e13-17a87e235f8"
last-modified
Thu, 08 Jul 2021 20:49:47 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
2561DB5CFB37AFDD8F262368C6DCAB4F
s3.amazonaws.com/fevo/www/media/ 		125 KB
126 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.amazonaws.com/fevo/www/media/2561DB5CFB37AFDD8F262368C6DCAB4F
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.105.229 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
163420ae94753a91c02bb038ad5d20ea6e51cecf2f36edd9cbcefdcb3c32181b

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 01 Sep 2021 08:04:44 GMT
Last-Modified
Mon, 23 Aug 2021 17:14:07 GMT
Server
AmazonS3
x-amz-request-id
377MXM5NTTZJ1FGN
ETag
"2561db5cfb37afdd8f262368c6dcab4f"
Content-Type
image/png
x-amz-version-id
JEf_SDqj_zUzCjVX_sABHs4Byjvnj18R
Accept-Ranges
bytes
Content-Length
128107
x-amz-id-2
cmsqYpHy/9E0kpTBgvd2vhZf5LWZfrjIzoO6GUP8aLCStdkNJstMxI3P+Q0wJn5JPHZsq+K+2O8=
fevo.css
offer.fevo.com/ 		1 KB
704 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/fevo.css
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/js/fevo.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
deed8036f882095f96e8342f1c870c66a36c91a27b33b4729b860978d3402220
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/fevo.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
offer.fevo.com
referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
gzip
etag
W/"429-17a87e16ec0"
last-modified
Thu, 08 Jul 2021 20:48:56 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
iframe-bundle
offer.fevo.com/api/ Frame DCC9 		1 KB
928 B 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/api/iframe-bundle
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/js/fevo.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
1e15b2c978ff367e70d0dc801af0a91ba0446b96a955740d9eab13f686e95b6f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
offer.fevo.com
:scheme
https
:path
/api/iframe-bundle
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:43 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=15724800; includeSubDomains
x-powered-by
Express
x-fevo-launch-darkly-user
{"key":"2a4723a5-36e6-4335-8992-2e180594b1e7","anonymous":true}
etag
W/"5bb-qmllcYRh+WlC3Mcl8V4N8uoR67s"
content-encoding
gzip
typefaces.css
offer.fevo.com/ Frame DCC9 		4 KB
770 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/typefaces.css
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe-bundle
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
bfd3c968e90f5b8797eaa53b8c16d3d1973397e26b74d1c0d4d9f0f6627f1860
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/typefaces.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
offer.fevo.com
referer
https://offer.fevo.com/api/iframe-bundle
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/api/iframe-bundle
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
gzip
etag
W/"11fa-17a87e16ec0"
last-modified
Thu, 08 Jul 2021 20:48:56 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
vendor.f0fbc60e.js
offer.fevo.com/js/ Frame DCC9 		1 MB
401 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/js/vendor.f0fbc60e.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe-bundle
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
fc6ca80bf786ee789a4dc30fd2e9215981f58884cf9facc505f8f2b8588ee628
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/js/vendor.f0fbc60e.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
offer.fevo.com
referer
https://offer.fevo.com/api/iframe-bundle
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/api/iframe-bundle
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
gzip
etag
W/"1555bf-17a87e235f8"
last-modified
Thu, 08 Jul 2021 20:49:47 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
main.2a2f7c54.js
offer.fevo.com/js/ Frame DCC9 		728 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/js/main.2a2f7c54.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe-bundle
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
f6654845c9946f4d925a2a29b5f6862159d27c6b2edc8fdfea937b5c46d386c6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/js/main.2a2f7c54.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
offer.fevo.com
referer
https://offer.fevo.com/api/iframe-bundle
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/api/iframe-bundle
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
gzip
etag
W/"b5f85-17a87e235f8"
last-modified
Thu, 08 Jul 2021 20:49:47 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
citi-employee-perks-spurs-discount-tickets--5b33fb2
offer.fevo.com/api/iframe/ Frame DCC9 		15 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/js/fevo.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
ef5165ffc886b8f9156d010901ad3ea01053d7e5bbfd43c26cc40948e2df8f7f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' https://api.stripe.com *.fevo.com app.launchdarkly.com events.launchdarkly.com api.rollbar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://fevo-sandbox-blocks-avenecandangsbr.s3.amazonaws.com https://fevo-sandbox-offers.s3.amazonaws.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.youtube.com https://www.googletagmanager.com/gtm.js https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js https://connect.facebook.net/en_US/sdk.js https://www.google-analytics.com https://fevo-sandbox-sdk-ronernordangest.s3.amazonaws.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/; img-src * data:; style-src 'self' 'unsafe-inline'; font-src https://s3.amazonaws.com; manifest-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
offer.fevo.com
:scheme
https
:path
/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:43 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=15724800; includeSubDomains
x-powered-by
Express
x-fevo-launch-darkly-user
{"key":"55467a19-8381-4bc8-a2a0-e5a54b391314","custom":{"vendorId":"ccc5911b-ec6c-4014-98a3-d2fef211c1bc","offerPageUri":"citi-employee-perks-spurs-discount-tickets--5b33fb2"},"anonymous":false}
content-security-policy
default-src 'none'; connect-src 'self' https://api.stripe.com *.fevo.com app.launchdarkly.com events.launchdarkly.com api.rollbar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://fevo-sandbox-blocks-avenecandangsbr.s3.amazonaws.com https://fevo-sandbox-offers.s3.amazonaws.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.youtube.com https://www.googletagmanager.com/gtm.js https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js https://connect.facebook.net/en_US/sdk.js https://www.google-analytics.com https://fevo-sandbox-sdk-ronernordangest.s3.amazonaws.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/; img-src * data:; style-src 'self' 'unsafe-inline'; font-src https://s3.amazonaws.com; manifest-src 'self'
etag
W/"3ad0-HCG4YXyw5/GwtvLFO+WYYe8pxL8"
content-encoding
gzip
typefaces.css
offer.fevo.com/ Frame DCC9 		4 KB
770 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/typefaces.css
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
bfd3c968e90f5b8797eaa53b8c16d3d1973397e26b74d1c0d4d9f0f6627f1860
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/typefaces.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
offer.fevo.com
referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
gzip
etag
W/"11fa-17a87e16ec0"
last-modified
Thu, 08 Jul 2021 20:48:56 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
iframe_api
www.youtube.com/ Frame DCC9 		980 B
826 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
40841a8dc7def7f4b4d244c9c2a6b8a12bdea81cc5b2aa3afa277011d52cb998
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
br
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cache-control
private, max-age=0
permissions-policy
ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
content-type
text/javascript; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
ESF
expires
Wed, 01 Sep 2021 08:04:43 GMT
/
js.stripe.com/v2/ Frame DCC9 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0f831be9ee5da767fe9a4f425a53e843fef1d73bf52cb48becb6644ec7b73dc
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:47 GMT
content-encoding
br
vary
Accept-Encoding
age
77
via
1.1 varnish
x-cache
HIT
content-length
19861
x-amz-id-2
0r/nzIBZh13UtiMlqYzLO10amdQAvcuhb6XBiQ2XdfrtYYuGCCdExwNfphYSSGvPwEZ3whSOHns=
x-served-by
cache-fra19148-FRA
timing-allow-origin
*
last-modified
Mon, 16 Aug 2021 18:28:38 GMT
server
AmazonS3
etag
"9aa0f060e9dc287fa15cf0f0d2a136b9"
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
997TW32ZN9H11VS3
access-control-allow-origin
*
cache-control
public, max-age=300
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
6
vendor.f0fbc60e.js
offer.fevo.com/js/ Frame DCC9 		1 MB
401 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/js/vendor.f0fbc60e.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
fc6ca80bf786ee789a4dc30fd2e9215981f58884cf9facc505f8f2b8588ee628
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/js/vendor.f0fbc60e.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
offer.fevo.com
referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
gzip
etag
W/"1555bf-17a87e235f8"
last-modified
Thu, 08 Jul 2021 20:49:47 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
main.2a2f7c54.js
offer.fevo.com/js/ Frame DCC9 		728 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/js/main.2a2f7c54.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
f6654845c9946f4d925a2a29b5f6862159d27c6b2edc8fdfea937b5c46d386c6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/js/main.2a2f7c54.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
offer.fevo.com
referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:43 GMT
content-encoding
gzip
etag
W/"b5f85-17a87e235f8"
last-modified
Thu, 08 Jul 2021 20:49:47 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
rollbar.min.js
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/ Frame DCC9 		61 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75f09cdb1afc52188793ccef9e5e2f4d639b5005d6c8fc95ebed8c8c1abc5289
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
https://offer.fevo.com
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:44 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2211912
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
17188
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:16:01 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fc1-f5fc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rKS5pSUEhEudkadtjH%2BReGXUvRUPb3Kqp9ZgEs8AU4GODyf0W8hVwjLrpGsxGHsy%2Bw%2BT%2FdLh%2BKuX1RcjDgRMkEyMM1ZlvbsKkJuhK2BnRwV9J6%2FyqfTn4FOrLlGGj%2FMLtn6Ev3oxV73%2BJJT1Bu2vF6ip"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
687cfd4f1a1c5b32-FRA
expires
Mon, 22 Aug 2022 08:04:44 GMT
gtm.js
www.googletagmanager.com/ Frame DCC9 		189 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TMFP2W8
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ee5f0eec7f726efb090bf2ca4ade38a3df67fc6ee9437c25a27a6f426c795793
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:44 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58117
