www.express-scripts.com Open in urlscan Pro
167.211.52.57 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Submission: On January 18 via api (January 18th 2022, 7:45:17 pm UTC) from US — Scanned from DE

Summary HTTP 69 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 15 domains to perform 69 HTTP transactions. The main IP is 167.211.52.57, located in United States and belongs to EXPRES, US. The main domain is www.express-scripts.com. The Cisco Umbrella rank of the primary domain is 106001.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on August 19th 2021. Valid for: a year.

This is the only time www.express-scripts.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	167.211.52.57 167.211.52.57	5696 (EXPRES) (EXPRES)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
6	2600:9000:20c... 2600:9000:20c3:ea00:8:7fec:8380:21	16509 (AMAZON-02) (AMAZON-02)
3	2a02:26f0:6c0... 2a02:26f0:6c00:28a::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	52.16.22.188 52.16.22.188	16509 (AMAZON-02) (AMAZON-02)
1	13.227.133.121 13.227.133.121	16509 (AMAZON-02) (AMAZON-02)
1	52.211.32.39 52.211.32.39	16509 (AMAZON-02) (AMAZON-02)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
10 10	44.237.101.119 44.237.101.119	16509 (AMAZON-02) (AMAZON-02)
1	34.241.165.255 34.241.165.255	16509 (AMAZON-02) (AMAZON-02)
6 12	52.16.162.42 52.16.162.42	16509 (AMAZON-02) (AMAZON-02)
11 11	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4	151.101.130.217 151.101.130.217	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
17	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	52.200.153.6 52.200.153.6	14618 (AMAZON-AES) (AMAZON-AES)
1	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
69	20

8 167.211.52.57 (United States)

ASN5696 (EXPRES, US)

www.express-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:20c3:ea00:8:7fec:8380:21 (United States)

ASN16509 (AMAZON-02, US)

d1sasz49lqpqtq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:28a::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.22.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-22-188.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.133.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-133-121.muc51.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.32.39 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-32-39.eu-west-1.compute.amazonaws.com

expressscriptsholdingcompany.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

expressscripts.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 44.237.101.119 (Boardman, United States) 10 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-237-101-119.us-west-2.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.165.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-165-255.eu-west-1.compute.amazonaws.com

expressscriptsholdin.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.16.162.42 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-162-42.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.185.194 (United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.130.217 (United States)

ASN54113 (FASTLY, US)

app.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.200.153.6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-153-6.compute-1.amazonaws.com

events.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	everesttech.net 16 redirects cm.everesttech.net — Cisco Umbrella Rank: 992 pixel.everesttech.net — Cisco Umbrella Rank: 3397	11 KB
18	qualtrics.com zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com — Cisco Umbrella Rank: 208643 zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com — Cisco Umbrella Rank: 199026 siteintercept.qualtrics.com — Cisco Umbrella Rank: 1205	99 KB
11	doubleclick.net 11 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 197	2 KB
8	launchdarkly.com app.launchdarkly.com — Cisco Umbrella Rank: 1854 events.launchdarkly.com — Cisco Umbrella Rank: 1649	4 KB
8	express-scripts.com www.express-scripts.com — Cisco Umbrella Rank: 106001	199 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	497 KB
6	cloudfront.net d1sasz49lqpqtq.cloudfront.net	238 KB
4	google.com www.google.com — Cisco Umbrella Rank: 13	23 KB
3	omtrdc.net expressscripts.sc.omtrdc.net — Cisco Umbrella Rank: 147615 expressscriptsholdin.tt.omtrdc.net — Cisco Umbrella Rank: 176404	1 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 205 expressscriptsholdingcompany.demdex.net — Cisco Umbrella Rank: 180242	6 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 497	130 KB
1	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 348	715 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 367	17 KB
1	branch.io cdn.branch.io — Cisco Umbrella Rank: 861	24 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
69	15

	Domain	Requested by
16	siteintercept.qualtrics.com	www.express-scripts.com
12	pixel.everesttech.net	6 redirects
11	cm.g.doubleclick.net	11 redirects
10	cm.everesttech.net	10 redirects
8	www.express-scripts.com	www.express-scripts.com
6	d1sasz49lqpqtq.cloudfront.net	www.express-scripts.com
5	www.gstatic.com	www.express-scripts.com www.google.com
4	events.launchdarkly.com	www.express-scripts.com
4	app.launchdarkly.com	www.express-scripts.com
4	www.google.com	www.express-scripts.com
3	assets.adobedtm.com	www.express-scripts.com
2	expressscripts.sc.omtrdc.net	www.express-scripts.com assets.adobedtm.com
2	dpm.demdex.net	www.express-scripts.com
1	bam-cell.nr-data.net	www.express-scripts.com
1	zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com	www.express-scripts.com
1	zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com	www.express-scripts.com
1	js-agent.newrelic.com	www.express-scripts.com
1	expressscriptsholdin.tt.omtrdc.net	www.express-scripts.com
1	expressscriptsholdingcompany.demdex.net	www.express-scripts.com
1	cdn.branch.io	www.express-scripts.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.express-scripts.com
69	22

This site contains links to these domains. Also see Links.

Domain
accredo.com
insiderx.com
www.fda.gov
jobs.cigna.com

Subject Issuer	Validity	Valid
www.express-scripts.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-08-19` - `2022-09-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
*.sc.omtrdc.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-10-05` - `2022-03-04`	5 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-11` - `2022-10-12`	a year	crt.sh
app.launchdarkly.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-12-24` - `2023-01-25`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-24` - `2022-09-24`	a year	crt.sh
events.launchdarkly.com Amazon	`2021-09-19` - `2022-10-17`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 4 frames:

Primary Page: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Frame ID: D7D8C9F913D2C46CA1FD175A530F7735
Requests: 54 HTTP requests in this frame

Frame: https://expressscriptsholdingcompany.demdex.net/dest5.html?d_nsid=0
Frame ID: 5211196360DCB7D963E0ACF4D631F808
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z&co=aHR0cHM6Ly93d3cuZXhwcmVzcy1zY3JpcHRzLmNvbTo0NDM.&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=ihoeb5tf0zni
Frame ID: E9E849FE8601953C6AA845A3F17B00EF
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z
Frame ID: A7C8413FBB35E4819ACBF110834C98FF
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page not found | Express ScriptsWarning iconExpress Scripts LogoImportant Notice

Detected technologies

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

69
Requests

90 %
HTTPS

29 %
IPv6

15
Domains

22
Subdomains

20
IPs

5
Countries

1244 kB
Transfer

3965 kB
Size

15
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://accredo.com/
Title: Accredo Log In

Search URL Search Domain Scan URL

URL: https://insiderx.com/?source=expressscripts
Title: Inside RX

Search URL Search Domain Scan URL

URL: https://www.fda.gov/ForConsumers/ConsumerUpdates/ucm101653.htm
Title: Disposal of Medications

Search URL Search Domain Scan URL

URL: https://jobs.cigna.com/
Title: Careers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://cm.everesttech.net/cm/dd?d_uuid=86938847471068947662175781051467167958 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YecYxwAAAGS5zAPy

Request Chain 25

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBT1J4eVhDcQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWVjWXh3QUFBT1J4eVhDcQ&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_tc= HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWVjWXlBQUFBQmpOY1FQXw HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 26

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFCUFQ0U0V2YQ&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWVjWXh3QUFCUFQ0U0V2YQ&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_tc= HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEGOzmveTZM5S0EfAGeAesHM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWVjWXh3QUFBSnNZMXdQdg HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 34

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBT1J4MTNDcQ&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060&google_gid=CAESEHWC-88WI3pONfYnVGZ2d3w&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWVjWXlBQUFBRTRaendQdg HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 36

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFCY0N0V1V1TQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 38

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBR1M1ekFQeQ&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 39

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBR1M1ekFQeQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