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 01 Sep 2021 08:04:44 GMT
sdk.js
connect.facebook.net/en_US/ Frame DCC9 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c35cc7c6ccc619820d7b425697acce0ddc84b58065a1a68e88fa16c1721cb4da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
K74DIj56kJwgYF+hiL0tAg==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
X31cWrhhPGJO5fyrGiW4FzTh7S4MIWfEaF3IltkrGkFzZgqU8bETssVZpuEXvBAP1n/mqW8OCfCsyk6yIUyUcQ==
x-fb-trip-id
686109401
x-fb-content-md5
f11ec6ae75d097e3ac16b674e0d22701
x-frame-options
DENY
date
Wed, 01 Sep 2021 08:04:44 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"a9b1da942577f887704ea0b2c676c858"
timing-allow-origin
*
expires
Wed, 01 Sep 2021 08:09:37 GMT
www-widgetapi.js
www.youtube.com/s/player/c29c59cf/www-widgetapi.vflset/ Frame DCC9 		126 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/c29c59cf/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2cb0e21586aab89dedae3cdcff8594ef93fc266f980908b986c25de72790655e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 07:15:05 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 30 Aug 2021 00:16:12 GMT
server
sffe
age
2979
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42890
x-xss-protection
0
expires
Thu, 01 Sep 2022 07:15:05 GMT
citi-employee-perks-spurs-discount-tickets--5b33fb2
offer.fevo.com/thirdPartyPixels/ Frame FF0A 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
29638598f373f2b68efaf61939e64e8ef8339ad7126828f6451e8d9c77f51170
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
offer.fevo.com
:scheme
https
:path
/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:44 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=15724800; includeSubDomains
x-powered-by
Express
x-fevo-launch-darkly-user
{"key":"63ec7458-28c3-412a-83cd-91fe0d5f2691","anonymous":true}
etag
W/"ef4-ZrARAsLRiFoj2DslMUwo8GRUhcQ"
content-encoding
gzip
sdk.js
connect.facebook.net/en_US/ Frame DCC9 		223 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=085314da240057aa75df6da8509bbaae
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
53703adedfb180631fcabb3a3229afe95a430dd9017255775e4590629ea82af3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://offer.fevo.com
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
2jEhoOpk+AN4SyN+gKAwHQ==
cross-origin-resource-policy
cross-origin
expires
Thu, 01 Sep 2022 07:20:47 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
67020
x-fb-rlafr
0
x-fb-debug
GssM5sSeC5hI64uf0d1WGt2kLeyKYv/gNzsewIh6Q3M5uYDaDAJwjAneSqazQ8a1jVFnCy/iMc+c7+5WDX6Kjg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
d041d92d011ac004ae83eb9c83654c2f
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 01 Sep 2021 08:04:44 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"3fc52c9b135c1f9c87f4e76d2f393ccf"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
/
www.facebook.com/tr/ Frame DCC9 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=442862642887310&ev=fb_page_view&dl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&rl=https%3A%2F%2Foffer.fevo.com%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&if=true&ts=1630483484177&sw=1600&sh=1200&at=
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:44 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 01 Sep 2021 08:04:44 GMT
typefaces.css
offer.fevo.com/ Frame FF0A 		4 KB
781 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/typefaces.css
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
bfd3c968e90f5b8797eaa53b8c16d3d1973397e26b74d1c0d4d9f0f6627f1860
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/typefaces.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
offer.fevo.com
referer
https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:44 GMT
content-encoding
gzip
etag
W/"11fa-17a87e16ec0"
last-modified
Thu, 08 Jul 2021 20:48:56 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
pixels.bf3435a8.js
offer.fevo.com/js/ Frame FF0A 		269 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offer.fevo.com/js/pixels.bf3435a8.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.85.220.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-220-244.compute-1.amazonaws.com
Software
openresty/1.15.8.2 / Express
Resource Hash
7238bf9f012bdf3eb7739001baf5d25da6c9d25eb0ff399d899183ce984ee7c7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/js/pixels.bf3435a8.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
offer.fevo.com
referer
https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:44 GMT
content-encoding
gzip
etag
W/"433af-17a87e235f8"
last-modified
Thu, 08 Jul 2021 20:49:47 GMT
server
openresty/1.15.8.2
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
must-revalidate, max-age=60s
strict-transport-security
max-age=15724800; includeSubDomains
fbevents.js
connect.facebook.net/en_US/ Frame FF0A 		99 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
25999
x-xss-protection
0
pragma
public
x-fb-debug
bLyKXOvMIJyB/jvEAqjY8thyG0ZdPTJktOY783HFFDGmsQrk6tCZv6nHwrPoP3Q2ty6ak4kbXrVPPdIO+5eytA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 01 Sep 2021 08:04:44 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
564876704056121
connect.facebook.net/signals/config/ Frame FF0A 		306 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/564876704056121?v=2.9.45&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2d72f480228fbabc71a630a5f5fb8a15d29a9b883cec71a8605f9c7b699c94a5
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
evO6kdGMZAVfq3iNxS1LwR85OSlBW4gnqrLtPJR2pTxt/ADH6CaBrsqY1inG7NiOdL99RGV6Nek0CF7mGSDxxg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 01 Sep 2021 08:04:44 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ Frame FF0A 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=564876704056121&ev=PageView&dl=https%3A%2F%2Foffer.fevo.com%2FthirdPartyPixels%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2%3F&rl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&if=true&ts=1630483484830&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=30&fbp=fb.1.1630483484821.1012364440&it=1630483484548&coo=false&exp=p1&rqm=GET
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:44 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Wed, 01 Sep 2021 08:04:44 GMT
/
www.facebook.com/tr/ Frame FF0A 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=564876704056121&ev=ViewContent&dl=https%3A%2F%2Foffer.fevo.com%2FthirdPartyPixels%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2%3F&rl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&if=true&ts=1630483484837&cd[content_name]=Citi%20Employee%20Perks%20-%20Spurs%20Discount%20Tickets&cd[content_id]=citi-employee-perks-spurs-discount-tickets--5b33fb2&cd[content_type]=product&sw=1600&sh=1200&v=2.9.45&r=stable&ec=1&o=30&fbp=fb.1.1630483484821.1012364440&it=1630483484548&coo=false&exp=p1&rqm=GET
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/thirdPartyPixels/citi-employee-perks-spurs-discount-tickets--5b33fb2?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:44 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Wed, 01 Sep 2021 08:04:44 GMT
/
www.facebook.com/tr/ Frame FF0A 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=564876704056121&ev=Microdata&dl=https%3A%2F%2Foffer.fevo.com%2FthirdPartyPixels%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2%3F&rl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&if=true&ts=1630483486333&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Citi%20Employee%20Perks%20-%20Spurs%20Discount%20Tickets%20%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.45&r=stable&ec=2&o=30&fbp=fb.1.1630483486332.545175269&it=1630483484548&coo=false&es=automatic&tm=3&exp=p1&rqm=GET
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:46 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 01 Sep 2021 08:04:46 GMT
analytics.js
www.google-analytics.com/ Frame DCC9 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TMFP2W8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
1947
date
Wed, 01 Sep 2021 07:32:19 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Wed, 01 Sep 2021 09:32:19 GMT
collect
www.google-analytics.com/j/ Frame DCC9 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=238075327&t=pageview&_s=1&dl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&dp=san-antonio-spurs%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&ul=en-us&de=UTF-8&dt=Fevo%20Universal%20Cart&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1722681807&gjid=420138211&cid=1423662046.1630483487&tid=UA-72774165-10&_gid=96128618.1630483487&_r=1&gtm=2wg8u0TMFP2W8&cd4=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&z=110029025
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ Frame DCC9 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=238075327&t=pageview&_s=1&dl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&dp=san-antonio-spurs%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2&ul=en-us&de=UTF-8&dt=Fevo%20Universal%20Cart&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1722681807&gjid=420138211&cid=1423662046.1630483487&tid=UA-4027458-2&_gid=96128618.1630483487&_r=1&gtm=2wg8u0TMFP2W8&cd4=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&z=110029025
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ Frame DCC9 		4 B
87 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1722681807&gjid=420138211&_gid=96128618.1630483487&_u=YEBAAEAAAAAAAC~&z=1716483379
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 01 Sep 2021 08:04:47 GMT
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ Frame DCC9 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1722681807&gjid=420138211&_gid=96128618.1630483487&_u=YEBAAEAAAAAAAC~&z=1716483379
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 01 Sep 2021 08:04:47 GMT
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ Frame DCC9 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1722681807&_u=YEBAAEAAAAAAAC~&z=1804742953
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ Frame DCC9 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1722681807&_u=YEBAAEAAAAAAAC~&z=1804742953
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
5d895f4f176f3507a3cbcc00
app.launchdarkly.com/sdk/goals/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/5d895f4f176f3507a3cbcc00
Protocol
H2
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-launchdarkly-user-agent
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
allow
GET, OPTIONS, HEAD
content-encoding
gzip
ld-region
us-east-1
strict-transport-security
max-age=31536000
accept-ranges
bytes
date
Wed, 01 Sep 2021 08:04:48 GMT
via
1.1 varnish
x-served-by
cache-fra19145-FRA
x-cache
MISS
x-cache-hits
0
x-timer
S1630483488.696345,VS0,VE362
vary
Accept-Encoding
age
0
content-length
23
5d895f4f176f3507a3cbcc00
app.launchdarkly.com/sdk/goals/ Frame DCC9 		2 B
185 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/5d895f4f176f3507a3cbcc00
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

X-LaunchDarkly-User-Agent
JSClient/2.17.3
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
content-md5
d751713988987e9331980363e24189ce
age
0
x-cache
HIT
access-control-max-age
300
date
Wed, 01 Sep 2021 08:04:48 GMT
content-length
26
x-served-by
cache-fra19145-FRA
access-control-allow-origin
*
ld-region
us-east-1
x-timer
S1630483488.082204,VS0,VE93
etag
"d751713988987e9331980363e24189ce"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/json
via
1.1 varnish
cache-control
max-age=0
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
x-cache-hits
1
/
api.rollbar.com/api/1/item/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.rollbar.com/api/1/item/
Protocol
H2
Server
35.201.81.77 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
77.81.201.35.bc.googleusercontent.com
Software
nginx/1.17.9 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-rollbar-access-token
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.17.9
date
Wed, 01 Sep 2021 08:04:47 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers
content-type,x-rollbar-access-token
x-response-time
0ms
via
1.1 google
alt-svc
clear
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-fevo-launch-darkly-user
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:47 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
x-fevo-trace-id
8874292381019318469
access-control-max-age
3600
access-control-allow-origin
https://offer.fevo.com
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-fevo-launch-darkly-user
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:47 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
x-fevo-trace-id
2226410101793544167
access-control-max-age
3600
access-control-allow-origin
https://offer.fevo.com
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
/
api.rollbar.com/api/1/item/ Frame DCC9 		100 B
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rollbar.com/api/1/item/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.81.77 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
77.81.201.35.bc.googleusercontent.com
Software
nginx/1.17.9 /
Resource Hash
5e42ec2640e4d12b9dfd960f91d3bd61234c7fed6cd231739d2226d70ae03f9d