69 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request Aeonik-Bold.woff' Show response
www.express-scripts.com/art/email/ 117 KB
47 KB 521ms
224ms Document
text/html 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

b0c9eb2a4afe7e163c0d16a8d7f161494b9e296672c85bd9ab73331e4dc1e5d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .express-scripts.com d1sasz49lqpqtq.cloudfront.net .qualtrics.com .omtrdc.net .demdex.net .googlesyndication.com .instagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1sasz49lqpqtq.cloudfront.net .adobedtm.com .fontawesome.com .qualtrics.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .google.com .gstatic.com .facebook.net .ads-twitter.com .twitter.com .brightcove.com .brightcove.net vjs.zencdn.net .s3.amazonaws.com snap.licdn.com .googletagmanager.com .express-scripts.com activitymap.adobe.com .branch.io app.link js-agent.newrelic.com bam-cell.nr-data.net insight.adsrvr.org .facebook.com .twitter.com .linkedin.com; object-src 'self' .s3.amazonaws.com .brightcove.net d1sasz49lqpqtq.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com .express-scripts.com .cloudflare.com .fontawesome.com .s3.amazonaws.com d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com; img-src 'self' data: .qualtrics.com .omtrdc.net expressscripts.sc.omtrdc.net .everesttech.net .demdex.net .facebook.com t.co .s3.amazonaws.com .brightcove.com .prod.boltdns.net .google.com openbadges.blob.core.windows.net d1sasz49lqpqtq.cloudfront.net .express-scripts.com .llnwd.net .linkedin.com .doubleclick.net .branch.io .adsrvr.org .googletagmanager.com .addthis.com .pinsightmedia.com .mookie1.com .advertising.com .scorecardresearch.com .linksynergy.com .casalemedia.com .insightexpressai.com .media6degrees.com .analytics.yahoo.com mid.rkdms.com match.sync.ad.cpe.dotomi.com aa.agkn.com ib.adnxs.com io.narrative.io cm.pos.baidu.com x.bidswitch.net tags.bluekai.com cs.adingo.jp ml314.com loadm.exelator.com global.ib-ibi.com ckm.iqiyi.com usermatch.krxd.net i.liadm.com idsync.rlcdn.com simage2.pubmatic.com e.nexac.com cm.mediav.com pixel.rubiconproject.com uipglob.semasio.net match.sharethrough.com s.thebrighttag.com eb2.3lift.com pixel.tapad.com cm.l.qq.com dmp.truoptik.com c.yes.youku.com; media-src 'self' blob: .express-scripts.com .s3.amazonaws.com .brightcove.com .prod.boltdns.net d1sasz49lqpqtq.cloudfront.net .akamaihd.net; frame-src 'self' .s3.amazonaws.com .qualtrics.com .youtube.com .omtrdc.net .demdex.net .google.com d1sasz49lqpqtq.cloudfront.net .fls.doubleclick.net activitymap.adobe.com .omniture.com .facebook.com; child-src 'self' blob: .express-scripts.com .s3.amazonaws.com .youtube.com d1sasz49lqpqtq.cloudfront.net; font-src * 'self' data: .express-scripts.com fonts.googleapis.com fonts.gstatic.com .s3.amazonaws.com .amazonaws.com d1sasz49lqpqtq.cloudfront.net; connect-src 'self' .express-scripts.com .qualtrics.com .adobedtm.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .brightcove.com .prod.boltdns.net .akamaihd.net d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com .llnwd.net .mktoresp.com di-tag.express-scripts.com .branch.io app.link wss://.express-scripts.com bam-cell.nr-data.net .cigna.com default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, public, s-maxage=0
Content-Language: en
Content-Security-Policy: default-src 'self' data: *.express-scripts.com d1sasz49lqpqtq.cloudfront.net *.qualtrics.com *.omtrdc.net *.demdex.net *.googlesyndication.com *.instagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1sasz49lqpqtq.cloudfront.net *.adobedtm.com *.fontawesome.com *.qualtrics.com *.everestjs.net *.omtrdc.net *.marketo.net *.demdex.net *.google.com *.gstatic.com *.facebook.net *.ads-twitter.com *.twitter.com *.brightcove.com *.brightcove.net vjs.zencdn.net *.s3.amazonaws.com snap.licdn.com *.googletagmanager.com *.express-scripts.com activitymap.adobe.com *.branch.io app.link js-agent.newrelic.com bam-cell.nr-data.net insight.adsrvr.org *.facebook.com *.twitter.com *.linkedin.com; object-src 'self' *.s3.amazonaws.com *.brightcove.net d1sasz49lqpqtq.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.express-scripts.com *.cloudflare.com *.fontawesome.com *.s3.amazonaws.com d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com; img-src 'self' data: *.qualtrics.com *.omtrdc.net expressscripts.sc.omtrdc.net *.everesttech.net *.demdex.net *.facebook.com t.co *.s3.amazonaws.com *.brightcove.com *.prod.boltdns.net *.google.com openbadges.blob.core.windows.net d1sasz49lqpqtq.cloudfront.net *.express-scripts.com *.llnwd.net *.linkedin.com *.doubleclick.net *.branch.io *.adsrvr.org *.googletagmanager.com *.addthis.com *.pinsightmedia.com *.mookie1.com *.advertising.com *.scorecardresearch.com *.linksynergy.com *.casalemedia.com *.insightexpressai.com *.media6degrees.com *.analytics.yahoo.com mid.rkdms.com match.sync.ad.cpe.dotomi.com aa.agkn.com ib.adnxs.com io.narrative.io cm.pos.baidu.com x.bidswitch.net tags.bluekai.com cs.adingo.jp ml314.com loadm.exelator.com global.ib-ibi.com ckm.iqiyi.com usermatch.krxd.net i.liadm.com idsync.rlcdn.com simage2.pubmatic.com e.nexac.com cm.mediav.com pixel.rubiconproject.com uipglob.semasio.net match.sharethrough.com s.thebrighttag.com eb2.3lift.com pixel.tapad.com cm.l.qq.com dmp.truoptik.com c.yes.youku.com; media-src 'self' blob: *.express-scripts.com *.s3.amazonaws.com *.brightcove.com *.prod.boltdns.net d1sasz49lqpqtq.cloudfront.net *.akamaihd.net; frame-src 'self' *.s3.amazonaws.com *.qualtrics.com *.youtube.com *.omtrdc.net *.demdex.net *.google.com d1sasz49lqpqtq.cloudfront.net *.fls.doubleclick.net activitymap.adobe.com *.omniture.com *.facebook.com; child-src 'self' blob: *.express-scripts.com *.s3.amazonaws.com *.youtube.com d1sasz49lqpqtq.cloudfront.net; font-src * 'self' data: *.express-scripts.com fonts.googleapis.com fonts.gstatic.com *.s3.amazonaws.com *.amazonaws.com d1sasz49lqpqtq.cloudfront.net; connect-src 'self' *.express-scripts.com *.qualtrics.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.marketo.net *.demdex.net *.brightcove.com *.prod.boltdns.net *.akamaihd.net d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com *.llnwd.net *.mktoresp.com di-tag.express-scripts.com *.branch.io app.link wss://*.express-scripts.com bam-cell.nr-data.net *.cigna.com default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Type: text/html; charset=UTF-8
Date: Tue, 18 Jan 2022 19:45:10 GMT
Etag: "1642533894"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
From-Origin: same
Last-Modified: Tue, 18 Jan 2022 19:24:54 GMT
Link: <https://www.express-scripts.com/>; rel="canonical", <https://www.express-scripts.com/>; rel="shortlink" <https://www.express-scripts.com/>; rel="canonical", <https://www.express-scripts.com/>; rel="shortlink"
Permissions-Policy: interest-cohort=()
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Ua-Compatible: IE=edge
X-Vcap-Request-Id: 0f5d7377-9920-4432-6bfb-0301e09106ef
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Transfer-Encoding: chunked

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 132ms
48ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500&display=swap&text=1234567890ABCDEFGHIJKLMONPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0%2C%2E%27%3B%5D%5B%3A%22%7B%7D%3E%3C%3F%2F%29%28%2A%26%5E%25%24%23%40%21%C2%A9%C2%AE%E2%84%A2%7E%60%7C%5C%3D%2D%2B%5F%E2%80%99%C2%AB%C2%BB%C2%BF%C2%A1%C3%81%C3%89%C3%8D%C3%93%C3%9A%C3%91%C3%9C%C3%A1%C3%A9%C3%AD%C3%B3%C3%BA%C3%B1%C3%BC