Request headers

X-Rollbar-Access-Token
7aea3d3b183b4e55b0d73b7097da81dc
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json

Response headers

x-response-time
132ms
date
Wed, 01 Sep 2021 08:04:48 GMT
via
1.1 google
server
nginx/1.17.9
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
alt-svc
clear
content-length
100
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame DCC9 		113 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
5460fb44f9f4e80aae7928a29bdb5a4e764fba555d5399335ca0d040f6269bd3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept
*/*
Referer
https://offer.fevo.com/
X-Fevo-Launch-Darkly-User
{"key":"55467a19-8381-4bc8-a2a0-e5a54b391314","custom":{"vendorId":"ccc5911b-ec6c-4014-98a3-d2fef211c1bc","offerPageUri":"citi-employee-perks-spurs-discount-tickets--5b33fb2"},"anonymous":false}
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Sep 2021 08:04:48 GMT
x-fevo-trace-id
7156752834227748849
vary
Origin
strict-transport-security
max-age=15724800; includeSubDomains
content-length
113
x-fevo-launch-darkly-user
{"key":"c771de3e-99e9-42b4-b61a-84e0fada7a17","custom":{},"anonymous":false}
server
openresty/1.15.8.2
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
x-schema-version
0.0.0
access-control-allow-origin
https://offer.fevo.com
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
x-session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImM3NzFkZTNlLTk5ZTktNDJiNC1iNjFhLTg0ZTBmYWRhN2ExNyJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.Q41Y6u7ECaTo14hbibvYw3I5LYhW_9Eu8QxkFg7qA7Q
content-type
application/json
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame DCC9 		132 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
97e1821b726aed04126bb6b632cf9652c2f64ac9d5ad1d24ae55eef494dac1d3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept
*/*
Referer
https://offer.fevo.com/
X-Fevo-Launch-Darkly-User
{"key":"55467a19-8381-4bc8-a2a0-e5a54b391314","custom":{"vendorId":"ccc5911b-ec6c-4014-98a3-d2fef211c1bc","offerPageUri":"citi-employee-perks-spurs-discount-tickets--5b33fb2"},"anonymous":false}
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Sep 2021 08:04:48 GMT
x-fevo-trace-id
9059878983747255769
vary
Origin
strict-transport-security
max-age=15724800; includeSubDomains
content-length
132
x-fevo-launch-darkly-user
{"key":"9c4ddd8b-44be-4eb2-b2be-077bddec654a","custom":{},"anonymous":false}
server
openresty/1.15.8.2
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
x-schema-version
0.0.0
access-control-allow-origin
https://offer.fevo.com
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
x-session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6IjljNGRkZDhiLTQ0YmUtNGViMi1iMmJlLTA3N2JkZGVjNjU0YSJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.AsIe_9l1GwxyVIW0FNCGDh189nblKKQVYCH5HgLqInE
content-type
application/json
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
channel.html
js.stripe.com/v2/ Frame 21F4 		1 KB
647 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Foffer.fevo.com&stripe_xdm_c=default762586&stripe_xdm_p=1
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a3e859b8149a06247853276aa0b4c79c4f3d0d63e91baf88bf96b76fbfc1b492
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
js.stripe.com
:scheme
https
:path
/v2/channel.html?stripe_xdm_e=https%3A%2F%2Foffer.fevo.com&stripe_xdm_c=default762586&stripe_xdm_p=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://offer.fevo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://offer.fevo.com/

Response headers

x-amz-id-2
Q+VbbUCW6BVm1veyLXiNITpAFwfhFh08KhKhzeAQcS0Ky+3Au+mzrIEYfa+ebS6JAfqt1IfJ060=
x-amz-request-id
SJDE7A79FR6B99K4
last-modified
Wed, 06 Sep 2017 17:40:34 GMT
etag
"19af0c6cc7a0bca20a355b3362dc64a0"
cache-control
public, max-age=300
content-type
text/html; charset=utf-8
server
AmazonS3
content-encoding
br
accept-ranges
bytes
date
Wed, 01 Sep 2021 08:04:47 GMT
via
1.1 varnish
age
20
x-served-by
cache-fra19148-FRA
x-cache
HIT
x-cache-hits
1
vary
Accept-Encoding
access-control-allow-origin
*
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
content-length
449
hinted-MarkOT-Medium.woff2
s3.amazonaws.com/fevo/assets/fontface/mark-ot/ Frame DCC9 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s3.amazonaws.com/fevo/assets/fontface/mark-ot/hinted-MarkOT-Medium.woff2
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/typefaces.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.105.229 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
785cf747482af7d9cd490ce653a784d9de6d71fbccb46d2ac4307d23acd77764

Request headers

Origin
https://offer.fevo.com
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 01 Sep 2021 08:04:49 GMT
Last-Modified
Tue, 02 Feb 2016 21:51:09 GMT
Server
AmazonS3
x-amz-request-id
SBKAQGA92NNBAG30
ETag
"859ddf003dc72623cf45dbb0c209691c"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET, PUT, POST
x-amz-version-id
null
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Accept-Ranges
bytes
Content-Type
application/octet-stream
Content-Length
45072
x-amz-id-2
LIGImcgi5oHxj2flYJV2yMAdiBob/i7cON+PwG+mFUiwL/4FNleMbOKGrK8UgC7mOaTmrWRbtkM=
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame DCC9 		52 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
30a760e21c778e506b12d700032eb44616d6f6de786e8c95a4609713eec08abf
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept
*/*
Referer
https://offer.fevo.com/
X-Fevo-Launch-Darkly-User
{"key":"55467a19-8381-4bc8-a2a0-e5a54b391314","custom":{"vendorId":"ccc5911b-ec6c-4014-98a3-d2fef211c1bc","offerPageUri":"citi-employee-perks-spurs-discount-tickets--5b33fb2"},"anonymous":false}
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Sep 2021 08:04:48 GMT
x-fevo-trace-id
8947369564638019750
vary
Accept-Encoding, Origin
x-schema-version
0.0.0
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
server
openresty/1.15.8.2
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://offer.fevo.com
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
x-session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
x-fevo-launch-darkly-user
{"key":"d5d38863-44a5-42a9-80db-a2d0efd6ddbf","custom":{},"anonymous":false}
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-fevo-launch-darkly-user
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:47 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
x-fevo-trace-id
6374921376878481679
access-control-max-age
3600
access-control-allow-origin
https://offer.fevo.com
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
/
js.stripe.com/v2/ Frame 21F4 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Foffer.fevo.com&stripe_xdm_c=default762586&stripe_xdm_p=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0f831be9ee5da767fe9a4f425a53e843fef1d73bf52cb48becb6644ec7b73dc
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Foffer.fevo.com&stripe_xdm_c=default762586&stripe_xdm_p=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 08:04:47 GMT
content-encoding
br
vary
Accept-Encoding
age
78
via
1.1 varnish
x-cache
HIT
content-length
19861
x-amz-id-2
0r/nzIBZh13UtiMlqYzLO10amdQAvcuhb6XBiQ2XdfrtYYuGCCdExwNfphYSSGvPwEZ3whSOHns=
x-served-by
cache-fra19148-FRA
timing-allow-origin
*
last-modified
Mon, 16 Aug 2021 18:28:38 GMT
server
AmazonS3
etag
"9aa0f060e9dc287fa15cf0f0d2a136b9"
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
997TW32ZN9H11VS3
access-control-allow-origin
*
cache-control
public, max-age=300
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
7
outer.html
js.stripe.com/v2/m/ Frame 4CD0 		718 B
472 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/m/outer.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7832e207be33df99c990b38381b506740fe48b3c9df9a8166a18fb43989fd478
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
js.stripe.com
:scheme
https
:path
/v2/m/outer.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://offer.fevo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://offer.fevo.com/

Response headers

x-amz-id-2
iJXqO38rAAJHiu5woRRtKJI+r8KkinMMpWY+0wFBm5WLhBJDJlZVRLJP6z+dYo3wKVl9e9BvJSc=
x-amz-request-id
2AF1D7S444EAHJ1Q
last-modified
Wed, 06 Sep 2017 17:40:34 GMT
etag
"51b76bd7931c50d2bf6d4c5a93d343f9"
cache-control
public, max-age=300
content-type
text/html; charset=utf-8
server
AmazonS3
content-encoding
br
accept-ranges
bytes
date
Wed, 01 Sep 2021 08:04:48 GMT
via
1.1 varnish
age
226
x-served-by
cache-fra19148-FRA
x-cache
HIT
x-cache-hits
7
vary
Accept-Encoding
access-control-allow-origin
*
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
content-length
294
inner.html
m.stripe.network/ Frame BC02 		932 B
941 B 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/m/outer.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
m.stripe.network
:scheme
https
:path
/inner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://js.stripe.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://js.stripe.com/

Response headers

server
nginx
content-type
text/html; charset=utf-8
last-modified
Thu, 12 Aug 2021 00:00:27 GMT
etag
W/"6114649b-3a4"
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
public, max-age=300
timing-allow-origin
*
content-security-policy
default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
date
Wed, 01 Sep 2021 08:04:48 GMT
age
181
x-served-by
cache-sea4472-SEA, cache-fra19148-FRA
x-cache
HIT, HIT
x-cache-hits
1, 239
x-timer
S1630483488.297734,VS0,VE0
vary
Accept-Encoding
content-length
537
out-4.5.40.js
m.stripe.network/ Frame BC02 		85 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.40.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.12.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
etag
W/"6114649b-154bc"
age
169
x-cache
HIT, HIT
content-length
18452
x-served-by
cache-sea4434-SEA, cache-fra19148-FRA
last-modified
Thu, 12 Aug 2021 00:00:27 GMT
server
nginx
x-timer
S1630483488.326104,VS0,VE0
date
Wed, 01 Sep 2021 08:04:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=300
content-security-policy
default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
3, 192
6
m.stripe.com/ Frame BC02 		156 B
518 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.40.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.215.192.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-192-98.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3c4a16c3492440f7750233bb1a3c1e241f232579a2c9633b2190727da19c0f7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 01 Sep 2021 08:04:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
strict-transport-security
max-age=31556926; includeSubDomains; preload
access-control-allow-headers
Content-Type
/
api.rollbar.com/api/1/item/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.rollbar.com/api/1/item/
Protocol
H2
Server
35.201.81.77 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
77.81.201.35.bc.googleusercontent.com
Software
nginx/1.17.9 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-rollbar-access-token
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.17.9
date
Wed, 01 Sep 2021 08:04:48 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-headers
content-type,x-rollbar-access-token
x-response-time
0ms
via
1.1 google
alt-svc
clear
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,x-fevo-launch-darkly-user,x-session
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:48 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
x-fevo-trace-id
4964620739220107796
access-control-max-age
3600
access-control-allow-origin
https://offer.fevo.com
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,x-fevo-launch-darkly-user,x-session
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:48 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
x-fevo-trace-id
4958017433644535753
access-control-max-age
3600
access-control-allow-origin
https://offer.fevo.com
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
/
api.rollbar.com/api/1/item/ Frame DCC9 		100 B
166 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rollbar.com/api/1/item/
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.81.77 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
77.81.201.35.bc.googleusercontent.com
Software
nginx/1.17.9 /
Resource Hash
40006445956d1f7e60e750bf7e0acaa520799b015622aabb5909d87ebabb52e9

Request headers

X-Rollbar-Access-Token
7aea3d3b183b4e55b0d73b7097da81dc
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json

Response headers

x-response-time
142ms
date
Wed, 01 Sep 2021 08:04:49 GMT
via
1.1 google
server
nginx/1.17.9
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
alt-svc
clear
content-length
100
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame DCC9 		116 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
c9c0f0bebd55740ef701293d2785884d6adaf8369973b73a820711679151859b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept
*/*
Referer
https://offer.fevo.com/
X-Session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
X-Fevo-Launch-Darkly-User
{"key":"55467a19-8381-4bc8-a2a0-e5a54b391314","custom":{"vendorId":"ccc5911b-ec6c-4014-98a3-d2fef211c1bc","offerPageUri":"citi-employee-perks-spurs-discount-tickets--5b33fb2"},"anonymous":false}
Authorization
Bearer eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Sep 2021 08:04:48 GMT
x-fevo-trace-id
2102408706960776104
vary
Origin
strict-transport-security
max-age=15724800; includeSubDomains
content-length
116
x-fevo-launch-darkly-user
{"key":"d5d38863-44a5-42a9-80db-a2d0efd6ddbf","custom":{},"anonymous":false}
server
openresty/1.15.8.2
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
x-schema-version
0.0.0
access-control-allow-origin
https://offer.fevo.com
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
x-session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
content-type
application/json
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame DCC9 		114 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
5600ca9061732d313e7b0a7d726637ac48968b7e660d2609ccecbced6c147a9d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept
*/*
Referer
https://offer.fevo.com/
X-Session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
X-Fevo-Launch-Darkly-User
{"key":"55467a19-8381-4bc8-a2a0-e5a54b391314","custom":{"vendorId":"ccc5911b-ec6c-4014-98a3-d2fef211c1bc","offerPageUri":"citi-employee-perks-spurs-discount-tickets--5b33fb2"},"anonymous":false}
Authorization
Bearer eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Sep 2021 08:04:48 GMT
x-fevo-trace-id
5725879828817682076
vary
Origin
strict-transport-security
max-age=15724800; includeSubDomains
content-length
114
x-fevo-launch-darkly-user
{"key":"d5d38863-44a5-42a9-80db-a2d0efd6ddbf","custom":{},"anonymous":false}
server
openresty/1.15.8.2
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
x-schema-version
0.0.0
access-control-allow-origin
https://offer.fevo.com
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
x-session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
content-type
application/json
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame DCC9 		319 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
3e48f9e5bfa11ea7c820772957a8890f85021465174fa8d322f43798173ac994
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept
*/*
Referer
https://offer.fevo.com/
X-Session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
X-Fevo-Launch-Darkly-User
{"key":"55467a19-8381-4bc8-a2a0-e5a54b391314","custom":{"vendorId":"ccc5911b-ec6c-4014-98a3-d2fef211c1bc","offerPageUri":"citi-employee-perks-spurs-discount-tickets--5b33fb2"},"anonymous":false}
Authorization
Bearer eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json