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6caa74e49c274c858a609390744ec56483f8da5af5ac37457a5f1444a3f8163d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 19:45:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 18 Jan 2022 19:45:11 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Jan 2022 19:45:11 GMT

GET
H2 200 css_4uuiRtQ6FosGuCvdYl8ZWWzAGCknBFMdQ_QrkteI9ds.css
d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/ 16 KB
3 KB 46ms
14ms Stylesheet
text/css 2600:9000:20c3:ea00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/css_4uuiRtQ6FosGuCvdYl8ZWWzAGCknBFMdQ_QrkteI9ds.css
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:ea00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2eba246d43a168b06b82bdd625f19596cc018292704531d43f42b92d788f5db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 01:52:40 GMT
content-encoding: br
last-modified: Fri, 12 Nov 2021 21:42:27 GMT
server: AmazonS3
age: 64351
etag: W/"fe523bf4fb92fd1d5de15227efee81fe"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 e01f54b21119ff385b2879b6a08078e0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
x-amz-cf-id: JjZbkDHnV4NeJF-yjDIRHXNlUwovoDF8UMCHK0b3ngPoHZgTxBhjWg==

GET
H2 200 css_1-F0QjLC0pK36mbSOeAK6SBRsPlaEtzJFzCSKkA3P4U.css
d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/ 484 KB
58 KB 48ms
16ms Stylesheet
text/css 2600:9000:20c3:ea00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/css/css_1-F0QjLC0pK36mbSOeAK6SBRsPlaEtzJFzCSKkA3P4U.css
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:ea00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d7e1744232c2d292b7ea66d239e00ae92051b0f95a12dcc91730922a40373f85

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 02:12:16 GMT
content-encoding: gzip
last-modified: Wed, 24 Nov 2021 18:18:16 GMT
server: AmazonS3
age: 63175
etag: W/"fd482a47d60e674380e639b3335e8ccf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 e01f54b21119ff385b2879b6a08078e0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
x-amz-cf-id: AaMhiT5STcGQxtyzpp-plzYZgwlD9Vge8e8WHzfBVZcupXFpzjFkZg==

GET
H/1.1 200
OK modernizr.min.js Show response
www.express-scripts.com/core/assets/vendor/modernizr/ 7 KB
4 KB 199ms
124ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.11.7

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Connection: Keep-Alive
Vary: Accept-Encoding, Accept-Encoding
Content-Length: 3564
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 23 Nov 2021 19:21:27 GMT
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Jan 2022 19:45:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 2d6599be-1472-4223-7456-eda6a8970ebb
Cache-Control: max-age=315360000
Etag: "619d3f37-1c42"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK modernizr-additional-tests.js Show response
www.express-scripts.com/core/misc/ 652 B
2 KB 316ms
118ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/core/misc/modernizr-additional-tests.js?v=3.11.7

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

9b7b5d56054f5bab6ea5dfd9472ceb900f406a8a35a3df5b17b606521a411a35

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding
Content-Length: 652
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 23 Nov 2021 19:21:27 GMT
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Jan 2022 19:45:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 6936ddd2-837b-42ad-642b-1158a6d17f45
Cache-Control: max-age=315360000
Etag: "619d3f37-28c"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK esi_ddl_schema_header.js Show response
www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/ 13 KB
5 KB 317ms
117ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/esi_ddl_schema_header.js?v=2.3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

b30ac9164fcafdb91f5bdc13895d25e694e01d213887b792833fdc00bbfbcd2e

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Connection: Keep-Alive
Vary: Accept-Encoding, Accept-Encoding
Content-Length: 4633
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 23 Nov 2021 19:21:29 GMT
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Jan 2022 19:45:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 98ea313c-62fd-4cba-6281-f00cb16ab5bf
Cache-Control: max-age=315360000
Etag: "619d3f39-33ab"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 launch-eab74f075d95.min.js Show response
assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/ 444 KB
116 KB 28ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/75c13ef9d9d6/3a8fdc81b7df/launch-eab74f075d95.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7ffdf8b9e5274df0f325c88aa274493d20adc0139c2ee4b8985424dc3ca0e712

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:10 GMT
content-encoding: gzip
last-modified: Thu, 23 Dec 2021 20:42:42 GMT
server: AkamaiNetStorage
etag: "b970c2847321c1d4eb5bc7d55291f7cd:1640292162.859451"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 118157
expires: Tue, 18 Jan 2022 20:45:10 GMT

GET
H2 200 js_54Z_ih2zwnH7CC60A5nu1fcuLfHAnnklNchdaZSH4ws.js Show response
d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/ 44 KB
16 KB 63ms
33ms Script
application/javascript 2600:9000:20c3:ea00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/js_54Z_ih2zwnH7CC60A5nu1fcuLfHAnnklNchdaZSH4ws.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:ea00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7867f8a1db3c271fb082eb40399eed5f72e2df1c09e792535c85d699487e30b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 22:02:21 GMT
content-encoding: gzip
last-modified: Fri, 12 Nov 2021 21:41:18 GMT
server: AmazonS3
age: 78170
etag: W/"1514c0ae9e089379182abf21120e3efa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e01f54b21119ff385b2879b6a08078e0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
x-amz-cf-id: d4tM90Yypcra6Eum3O7qV968AgDk7a1MWVN2lvgB8hCk2K8m4dUJAw==

GET
H2 200 js_tNxY9MroC8eR28rfkUstPTR6QN-xK1IvxKWfxZmvt24.js Show response
d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/ 139 KB
47 KB 16ms
15ms Script
application/javascript 2600:9000:20c3:ea00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/js_tNxY9MroC8eR28rfkUstPTR6QN-xK1IvxKWfxZmvt24.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:ea00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b4dc58f4cae80bc791dbcadf914b2d3d347a40dfb12b522fc4a59fc599afb76e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 15:41:47 GMT
content-encoding: gzip
last-modified: Fri, 12 Nov 2021 21:41:45 GMT
server: AmazonS3
age: 14605
etag: W/"7875515a919d14b945e4c33269f667bc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e01f54b21119ff385b2879b6a08078e0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
x-amz-cf-id: IfA8HJNgbIpyI3AsnZ8-Gym4LBGIB3P2U6cqu0ujuMu7UH5dYCKcgA==

GET
H/1.1 200
OK esi_ddl_schema_footer.js Show response
www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/ 372 KB
134 KB 252ms
128ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/modules/contrib/esi_ddl_schema/dist/js/esi_ddl_schema_footer.js?v=2.3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

107bfc17e5d3b3d3226bad6c056b25bef80450863c6a4b7cbe71059217650d7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding, Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 23 Nov 2021 19:22:05 GMT
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Jan 2022 19:45:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 4eff6dd0-ef56-4929-4aba-3f328c2b5d83
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Etag: "619d3f5d-5ce4d"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK satellite.js Show response
www.express-scripts.com/modules/contrib/esi_ddl_schema/js/ 25 B
930 B 246ms
120ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/modules/contrib/esi_ddl_schema/js/satellite.js?v=1.x

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

f83561d28369539e28ed8b4527479118dbd6af4b302ab2c7caca4fbf1f535381

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Vary: Accept-Encoding
Content-Length: 25
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 23 Nov 2021 19:21:29 GMT
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Jan 2022 19:45:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: 92aee848-5ced-471c-6ccf-dc37280571b7
Cache-Control: max-age=315360000
Etag: "619d3f39-19"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_9al-maPIOQmBH3DnQv6XMFU1lK8ImX4bXaIhTWiLjQM.js Show response
d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/ 99 KB
26 KB 20ms
20ms Script
application/javascript 2600:9000:20c3:ea00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/js_9al-maPIOQmBH3DnQv6XMFU1lK8ImX4bXaIhTWiLjQM.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:ea00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f5a97e99a3c83909811f70e742fe9730553594af08997e1b5da2214d688b8d03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 12:16:10 GMT
content-encoding: gzip
last-modified: Fri, 12 Nov 2021 21:41:19 GMT
server: AmazonS3
age: 26942
etag: W/"670ca055afe04a33860d94ec1278d8a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e01f54b21119ff385b2879b6a08078e0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
x-amz-cf-id: 1dnip3dsd4s2G9b0u9PcFUqDWAxxuvdvZlxJWXCBdocmzR-1iuVcGg==

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
967 B 136ms
49ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

47d6a05d6ad84b1c213f47647d1fb89523cf96bf0611728d5fc453fb89c83e23

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Tue, 18 Jan 2022 19:45:11 GMT

GET
H2 200 js_xL6rg0ndJR1gKRZVWTtEskl_HxEqXXRfaLY8927Z7QI.js Show response
d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/ 464 KB
88 KB 24ms
24ms Script
application/javascript 2600:9000:20c3:ea00:8:7fec:8380:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1sasz49lqpqtq.cloudfront.net/s3fs-public/js/js_xL6rg0ndJR1gKRZVWTtEskl_HxEqXXRfaLY8927Z7QI.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:ea00:8:7fec:8380:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c4beab8349dd251d60291655593b44b2497f1f112a5d745f68b63cf76ed9ed02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 18:02:08 GMT
content-encoding: br
last-modified: Fri, 12 Nov 2021 21:41:48 GMT
server: AmazonS3
age: 6184
etag: W/"9b78d314c434faef01b6bd5cee801e65"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e01f54b21119ff385b2879b6a08078e0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
x-amz-cf-id: tEEBtSff-6vnVSm4PU5csDDMwqRpZVwvtBpisx8ODVrCwvOuDOI3Ow==

GET
H2 200 font
fonts.gstatic.com/l/ 29 KB
30 KB 127ms
39ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/l/font?kit=iJWKBXyIfDnIV4nDv8iY8Ef9yK1Y6OO8ek4ccqniobR9CJmRUV4rwf-mb2EQuHEVB1C2kD8rf9t5D52cHWw1-O7znokAoH8736LabBXQd9L3q_Yr2YmdQ6E0A5_jovlI1poL33Dvy1mHnJCqZxkIXNClyzxV8zGElMl7Im1M93eE8hGh9n-U7eCgBRlvs6PLW2ZgM5n9XUtm1hGL3hzljqu_yo51gyE5nXEtkWhwBOxwOkZP7uwUm9OMuKulDIs_UaunCo1Jluj67WbTL1jikBgSGj5HktLgaSluveNjQxgBVZ4z6MJjV-3fdk3Ltxx8n_-MYs4tPC4HY04q37_HXcD3R7Cr4wdqY5oL6sJrn6mniLZS7EBTBRecwX32UuQD-fQ2N9wTuJOe1ZDXm0AbTdQ3MzS_kTQZGKkKbazGb-I&skey=cee854e66788286d&v=v14

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500&display=swap&text=1234567890ABCDEFGHIJKLMONPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0%2C%2E%27%3B%5D%5B%3A%22%7B%7D%3E%3C%3F%2F%29%28%2A%26%5E%25%24%23%40%21%C2%A9%C2%AE%E2%84%A2%7E%60%7C%5C%3D%2D%2B%5F%E2%80%99%C2%AB%C2%BB%C2%BF%C2%A1%C3%81%C3%89%C3%8D%C3%93%C3%9A%C3%91%C3%9C%C3%A1%C3%A9%C3%AD%C3%B3%C3%BA%C3%B1%C3%BC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a36d281dcb05304444df2ec9cf23a42f44b5defe42fa4db488f3313b6d6f4cb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 10:19:33 GMT
x-content-type-options: nosniff
age: 33938
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="font.woff2"; filename*=UTF-8''font.woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30180
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 01:36:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
expires: Tue, 18 Jan 2022 10:19:33 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
1 KB 122ms
36ms XHR
application/json 52.16.22.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=BCDA9CC055686E397F000101%40AdobeOrg&d_nsid=0&ts=1642535111278

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.16.22.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-22-188.eu-west-1.compute.amazonaws.com

Software

Resource Hash

b8b2e9cc077af27b4988aaec2436b6139af62692ae0fe78be5f16b1c2190c11d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v026-07b1f5098.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: eRIrfQIXQrc=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.express-scripts.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 688
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 33 KB
12 KB 16ms
16ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:11 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 21:37:16 GMT
server: AkamaiNetStorage
etag: "820eb42f3120ddf65e303b24a8285815:1634593036.305122"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12200
expires: Tue, 18 Jan 2022 20:45:11 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 3 KB
2 KB 24ms
24ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:11 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 21:37:16 GMT
server: AkamaiNetStorage
etag: "abbe69e5c8f385f00652c3d0c2bba347:1634593036.557115"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1594
expires: Tue, 18 Jan 2022 20:45:11 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 48ms
14ms Script
text/javascript 13.227.133.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.133.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-133-121.muc51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 283
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 80f506314db20ab597e236137f18accc.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Tue, 18 Jan 2022 19:40:29 GMT
x-amz-cf-pop: MUC51-C1
content-length: 23872
x-amz-cf-id: v754tmThyRchckljWbc8Ys2Lc76Zxs5_rC4r5m1Iq4K64NKF7_-Yww==

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85ae621f97ae0e47dc5409c1ce197505bbfe6021b6381d1686463084a13913ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82250dc6a2179c77f937827f5bc063e133fe0349eac7655cf4beee2320656577

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK dest5.html Show response
expressscriptsholdingcompany.demdex.net/ Frame 5211 7 KB
3 KB 123ms
31ms Document
text/html 52.211.32.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscriptsholdingcompany.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.211.32.39 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-211-32-39.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Tue, 18 Jan 2022 19:45:11 GMT
DCS: dcs-prod-irl1-1-v026-0af43dd6b.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 20 Dec 2021 14:08:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: p6Yn8gq9T9M=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
expressscripts.sc.omtrdc.net/ 2 B
321 B 52ms
16ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscripts.sc.omtrdc.net/id?d_visid_ver=5.3.0&d_fieldgroup=A&mcorgid=BCDA9CC055686E397F000101%40AdobeOrg&mid=86944178002874531592179682466152891551&ts=1642535111412

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 18 Jan 2022 19:45:11 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-cdfbd77b-5llss
vary: Origin
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YecYxwAAAGS5zAPy
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=86938847471068947662175781051467167958
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YecYxwAAAGS5zAPy

42 B
945 B

31ms
31ms

Image
image/gif

52.16.22.188
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YecYxwAAAGS5zAPy

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Server

52.16.22.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-22-188.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v026-0a1e34d76.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Myrw3bZZTqM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YecYxwAAAGS5zAPy
Date: Tue, 18 Jan 2022 19:45:11 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
expressscriptsholdin.tt.omtrdc.net/rest/v1/ 363 B
606 B 94ms
36ms XHR
application/json 34.241.165.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://expressscriptsholdin.tt.omtrdc.net/rest/v1/delivery?client=expressscriptsholdin&sessionId=0fd2b98b9beb41bc90c0f7b4858e4b32&version=2.6.1
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.165.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-165-255.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 043ca9d47100c850c26fade4177db2e86de8b8b24a497ee816aa2b5ba5f3c761

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 18 Jan 2022 19:45:11 GMT
content-encoding: gzip
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.express-scripts.com
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: 4f6de4cc28bc1097f3e649a7a27af0ee

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 5211
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBT1J4eVhDcQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWVjWXh3QUFBT1J4eVhDcQ&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_tc=
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWVjWXlBQUFBQmpOY1FQXw
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1
https://pixel.everesttech.net/1x1

128 B
691 B

28ms
28ms

Image
image/png

52.16.162.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.16.162.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-162-42.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 18 Jan 2022 19:45:12 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Tue, 18 Jan 2022 19:45:12 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 5211
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFCUFQ0U0V2YQ&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm=&google_sc=&ev_rs=1&google_hm=WWVjWXh3QUFCUFQ0U0V2YQ&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%2...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEG...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWVjWXh3QUFBSnNZMXdQdg
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1
https://pixel.everesttech.net/1x1

128 B
691 B

28ms
28ms

Image
image/png

52.16.162.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.16.162.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-162-42.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 18 Jan 2022 19:45:12 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b516-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Tue, 18 Jan 2022 19:45:12 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

OPTIONS
H2 200 5d2863f9d635a906a61defd3
app.launchdarkly.com/sdk/goals/ Frame 0
0 24ms
7ms Preflight 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5d2863f9d635a906a61defd3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-launchdarkly-user-agent
Origin: https://www.express-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
allow: GET, OPTIONS, HEAD
content-encoding: gzip
ld-region: us-east-1
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Tue, 18 Jan 2022 19:45:11 GMT
via: 1.1 varnish
x-served-by: cache-hhn4061-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1642535112.734413,VS0,VE0
vary: Accept-Encoding
age: 0
content-length: 23