Response headers

date
Wed, 01 Sep 2021 08:04:48 GMT
x-fevo-trace-id
2197393456077221479
vary
Accept-Encoding, Origin
x-schema-version
0.0.0
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
server
openresty/1.15.8.2
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://offer.fevo.com
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
x-session
eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6ImQ1ZDM4ODYzLTQ0YTUtNDJhOS04MGRiLWEyZDBlZmQ2ZGRiZiJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.vAeHaD1e3ohaqi5SttoIMKGd0mYESLY_g4Tr2Ijk4D4
x-fevo-launch-darkly-user
{"key":"d5d38863-44a5-42a9-80db-a2d0efd6ddbf","custom":{},"anonymous":false}
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
citi-employee-perks-spurs-discount-tickets--5b33fb2
gtw-customer.offer.fevo.com/o/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gtw-customer.offer.fevo.com/o/citi-employee-perks-spurs-discount-tickets--5b33fb2
Protocol
H2
Server
204.236.254.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-254-0.compute-1.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,x-fevo-launch-darkly-user,x-session
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
openresty/1.15.8.2
date
Wed, 01 Sep 2021 08:04:48 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
x-fevo-trace-id
6929946594811359734
access-control-max-age
3600
access-control-allow-origin
https://offer.fevo.com
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
access-control-expose-headers
X-Session, X-Fevo-Launch-Darkly-User
access-control-allow-credentials
true
2561DB5CFB37AFDD8F262368C6DCAB4F
s3.amazonaws.com/fevo/www/media/ Frame DCC9 		125 KB
126 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.amazonaws.com/fevo/www/media/2561DB5CFB37AFDD8F262368C6DCAB4F
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.105.229 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
163420ae94753a91c02bb038ad5d20ea6e51cecf2f36edd9cbcefdcb3c32181b

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 01 Sep 2021 08:04:49 GMT
Last-Modified
Mon, 23 Aug 2021 17:14:07 GMT
Server
AmazonS3
x-amz-request-id
SBK5DDB2YKT59BD9
ETag
"2561db5cfb37afdd8f262368c6dcab4f"
Content-Type
image/png
x-amz-version-id
JEf_SDqj_zUzCjVX_sABHs4Byjvnj18R
Accept-Ranges
bytes
Content-Length
128107
x-amz-id-2
XggOJMrT5FE2jOHiVFTsMSW9kkKA2w4QlGCw77NySoQ97YPjK8Ff0D7si6nk4dDWzHh+0M0H0Ko=
3AB24BDB464E70EFECB1C37FC7309011
s3.amazonaws.com/fevo/www/media/ Frame DCC9 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.amazonaws.com/fevo/www/media/3AB24BDB464E70EFECB1C37FC7309011
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/api/iframe/citi-employee-perks-spurs-discount-tickets--5b33fb2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.105.229 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
6ee4613d183d12dea1f7fefe9267b4e5f41f7d8be3e6d627d044805c2e87db5b

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 01 Sep 2021 08:04:50 GMT
Last-Modified
Tue, 08 Aug 2017 21:09:59 GMT
Server
AmazonS3
x-amz-request-id
P4FEKHJ0ZVQ0A43Q
ETag
"3ab24bdb464e70efecb1c37fc7309011"
Content-Type
image/png
x-amz-version-id
1gr4HOnlyl.hcCmCbJlfXT7CgEGcYzFO
Accept-Ranges
bytes
Content-Length
39728
x-amz-id-2
VhwQ7dYECqn37r6yMweOubodFdmtBj/0nyG0HjnWsuRs04uIG1Ze2VIag5x7Ur0y/E15HscmlDI=
hinted-SharpSansNo1-Bold.woff2
s3.amazonaws.com/fevo/assets/fontface/sharp-sans/ Frame DCC9 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s3.amazonaws.com/fevo/assets/fontface/sharp-sans/hinted-SharpSansNo1-Bold.woff2
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/typefaces.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.105.229 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
2f8d7d000683e38a06b12b03d5f1733c13b108f3e6b1384c48dc13bf5c1df326

Request headers

Origin
https://offer.fevo.com
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 01 Sep 2021 08:04:49 GMT
Last-Modified
Tue, 15 Dec 2015 21:38:39 GMT
Server
AmazonS3
x-amz-request-id
SBK9WPVK4P1GHFV4
ETag
"fbf532d989bef4808321868cf4eb243d"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET, PUT, POST
x-amz-version-id
null
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Accept-Ranges
bytes
Content-Type
application/octet-stream
Content-Length
49076
x-amz-id-2
sCi3utw53oni3YrCCUXLHI3mmbt49xh8bCmPyw6VOq/SEiu1uV78BUN5kv2m5lTpPEnHnlJpdoA=
hinted-MarkOT-Bold.woff2
s3.amazonaws.com/fevo/assets/fontface/mark-ot/ Frame DCC9 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s3.amazonaws.com/fevo/assets/fontface/mark-ot/hinted-MarkOT-Bold.woff2
Requested by
Host: offer.fevo.com
URL: https://offer.fevo.com/typefaces.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.105.229 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
5b9297220fcb306c857149370785f136ffa0473095bf4d807fa1098960975783