OPTIONS
H2 200 eyJrZXkiOiI4YzVmODZmNi02ZjA0LTQ3MzUtOTRkMy0wZmJhZDczMmE2MjQifQ
app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/ Frame 0
0 20ms
7ms Preflight 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/eyJrZXkiOiI4YzVmODZmNi02ZjA0LTQ3MzUtOTRkMy0wZmJhZDczMmE2MjQifQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-launchdarkly-user-agent
Origin: https://www.express-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
allow: GET, OPTIONS, HEAD
content-encoding: gzip
ld-region: us-east-1
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Tue, 18 Jan 2022 19:45:11 GMT
via: 1.1 varnish
x-served-by: cache-hhn4061-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1642535112.734490,VS0,VE1
vary: Accept-Encoding
age: 0
content-length: 23

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ 354 KB
140 KB 124ms
37ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

544b63f0d07b2a51e01e2ecc3986eb5d07838bb121c4f472f1178b7b94faf463

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.express-scripts.com/
Origin: https://www.express-scripts.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 18:24:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4855
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143013
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Jan 2023 18:24:16 GMT

GET
H/1.1 200
OK lazysizes.min.js Show response
www.express-scripts.com/libraries/lazysizes/ 8 KB
5 KB 115ms
115ms Script
application/javascript 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/libraries/lazysizes/lazysizes.min.js

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

6e61be2f374a0122510025578940baf7ef8dbbcaf3ecc5f5535cfc81bd1cfd39

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:, default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation
Connection: Keep-Alive
Vary: Accept-Encoding, Accept-Encoding
Content-Length: 4088
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 23 Nov 2021 19:21:29 GMT
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Jan 2022 19:45:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript; charset=utf-8
X-Vcap-Request-Id: aba01d7e-d94f-4111-7fe7-d029ffd95e6b
Cache-Control: max-age=315360000
Etag: "619d3f39-1ed1"
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5d2863f9d635a906a61defd3 Show response
app.launchdarkly.com/sdk/goals/ 2 B
179 B 8ms
7ms XHR
application/json 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5d2863f9d635a906a61defd3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
X-LaunchDarkly-User-Agent: JSClient/2.17.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
content-md5: d751713988987e9331980363e24189ce
age: 0
x-cache: HIT
access-control-max-age: 300
date: Tue, 18 Jan 2022 19:45:11 GMT
content-length: 26
x-served-by: cache-hhn4061-HHN
access-control-allow-origin: *
ld-region: us-east-1
x-timer: S1642535112.742495,VS0,VE0
etag: "d751713988987e9331980363e24189ce"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0
accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
x-cache-hits: 3

GET
H2 200 eyJrZXkiOiI4YzVmODZmNi02ZjA0LTQ3MzUtOTRkMy0wZmJhZDczMmE2MjQifQ Show response
app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/ 24 KB
4 KB 42ms
42ms XHR
application/json 151.101.130.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://app.launchdarkly.com/sdk/evalx/5d2863f9d635a906a61defd3/users/eyJrZXkiOiI4YzVmODZmNi02ZjA0LTQ3MzUtOTRkMy0wZmJhZDczMmE2MjQifQ
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9653bc5b5ff320d565d963c32e22d0c66a4e530155b4ff9ec37ea2e5a2bfd157

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
X-LaunchDarkly-User-Agent: JSClient/2.17.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:11 GMT
content-encoding: gzip
vary: Authorization, Accept-Encoding
age: 0
x-cache: MISS
content-length: 3337
x-served-by: cache-hhn4061-HHN
access-control-allow-origin: *
x-timer: S1642535112.742530,VS0,VE35
etag: "2892dbb"
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, GET
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0
accept-ranges: bytes
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-Requested-With, X-LD-Private, X-LD-AccountId, X-LD-EnvId, X-LD-PrjId, X-LaunchDarkly-Event-Schema, X-LaunchDarkly-User-Agent, X-LaunchDarkly-Wrapper, Ld-Api-Version
x-cache-hits: 0

GET
H/1.1 200
OK ip Show response
www.express-scripts.com/frontendservice/consumeraccount/1/ 26 B
580 B 148ms
147ms XHR
application/json 167.211.52.57
EXPRES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.express-scripts.com/frontendservice/consumeraccount/1/ip

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

167.211.52.57 , United States, ASN5696 (EXPRES, US),

Reverse DNS

Software

Resource Hash

8767fc1a5c12a03dccdd4ae94e0c45183c752285be69d40eec9b79766cb1a667

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgQDWFRSARABVFJRDgUCX1QI
tracestate: 2039469@nr=0-1-2249219-1033946551-8c9e0297dcefc1ae----1642535111729
traceparent: 00-01597281aec5d67586f8fa9a935f2490-8c9e0297dcefc1ae-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjIyNDkyMTkiLCJhcCI6IjEwMzM5NDY1NTEiLCJpZCI6IjhjOWUwMjk3ZGNlZmMxYWUiLCJ0ciI6IjAxNTk3MjgxYWVjNWQ2NzU4NmY4ZmE5YTkzNWYyNDkwIiwidGkiOjE2NDI1MzUxMTE3MjksInRrIjoiMjAzOTQ2OSJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
X-Requested-With: XMLHttpRequest

Response headers

Pragma: no-cache
Date: Tue, 18 Jan 2022 19:45:11 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
X-Vcap-Request-Id: 7dd6c7ec-71c0-4954-5dcc-78fbfdfb9e8c
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security: max-age=31536000
Esrx-Request-Id: e203bc90-0218-46f9-a1b0-4d4b31e4b85e
Vary: Accept-Encoding
Content-Length: 26
X-Xss-Protection: 1; mode=block
Expires: 0

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 5211
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBT1J4MTNDcQ&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%25...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D26...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WWVjWXlBQUFBRTRaendQdg
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE3WUvTgknvNQ1WvFFZ7b3c&google_cver=1
https://pixel.everesttech.net/1x1

128 B
691 B

28ms
28ms

Image
image/png

52.16.162.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.16.162.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-162-42.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 18 Jan 2022 19:45:12 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b51c-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Tue, 18 Jan 2022 19:45:12 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 s63888128192877
expressscripts.sc.omtrdc.net/b/ss/expresscomprod/1/JS-2.22.3-LBWB/ 43 B
220 B 17ms
17ms Ping
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://expressscripts.sc.omtrdc.net/b/ss/expresscomprod/1/JS-2.22.3-LBWB/s63888128192877?AQB=1&ndh=1&pf=1&t=18%2F0%2F2022%2019%3A45%3A11%202%200&sdid=37311038FC79D8B9-10C5CB7AA182A7A7&mid=86944178002874531592179682466152891551&aamlh=6&ce=UTF-8&pageName=PageNotFound%3AESI&g=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-Bold.woff%27&cc=USD&ch=View&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=PageNotFound%3AESI&v1=PageNotFound%3AESI&v3=Launch&c23=ESIWeb&c37=www.express-scripts.com%2Fart%2Femail%2FAeonik-Bold.woff%27&v37=www.express-scripts.com%2Fart%2Femail%2FAeonik-Bold.woff%27&c43=1642535111678&c49=Drupal&c50=Homepage&v50=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-Bold.woff%27&v68=86944178002874531592179682466152891551&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=BCDA9CC055686E397F000101%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 18 Jan 2022 19:45:11 GMT
x-content-type-options: nosniff
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 19 Jan 2022 19:45:11 GMT
server: jag
xserver: anedge-cdfbd77b-2qtg5
etag: 3527317293573439488-4619815609820434417
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
expires: Mon, 17 Jan 2022 19:45:11 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 5211
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFCY0N0V1V1TQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpir...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2...
https://pixel.everesttech.net/1x1

128 B
796 B

29ms
28ms

Image
image/png

52.16.162.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.16.162.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-162-42.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 18 Jan 2022 19:45:12 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Tue, 18 Jan 2022 19:45:12 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame E9E8 41 KB
21 KB 107ms
59ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z&co=aHR0cHM6Ly93d3cuZXhwcmVzcy1zY3JpcHRzLmNvbTo0NDM.&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=ihoeb5tf0zni

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f0f58817ffbd53a2940329a4e24b7bcab2689c0c2de42da5fc3299ff8d645031

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rmh0a7SayqPs+lpi2AkGXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 18 Jan 2022 19:45:12 GMT
content-security-policy: script-src 'report-sample' 'nonce-rmh0a7SayqPs+lpi2AkGXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21714
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 5211
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBR1M1ekFQeQ&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fv...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggyb...
https://pixel.everesttech.net/1x1

128 B
691 B

54ms
28ms

Image
image/png

52.16.162.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.16.162.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-162-42.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 18 Jan 2022 19:45:12 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b51f-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Tue, 18 Jan 2022 19:45:12 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 5211
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WWVjWXh3QUFBR1M1ekFQeQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_...
https://pixel.everesttech.net/1x1

128 B
691 B

28ms
28ms

Image
image/png

52.16.162.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.16.162.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-162-42.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://expressscriptsholdingcompany.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 18 Jan 2022 19:45:12 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Tue, 18 Jan 2022 19:45:12 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame E9E8 51 KB
24 KB 87ms
40ms Stylesheet
text/css 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z&co=aHR0cHM6Ly93d3cuZXhwcmVzcy1zY3JpcHRzLmNvbTo0NDM.&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=ihoeb5tf0zni

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 16:45:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Jan 2023 16:45:07 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame E9E8 354 KB
140 KB 105ms
58ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

544b63f0d07b2a51e01e2ecc3986eb5d07838bb121c4f472f1178b7b94faf463

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 18:24:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143013
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Jan 2023 18:24:16 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9458fde8fcfcf7cd851aee40e681fa944f69f0c14337bfd737bb070966f0e19b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 nr-spa-1212.min.js Show response
js-agent.newrelic.com/ 44 KB
17 KB 22ms
6ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding: gzip
etag: "8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id: ANVX8WPYJ9NM99FD
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16636
x-amz-id-2: //pISD16Bm7/1PDlW0ghswvgTyyOyXNw/emHSr2czJPEUE1eLcqp61M3L9P610qmdidTDtCabTk=
x-served-by: cache-hhn4071-HHN
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1642535112.337921,VS0,VE0
date: Tue, 18 Jan 2022 19:45:12 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11587

GET
H2 200 / Show response
zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 73ms
44ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_3EtDzVv330Bnajr&Q_LOC=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-Bold.woff%27&t=1642535112320

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c7eb23d1c63071b7f0b9c86486b3beefde863f68c0f6770904a841cefe69d3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 427159
cf-polished: origSize=8435
cf-ray: 6cfa528438e042fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 13
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-a7xH6dFbsuS9royhF0Vc22Z+Puo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 / Show response
zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 157ms
129ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_7QCHNY5hadKsvMV&Q_LOC=https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-Bold.woff%27&t=1642535112321

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

991d3bb6e5137c2502ddce23fbcf7e89dff074ecec1f5a8cfbb3ddcf050be333

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 404983
cf-polished: origSize=8435
cf-ray: 6cfa52843e9e2bd6-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 19
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-BJOVqIA0bdz4RdZE4e77j5fb1Ns"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

POST
H2 202 5d2863f9d635a906a61defd3 Show response
events.launchdarkly.com/events/diagnostic/ 0
328 B 97ms
97ms XHR
application/json 52.200.153.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/5d2863f9d635a906a61defd3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.200.153.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-200-153-6.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
X-LaunchDarkly-User-Agent: JSClient/2.17.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
access-control-max-age: 300
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Date
strict-transport-security: max-age=31536000
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
content-length: 0

OPTIONS
H2 204 5d2863f9d635a906a61defd3
events.launchdarkly.com/events/diagnostic/ Frame 0
0 440ms
97ms Preflight 52.200.153.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/5d2863f9d635a906a61defd3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.200.153.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-200-153-6.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-launchdarkly-user-agent
Origin: https://www.express-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
strict-transport-security: max-age=31536000

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame E9E8 102 B
133 B 48ms
48ms Other
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e671437dbdfea29e6d58d838049e22ef37097277eb96cb7d87eb08c90bfe035a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z&co=aHR0cHM6Ly93d3cuZXhwcmVzcy1zY3JpcHRzLmNvbTo0NDM.&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=ihoeb5tf0zni
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Tue, 18 Jan 2022 19:45:12 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame A7C8 7 KB
1 KB 72ms
70ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8f51c49f39962f74b973fcd52fca2ab87fbd83e8a64963cf9f63bd427fedaae9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kkSfj0uZkTAJliqsCQutyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 18 Jan 2022 19:45:12 GMT
content-security-policy: script-src 'report-sample' 'nonce-kkSfj0uZkTAJliqsCQutyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1111
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK a73afcb621 Show response
bam-cell.nr-data.net/1/ 49 B
715 B 484ms
465ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/a73afcb621?a=1033945909&v=1212.e95d35c&to=ZFQGYRZTXUoEUUJRDl0eJVYQW1xXSkJXXwRsUgVWDFc%3D&rst=1978&ck=1&ref=https://www.express-scripts.com/art/email/Aeonik-Bold.woff%27&qt=26&ap=41&be=547&fe=1926&dc=1308&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1642535110393,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:2,%22c%22:2,%22s%22:99,%22ce%22:298,%22rq%22:298,%22rp%22:522,%22rpe%22:619,%22dl%22:525,%22di%22:1305,%22ds%22:1305,%22de%22:1325,%22dc%22:1926,%22l%22:1926,%22le%22:1929%7D,%22navigation%22:%7B%7D%7D&fp=966&fcp=966&at=SBMFF15JTkQ%3D&jsonp=NREUM.setToken
Requested by: Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 18 Jan 2022 19:45:12 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6cfa52847a42434b-FRA

GET
H2 200 12.8327016048e927965e51.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 55 KB
17 KB 46ms
45ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=www.express-scripts.com

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

878227787bfdfdc233209277b711325be189981949e62797f2b8413f1931c261

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 499820
cf-polished: origSize=57365
cf-ray: 6cfa5284799242fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
etag: W/"e015-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 3 KB
1 KB 148ms
146ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3EtDzVv330Bnajr&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa108313e5c8ffa515063f234cc2a249a8219e05e6b7bfc4daf94c9f775e8075

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 7
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: aed5f954905a6018
cf-ray: 6cfa5284da5842fd-FRA

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame A7C8 51 KB
24 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 16:45:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Jan 2023 16:45:07 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame A7C8 354 KB
140 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdlAcgUAAAAAIGCs1alIYxdWVwAJ70QsghC1e9Z

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

544b63f0d07b2a51e01e2ecc3986eb5d07838bb121c4f472f1178b7b94faf463

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 18:24:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143013
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Jan 2023 18:24:16 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 11 KB
2 KB 146ms
146ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_7QCHNY5hadKsvMV&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63809c36649bcc61358be3f571c6e94d653b8fdfc07581fb18b516ece84fce72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 7
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: 7ef4bd1b455c1c25
cf-ray: 6cfa52850ad142fd-FRA

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 99 KB
31 KB 53ms
52ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

319a3cc5c9b91c326cd8b31930650ec7afa7d00dfb4c8f59bf0d4ed0f5ca1526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 499818
cf-polished: origSize=102657
cf-ray: 6cfa5285fda042fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 3
vary: Accept-Encoding
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
x-powered-by: Express
etag: W/"19101-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 4.421260a34f7ea51f50e6.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
906 B 46ms
46ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/4.421260a34f7ea51f50e6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b93deb2f2f99a6dcd6ba15e31633e827712bebda802d21de182dcd417c5173c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 580881
cf-polished: origSize=2539
cf-ray: 6cfa52868f7042fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
x-powered-by: Express
etag: W/"9eb-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 1.5c0b718e7a75c4689460.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
6 KB 53ms
53ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.5c0b718e7a75c4689460.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01937c9481039111d9c0f243edc9dc1fd987dde3ecfa0e7082c3500f82477807