Request headers

Origin
https://offer.fevo.com
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 01 Sep 2021 08:04:50 GMT
Last-Modified
Wed, 13 Jan 2016 18:26:33 GMT
Server
AmazonS3
x-amz-request-id
P4FFX0V6HJZKB4FZ
ETag
"c294954989b52c16f78546ccf627b4d0"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET, PUT, POST
x-amz-version-id
null
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Accept-Ranges
bytes
Content-Type
application/octet-stream
Content-Length
48436
x-amz-id-2
BaAROoxVP3TBkK8rquBiWpAcSB4p4Pohz6JMUcHmkuGRoyPbQObVW823Z/VPEGYhr4uXhg8xNgM=
ec.js
www.google-analytics.com/plugins/ua/ Frame DCC9 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 07:32:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
1958
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1306
x-xss-protection
0
expires
Wed, 01 Sep 2021 08:32:10 GMT
collect
www.google-analytics.com/j/ Frame DCC9 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=238075327&t=event&ni=1&cu=USD&_s=1&dl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2%2F&dp=san-antonio-spurs%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2%2F&ul=en-us&de=UTF-8&dt=Citi%20Employee%20Perks%20-%20Spurs%20Discount%20Tickets&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Ecommerce&ea=Impressions&_u=aGhACEALBAAAAC~&jid=1884219411&gjid=1204031258&cid=1423662046.1630483487&tid=UA-72774165-10&_gid=1043124469.1630483489&_r=1&gtm=2wg8u0TMFP2W8&il1pi1id=28be91c9-eed5-4ff8-b803-b2b86537beee&il1pi1nm=Ticket-%20Spurs%20vs.%20Rockets%20-%20Citi&il1pi1ps=1&il1pi1ca=&il1pi1cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi2id=c4760158-2d72-4f2d-98c8-7845fc69b941&il1pi2nm=Ticket-%20Spurs%20vs.%20Cavaliers%20-%20Citi&il1pi2ps=2&il1pi2ca=&il1pi2cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi3id=65c76f88-a476-4a39-ae49-2204dc694bd9&il1pi3nm=Ticket-%20Spurs%20vs.%20Clipp%20-%20Citiers%20&il1pi3ps=3&il1pi3ca=&il1pi3cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi4id=511262a3-527a-4c7a-8041-420589b41238&il1pi4nm=Ticket-%20Spurs%20vs.%20Suns%20-%20Citi&il1pi4ps=4&il1pi4ca=&il1pi4cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi5id=e4f7ddda-5be9-4eb0-86dd-396e0bb28801&il1pi5nm=Ticket-%20Spurs%20vs.%20Thunder%20-%20Citi&il1pi5ps=5&il1pi5ca=&il1pi5cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi6id=57a7df8b-5ec7-47d7-b9a9-1f9c36da64fa&il1pi6nm=Ticket-%20Spurs%20vs.%20Nets%20-%20Citi&il1pi6ps=6&il1pi6ca=&il1pi6cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&z=1395412858
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ Frame DCC9 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=238075327&t=event&ni=1&cu=USD&_s=1&dl=https%3A%2F%2Foffer.fevo.com%2Fapi%2Fiframe%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2%2F&dp=san-antonio-spurs%2Fciti-employee-perks-spurs-discount-tickets--5b33fb2%2F&ul=en-us&de=UTF-8&dt=Citi%20Employee%20Perks%20-%20Spurs%20Discount%20Tickets&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Ecommerce&ea=Impressions&_u=aGhACEALBAAAAC~&jid=1884219411&gjid=1204031258&cid=1423662046.1630483487&tid=UA-4027458-2&_gid=1043124469.1630483489&_r=1&gtm=2wg8u0TMFP2W8&il1pi1id=28be91c9-eed5-4ff8-b803-b2b86537beee&il1pi1nm=Ticket-%20Spurs%20vs.%20Rockets%20-%20Citi&il1pi1ps=1&il1pi1ca=&il1pi1cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi2id=c4760158-2d72-4f2d-98c8-7845fc69b941&il1pi2nm=Ticket-%20Spurs%20vs.%20Cavaliers%20-%20Citi&il1pi2ps=2&il1pi2ca=&il1pi2cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi3id=65c76f88-a476-4a39-ae49-2204dc694bd9&il1pi3nm=Ticket-%20Spurs%20vs.%20Clipp%20-%20Citiers%20&il1pi3ps=3&il1pi3ca=&il1pi3cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi4id=511262a3-527a-4c7a-8041-420589b41238&il1pi4nm=Ticket-%20Spurs%20vs.%20Suns%20-%20Citi&il1pi4ps=4&il1pi4ca=&il1pi4cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi5id=e4f7ddda-5be9-4eb0-86dd-396e0bb28801&il1pi5nm=Ticket-%20Spurs%20vs.%20Thunder%20-%20Citi&il1pi5ps=5&il1pi5ca=&il1pi5cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&il1pi6id=57a7df8b-5ec7-47d7-b9a9-1f9c36da64fa&il1pi6nm=Ticket-%20Spurs%20vs.%20Nets%20-%20Citi&il1pi6ps=6&il1pi6ca=&il1pi6cd1=ccc5911b-ec6c-4014-98a3-d2fef211c1bc&z=1395412858
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ Frame DCC9 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1884219411&gjid=1204031258&_gid=1043124469.1630483489&_u=aGhACEALBAAAAC~&z=1284329461
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 01 Sep 2021 08:04:48 GMT
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ Frame DCC9 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1884219411&gjid=1204031258&_gid=1043124469.1630483489&_u=aGhACEALBAAAAC~&z=1284329461
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 01 Sep 2021 08:04:48 GMT
content-type
text/plain
access-control-allow-origin
https://offer.fevo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ Frame DCC9 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1884219411&_u=aGhACEALBAAAAC~&z=1749771973
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ Frame DCC9 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72774165-10&cid=1423662046.1630483487&jid=1884219411&_u=aGhACEALBAAAAC~&z=1749771973
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Sep 2021 08:04:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6
m.stripe.com/ Frame BC02 		156 B
517 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.40.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.215.192.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-192-98.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3c4a16c3492440f7750233bb1a3c1e241f232579a2c9633b2190727da19c0f7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 01 Sep 2021 08:04:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Accept-Encoding
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
strict-transport-security
max-age=31556926; includeSubDomains; preload
access-control-allow-headers
Content-Type
5d895f4f176f3507a3cbcc00
events.launchdarkly.com/events/bulk/ Frame DCC9 		0
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/5d895f4f176f3507a3cbcc00
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.23.169.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-169-222.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://offer.fevo.com/
X-LaunchDarkly-Payload-ID
47fe7410-0afb-11ec-be4b-1b269e39a157
X-LaunchDarkly-Event-Schema
3
X-LaunchDarkly-User-Agent
JSClient/2.17.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json

Response headers

Date
Wed, 01 Sep 2021 08:04:50 GMT
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Methods
POST,OPTIONS
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Max-Age
300
Connection
keep-alive
Access-Control-Allow-Headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
Content-Length
0
Access-Control-Expose-Headers
Date
5d895f4f176f3507a3cbcc00
events.launchdarkly.com/events/bulk/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/5d895f4f176f3507a3cbcc00
Protocol
HTTP/1.1
Server
107.23.169.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-169-222.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Date
Wed, 01 Sep 2021 08:04:50 GMT
Content-Type
application/json
Connection
keep-alive
Access-Control-Allow-Headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
Access-Control-Allow-Methods
POST,OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Date
Access-Control-Max-Age
300
Strict-Transport-Security
max-age=31536000
batch
event-collection.fevo.com/event/ Frame DCC9 		0
270 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://event-collection.fevo.com/event/batch
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.90.64.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-90-64-222.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://offer.fevo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 01 Sep 2021 08:04:52 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
access-control-allow-origin
https://offer.fevo.com
access-control-allow-credentials
true
x-content-type-options
nosniff
vary
Origin
content-length
0
x-xss-protection
1; mode=block
batch
event-collection.fevo.com/event/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event-collection.fevo.com/event/batch
Protocol
H2
Server
54.90.64.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-90-64-222.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://offer.fevo.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 01 Sep 2021 08:04:52 GMT
content-length
0
vary
Origin
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options
DENY
x-xss-protection
1; mode=block
access-control-max-age
3600
x-content-type-options
nosniff
access-control-allow-origin
https://offer.fevo.com
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-credentials
true
x-permitted-cross-domain-policies
master-only

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| FEVO_SETTINGS object| fevoSdk

1 Cookies

Domain/Path Name / Value
.offer.fevo.com/ Name: gtw_customer_api_session
Value: eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InZpZXdlciI6IjljNGRkZDhiLTQ0YmUtNGViMi1iMmJlLTA3N2JkZGVjNjU0YSJ9LCJleHAiOjE5NDU4NDM0ODgsIm5iZiI6MTYzMDQ4MzQ4OCwiaWF0IjoxNjMwNDgzNDg4fQ.AsIe_9l1GwxyVIW0FNCGDh189nblKKQVYCH5HgLqInE

3 Console Messages

Source Level URL
Text
console-api warning URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js(Line 2)
Message:
LD: [warn] Be sure to call `identify` in the LaunchDarkly client: https://docs.launchdarkly.com/docs/js-sdk-reference#section-analytics-events
console-api warning URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js(Line 2)
Message:
error using localStorage, using InMemoryStore
console-api warning URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.5.2/rollbar.min.js(Line 2)
Message:
LocalStorageCookieManager: error using localStorage, using InMemoryStore

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; frame-src 'self' offer.fevo.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js; img-src 'self' https://s3.amazonaws.com https://s.ytimg.com https://i.ytimg.com/; style-src 'self' 'unsafe-inline' offer.fevo.com; font-src https://s3.amazonaws.com; manifest-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.rollbar.com
app.go.attcenter.com
app.launchdarkly.com
cdnjs.cloudflare.com
connect.facebook.net
event-collection.fevo.com
events.launchdarkly.com
fevo.me
gtw-customer.offer.fevo.com
js.stripe.com
m.stripe.com
m.stripe.network
offer.fevo.com
s3.amazonaws.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.youtube.com
107.23.169.222
142.0.160.54
151.101.12.176
151.101.14.217
204.236.254.0
2606:4700::6810:135e
2a00:1450:4001:800::200e
2a00:1450:4001:80e::2008
2a00:1450:4001:811::2004
2a00:1450:4001:813::200e
2a00:1450:4001:827::200e
2a00:1450:4001:831::2003
2a00:1450:400c:c09::9d
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a03:2880:f12d:181:face:b00c:0:25de
34.215.192.98
35.201.81.77
52.216.105.229
54.85.220.244
54.90.64.222
67.199.248.13
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
163420ae94753a91c02bb038ad5d20ea6e51cecf2f36edd9cbcefdcb3c32181b
1e15b2c978ff367e70d0dc801af0a91ba0446b96a955740d9eab13f686e95b6f
29638598f373f2b68efaf61939e64e8ef8339ad7126828f6451e8d9c77f51170
2cb0e21586aab89dedae3cdcff8594ef93fc266f980908b986c25de72790655e
2d72f480228fbabc71a630a5f5fb8a15d29a9b883cec71a8605f9c7b699c94a5
2f8d7d000683e38a06b12b03d5f1733c13b108f3e6b1384c48dc13bf5c1df326
30a760e21c778e506b12d700032eb44616d6f6de786e8c95a4609713eec08abf
335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe
3e48f9e5bfa11ea7c820772957a8890f85021465174fa8d322f43798173ac994
40006445956d1f7e60e750bf7e0acaa520799b015622aabb5909d87ebabb52e9
40841a8dc7def7f4b4d244c9c2a6b8a12bdea81cc5b2aa3afa277011d52cb998
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
52db8b84be561a11875eab250c7a6992be06245cbcc92a68e9a64d6f666a5371
53703adedfb180631fcabb3a3229afe95a430dd9017255775e4590629ea82af3
5460fb44f9f4e80aae7928a29bdb5a4e764fba555d5399335ca0d040f6269bd3
5600ca9061732d313e7b0a7d726637ac48968b7e660d2609ccecbced6c147a9d
5b9297220fcb306c857149370785f136ffa0473095bf4d807fa1098960975783
5e42ec2640e4d12b9dfd960f91d3bd61234c7fed6cd231739d2226d70ae03f9d
6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39
6ee4613d183d12dea1f7fefe9267b4e5f41f7d8be3e6d627d044805c2e87db5b
7238bf9f012bdf3eb7739001baf5d25da6c9d25eb0ff399d899183ce984ee7c7
75f09cdb1afc52188793ccef9e5e2f4d639b5005d6c8fc95ebed8c8c1abc5289
7832e207be33df99c990b38381b506740fe48b3c9df9a8166a18fb43989fd478
785cf747482af7d9cd490ce653a784d9de6d71fbccb46d2ac4307d23acd77764
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8f1e3ee7580719afe5e2edf2a48ffa0e1e57cb9c00edbd40da97320293f9117a
97e1821b726aed04126bb6b632cf9652c2f64ac9d5ad1d24ae55eef494dac1d3
a0f831be9ee5da767fe9a4f425a53e843fef1d73bf52cb48becb6644ec7b73dc
a3e859b8149a06247853276aa0b4c79c4f3d0d63e91baf88bf96b76fbfc1b492
bfd3c968e90f5b8797eaa53b8c16d3d1973397e26b74d1c0d4d9f0f6627f1860
c35cc7c6ccc619820d7b425697acce0ddc84b58065a1a68e88fa16c1721cb4da
c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a
c9c0f0bebd55740ef701293d2785884d6adaf8369973b73a820711679151859b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deed8036f882095f96e8342f1c870c66a36c91a27b33b4729b860978d3402220
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c4a16c3492440f7750233bb1a3c1e241f232579a2c9633b2190727da19c0f7
ee5f0eec7f726efb090bf2ca4ade38a3df67fc6ee9437c25a27a6f426c795793
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5165ffc886b8f9156d010901ad3ea01053d7e5bbfd43c26cc40948e2df8f7f
f6654845c9946f4d925a2a29b5f6862159d27c6b2edc8fdfea937b5c46d386c6
fc6ca80bf786ee789a4dc30fd2e9215981f58884cf9facc505f8f2b8588ee628
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62