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 499817
cf-polished: origSize=29269
cf-ray: 6cfa52869f7a42fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 3
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
etag: W/"7255-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 64 KB
23 KB 43ms
42ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 499805
cf-polished: origSize=66052
cf-ray: 6cfa52869f8042fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 15
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
etag: W/"10204-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 EmbeddedTargetModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 7 KB
3 KB 52ms
51ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/EmbeddedTargetModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 475209
cf-polished: origSize=8462
cf-ray: 6cfa52869f8f42fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 11
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
etag: W/"210e-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 LinkModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
894 B 58ms
57ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/LinkModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=expressscriptscx

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 487847
cf-polished: origSize=2547
cf-ray: 6cfa52869f9242fd-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 22
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
etag: W/"9f3-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 82ms
56ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_87gv7D6QVcbj04B&Version=16&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a99848933336427d4171eceafc6b7ce1dbbdab9a72c40e7c3de47bb82c7908a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 404610
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 14
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 14 Jan 2022 03:21:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 12 Jan 2032 03:21:42 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6cfa5286bc2e42e1-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1 KB 75ms
50ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_aXGRHT9deChbnUO&Version=7&Q_InterceptID=SI_87gv7D6QVcbj04B&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac6769aeda5a8b002e699c70ac13539a4d32ba0ed1736f7cfff0d863e6f5fe04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 374191
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 14 Jan 2022 11:48:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 12 Jan 2032 11:48:41 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6cfa5286bc3542e1-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 16 KB
2 KB 92ms
67ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_eznJ7JJ2gtxcty5&Version=9&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

525c8e3edad21c44cbfb3de556490dd233c83965d0c586e5d6b1fdd77e2bd8ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 123344
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 15
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 17 Jan 2022 09:29:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Thu, 15 Jan 2032 09:29:28 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6cfa5286bc3942e1-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 220 B
291 B 78ms
53ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_7aEyhXOE6dHOF8x&Version=4&Q_InterceptID=SI_eznJ7JJ2gtxcty5&Q_ORIGIN=https://www.express-scripts.com&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1afdfe6ce4ad01e843007105d64d70468158c7a43c6944718922ffb7dc6169eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 391493
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 15
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 14 Jan 2022 07:00:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
expires: Mon, 12 Jan 2032 07:00:19 GMT
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6cfa5286bc3b42e1-FRA
servershortname

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
118 B 158ms
158ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_7aEyhXOE6dHOF8x&Q_SIID=SI_eznJ7JJ2gtxcty5&Q_ASID=AS_92259288&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&r=1642535112842

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: 7f670e287dc60da8
cf-ray: 6cfa52874d8f42e1-FRA

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
217 B 150ms
150ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_aXGRHT9deChbnUO&Q_SIID=SI_87gv7D6QVcbj04B&Q_ASID=AS_3KIqEDWJ9XmKaix&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&r=1642535112846

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.express-scripts.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 7
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.express-scripts.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: 8ed9b6a1b1ca8d5f
cf-ray: 6cfa52875dae42e1-FRA

GET
H2 200 wr-dialog-close-btn-white.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 254 B
707 B 44ms
44ms Image
image/png 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.express-scripts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 19:45:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1185681
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time: 4
cf-bgj: imgq:85,h2pri
vary: Accept-Encoding
content-length: 254
accept-ranges: bytes
last-modified: Fri, 24 Sep 2021 19:50:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=315360000, public
trace-id: 235c58a2d918c179
cf-ray: 6cfa5287494042fd-FRA
servershortname
expires: Sat, 03 Jan 2032 02:23:51 GMT

POST
H2 202 5d2863f9d635a906a61defd3 Show response
events.launchdarkly.com/events/bulk/ 0
328 B 98ms
97ms XHR
application/json 52.200.153.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5d2863f9d635a906a61defd3

Requested by

Host: www.express-scripts.com
URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff'

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.200.153.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-200-153-6.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.express-scripts.com/
X-LaunchDarkly-Payload-ID: 27b52320-7897-11ec-9818-f14cb85c6ca2
X-LaunchDarkly-Event-Schema: 3
Accept-Language: de-DE,de;q=0.9
X-LaunchDarkly-User-Agent: JSClient/2.17.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 18 Jan 2022 19:45:14 GMT
access-control-max-age: 300
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Date
strict-transport-security: max-age=31536000
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
content-length: 0

OPTIONS
H2 204 5d2863f9d635a906a61defd3
events.launchdarkly.com/events/bulk/ Frame 0
0 97ms
97ms Preflight 52.200.153.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5d2863f9d635a906a61defd3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.200.153.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-200-153-6.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent
Origin: https://www.express-scripts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 18 Jan 2022 19:45:14 GMT
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
strict-transport-security: max-age=31536000

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.express-scripts.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 04:34:47	Name: demdex Value: 86938847471068947662175781051467167958
.express-scripts.com/	1969-12-31 23:59:59	Name: AMCVS_BCDA9CC055686E397F000101%40AdobeOrg Value: 1
.express-scripts.com/	1970-01-20 17:49:39	Name: mbox Value: session#0fd2b98b9beb41bc90c0f7b4858e4b32#1642536972\|PC#0fd2b98b9beb41bc90c0f7b4858e4b32.37_0#1705779912
.express-scripts.com/	1970-01-20 09:01:11	Name: launchDarklyUserKey Value: 8c5f86f6-6f04-4735-94d3-0fbad732a624
.express-scripts.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.doubleclick.net/	1970-01-20 09:37:11	Name: IDE Value: AHWqTUmorDvXsnAoV09UWZzVfD0nN3SooDt0sl94gt075qdTtwcWp5o_zYHRYIKYpJ0
.dpm.demdex.net/	1970-01-20 04:34:47	Name: dpm Value: 86938847471068947662175781051467167958
.express-scripts.com/	1970-01-20 17:46:47	Name: AMCV_BCDA9CC055686E397F000101%40AdobeOrg Value: -2121179033%7CMCIDTS%7C19011%7CMCMID%7C86944178002874531592179682466152891551%7CMCAAMLH-1643139911%7C6%7CMCAAMB-1643139911%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1642542311s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19018%7CvVersion%7C5.3.0
.demdex.net/	1970-01-20 04:34:47	Name: dextp Value: 1083-1-1642535111554\|1085-1-1642535111655\|1086-1-1642535111756\|1087-1-1642535111857\|1088-1-1642535111969\|19913-1-1642535112070
.everesttech.net/	1970-01-20 01:00:13	Name: ev_sync_ax Value: 20220118
.everesttech.net/	1970-01-20 09:01:11	Name: everest_g_v2 Value: g_surferid~YecYyAAAABjNcQP_
.everesttech.net/	1969-12-31 23:59:59	Name: everest_session_v2 Value: YecYyAAAAPdRrA-g
www.express-scripts.com/	1969-12-31 23:59:59	Name: QSI_HistorySession Value: https%3A%2F%2Fwww.express-scripts.com%2Fart%2Femail%2FAeonik-Bold.woff'~1642535112607
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 20a6b0e27f367547

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network	error	URL: https://www.express-scripts.com/art/email/Aeonik-Bold.woff' Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: .express-scripts.com d1sasz49lqpqtq.cloudfront.net .qualtrics.com .omtrdc.net .demdex.net .googlesyndication.com .instagram.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1sasz49lqpqtq.cloudfront.net .adobedtm.com .fontawesome.com .qualtrics.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .google.com .gstatic.com .facebook.net .ads-twitter.com .twitter.com .brightcove.com .brightcove.net vjs.zencdn.net .s3.amazonaws.com snap.licdn.com .googletagmanager.com .express-scripts.com activitymap.adobe.com .branch.io app.link js-agent.newrelic.com bam-cell.nr-data.net insight.adsrvr.org .facebook.com .twitter.com .linkedin.com; object-src 'self' .s3.amazonaws.com .brightcove.net d1sasz49lqpqtq.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com .express-scripts.com .cloudflare.com .fontawesome.com .s3.amazonaws.com d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com; img-src 'self' data: .qualtrics.com .omtrdc.net expressscripts.sc.omtrdc.net .everesttech.net .demdex.net .facebook.com t.co .s3.amazonaws.com .brightcove.com .prod.boltdns.net .google.com openbadges.blob.core.windows.net d1sasz49lqpqtq.cloudfront.net .express-scripts.com .llnwd.net .linkedin.com .doubleclick.net .branch.io .adsrvr.org .googletagmanager.com .addthis.com .pinsightmedia.com .mookie1.com .advertising.com .scorecardresearch.com .linksynergy.com .casalemedia.com .insightexpressai.com .media6degrees.com .analytics.yahoo.com mid.rkdms.com match.sync.ad.cpe.dotomi.com aa.agkn.com ib.adnxs.com io.narrative.io cm.pos.baidu.com x.bidswitch.net tags.bluekai.com cs.adingo.jp ml314.com loadm.exelator.com global.ib-ibi.com ckm.iqiyi.com usermatch.krxd.net i.liadm.com idsync.rlcdn.com simage2.pubmatic.com e.nexac.com cm.mediav.com pixel.rubiconproject.com uipglob.semasio.net match.sharethrough.com s.thebrighttag.com eb2.3lift.com pixel.tapad.com cm.l.qq.com dmp.truoptik.com c.yes.youku.com; media-src 'self' blob: .express-scripts.com .s3.amazonaws.com .brightcove.com .prod.boltdns.net d1sasz49lqpqtq.cloudfront.net .akamaihd.net; frame-src 'self' .s3.amazonaws.com .qualtrics.com .youtube.com .omtrdc.net .demdex.net .google.com d1sasz49lqpqtq.cloudfront.net .fls.doubleclick.net activitymap.adobe.com .omniture.com .facebook.com; child-src 'self' blob: .express-scripts.com .s3.amazonaws.com .youtube.com d1sasz49lqpqtq.cloudfront.net; font-src * 'self' data: .express-scripts.com fonts.googleapis.com fonts.gstatic.com .s3.amazonaws.com .amazonaws.com d1sasz49lqpqtq.cloudfront.net; connect-src 'self' .express-scripts.com .qualtrics.com .adobedtm.com .everestjs.net .omtrdc.net .marketo.net .demdex.net .brightcove.com .prod.boltdns.net .akamaihd.net d1sasz49lqpqtq.cloudfront.net app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com .llnwd.net .mktoresp.com di-tag.express-scripts.com .branch.io app.link wss://.express-scripts.com bam-cell.nr-data.net .cigna.com default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.launchdarkly.com
assets.adobedtm.com
bam-cell.nr-data.net
cdn.branch.io
cm.everesttech.net
cm.g.doubleclick.net
d1sasz49lqpqtq.cloudfront.net
dpm.demdex.net
events.launchdarkly.com
expressscripts.sc.omtrdc.net
expressscriptsholdin.tt.omtrdc.net
expressscriptsholdingcompany.demdex.net
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
pixel.everesttech.net
siteintercept.qualtrics.com
www.express-scripts.com
www.google.com
www.gstatic.com
zn3etdzvv330bnajr-expressscriptscx.siteintercept.qualtrics.com
zn7qchny5hadksvmv-expressscriptscx.siteintercept.qualtrics.com
104.17.208.240
104.17.209.240
13.227.133.121
142.250.185.194
15.188.95.229
151.101.130.217
151.101.66.137
162.247.243.146
167.211.52.57
2600:9000:20c3:ea00:8:7fec:8380:21
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:82b::2004
2a02:26f0:6c00:28a::1e80
34.241.165.255
44.237.101.119
52.16.162.42
52.16.22.188
52.200.153.6
52.211.32.39
01937c9481039111d9c0f243edc9dc1fd987dde3ecfa0e7082c3500f82477807
043ca9d47100c850c26fade4177db2e86de8b8b24a497ee816aa2b5ba5f3c761
04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a
107bfc17e5d3b3d3226bad6c056b25bef80450863c6a4b7cbe71059217650d7a
1afdfe6ce4ad01e843007105d64d70468158c7a43c6944718922ffb7dc6169eb
1c7eb23d1c63071b7f0b9c86486b3beefde863f68c0f6770904a841cefe69d3a
319a3cc5c9b91c326cd8b31930650ec7afa7d00dfb4c8f59bf0d4ed0f5ca1526
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47d6a05d6ad84b1c213f47647d1fb89523cf96bf0611728d5fc453fb89c83e23
4a99848933336427d4171eceafc6b7ce1dbbdab9a72c40e7c3de47bb82c7908a
4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
525c8e3edad21c44cbfb3de556490dd233c83965d0c586e5d6b1fdd77e2bd8ce
544b63f0d07b2a51e01e2ecc3986eb5d07838bb121c4f472f1178b7b94faf463
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
63809c36649bcc61358be3f571c6e94d653b8fdfc07581fb18b516ece84fce72
6caa74e49c274c858a609390744ec56483f8da5af5ac37457a5f1444a3f8163d
6e61be2f374a0122510025578940baf7ef8dbbcaf3ecc5f5535cfc81bd1cfd39
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7ffdf8b9e5274df0f325c88aa274493d20adc0139c2ee4b8985424dc3ca0e712
82250dc6a2179c77f937827f5bc063e133fe0349eac7655cf4beee2320656577
85ae621f97ae0e47dc5409c1ce197505bbfe6021b6381d1686463084a13913ce
8767fc1a5c12a03dccdd4ae94e0c45183c752285be69d40eec9b79766cb1a667
878227787bfdfdc233209277b711325be189981949e62797f2b8413f1931c261
8f51c49f39962f74b973fcd52fca2ab87fbd83e8a64963cf9f63bd427fedaae9
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353
9458fde8fcfcf7cd851aee40e681fa944f69f0c14337bfd737bb070966f0e19b
9653bc5b5ff320d565d963c32e22d0c66a4e530155b4ff9ec37ea2e5a2bfd157
991d3bb6e5137c2502ddce23fbcf7e89dff074ecec1f5a8cfbb3ddcf050be333
99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c
9b7b5d56054f5bab6ea5dfd9472ceb900f406a8a35a3df5b17b606521a411a35
a36d281dcb05304444df2ec9cf23a42f44b5defe42fa4db488f3313b6d6f4cb9
a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc
a68d55d5edf25c0baea3cd150e155c1c64eadbdc52a44ec5f239b8f27e250c8e
aa108313e5c8ffa515063f234cc2a249a8219e05e6b7bfc4daf94c9f775e8075
ac6769aeda5a8b002e699c70ac13539a4d32ba0ed1736f7cfff0d863e6f5fe04
b0c9eb2a4afe7e163c0d16a8d7f161494b9e296672c85bd9ab73331e4dc1e5d9
b30ac9164fcafdb91f5bdc13895d25e694e01d213887b792833fdc00bbfbcd2e
b4dc58f4cae80bc791dbcadf914b2d3d347a40dfb12b522fc4a59fc599afb76e
b8b2e9cc077af27b4988aaec2436b6139af62692ae0fe78be5f16b1c2190c11d
b93deb2f2f99a6dcd6ba15e31633e827712bebda802d21de182dcd417c5173c1
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
c4beab8349dd251d60291655593b44b2497f1f112a5d745f68b63cf76ed9ed02
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
d7e1744232c2d292b7ea66d239e00ae92051b0f95a12dcc91730922a40373f85
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
e2eba246d43a168b06b82bdd625f19596cc018292704531d43f42b92d788f5db
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e671437dbdfea29e6d58d838049e22ef37097277eb96cb7d87eb08c90bfe035a
e7867f8a1db3c271fb082eb40399eed5f72e2df1c09e792535c85d699487e30b
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f58817ffbd53a2940329a4e24b7bcab2689c0c2de42da5fc3299ff8d645031
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f5a97e99a3c83909811f70e742fe9730553594af08997e1b5da2214d688b8d03
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f83561d28369539e28ed8b4527479118dbd6af4b302ab2c7caca4fbf1f535381

www.express-scripts.com Open in urlscan Pro 167.211.52.57 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

69 Requests

90 %HTTPS

29 %IPv6

15 Domains

22 Subdomains

20 IPs

5 Countries

1244 kBTransfer

3965 kBSize

15 Cookies

4 Outgoing links

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

www.express-scripts.com Open in urlscan Pro
167.211.52.57 Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

90 %
HTTPS

29 %
IPv6

15
Domains

22
Subdomains

20
IPs

5
Countries

1244 kB
Transfer

3965 kB
Size

15
Cookies

69 HTTP transactions
3 data transactions