www.gesa.com Open in urlscan Pro
149.126.77.13 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://clicktime.symantec.com/3CJHiLFYQyzPjfKrvK4mtSV7Vc?u=https%3A%2F%2Fwww.gesa.com
Effective URL:
https://www.gesa.com/
Submission: On April 10 via manual (April 10th 2020, 8:11:31 pm UTC) from US

Summary HTTP 78 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 24 IPs in 5 countries across 21 domains to perform 78 HTTP transactions. The main IP is 149.126.77.13, located in Frankfurt am Main, Germany and belongs to INCAPSULA, US. The main domain is www.gesa.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 28th 2017. Valid for: 3 years.

This is the only time www.gesa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.246.220.115 34.246.220.115	16509 (AMAZON-02) (AMAZON-02)
36	149.126.77.13 149.126.77.13	19551 (INCAPSULA) (INCAPSULA)
1	2606:4700::68... 2606:4700::6810:85e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	143.204.97.74 143.204.97.74	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.111.215.74 104.111.215.74	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:814::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
3	52.11.60.74 52.11.60.74	16509 (AMAZON-02) (AMAZON-02)
4	143.204.97.125 143.204.97.125	16509 (AMAZON-02) (AMAZON-02)
2	13.225.73.57 13.225.73.57	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
2	74.208.230.218 74.208.230.218	8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	35.186.228.179 35.186.228.179	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	74.125.206.155 74.125.206.155	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
78	24

1 34.246.220.115 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-220-115.eu-west-1.compute.amazonaws.com

clicktime.symantec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 149.126.77.13 (Frankfurt am Main, Germany)

ASN19551 (INCAPSULA, US)
PTR: 149.126.77.13.ip.incapdns.net

www.gesa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.97.74 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-97-74.fra50.r.cloudfront.net

widget-gesa.interface.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.215.74 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-74.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.11.60.74 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-11-60-74.us-west-2.compute.amazonaws.com

csp.tsrs.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.97.125 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-97-125.fra50.r.cloudfront.net

assets.interface.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.73.57 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-57.fra2.r.cloudfront.net

assets.payjo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.208.230.218 (United States)

ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)
PTR: u20835219.onlinehome-server.com

app.marketplan.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.228.179 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 179.228.186.35.bc.googleusercontent.com

google-analytics.bi.owox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.206.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wk-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	gesa.com www.gesa.com	6 MB
6	interface.ai widget-gesa.interface.ai assets.interface.ai	70 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net	2 KB
4	google-analytics.com ssl.google-analytics.com www.google-analytics.com	35 KB
4	typekit.net use.typekit.net p.typekit.net	108 KB
3	google.de www.google.de	329 B
3	google.com 1 redirects www.google.com	426 B
3	facebook.net connect.facebook.net	79 KB
3	tsrs.cloud csp.tsrs.cloud
2	facebook.com www.facebook.com	351 B
2	marketplan.io app.marketplan.io	2 KB
2	payjo.co assets.payjo.co	21 KB
1	hubspot.com track.hubspot.com	233 B
1	hs-analytics.net js.hs-analytics.net	22 KB
1	hs-banner.com js.hs-banner.com	7 KB
1	owox.com google-analytics.bi.owox.com	29 B
1	googleadservices.com www.googleadservices.com	11 KB
1	googletagmanager.com www.googletagmanager.com	32 KB
1	hs-scripts.com js.hs-scripts.com	824 B
1	cloudflare.com cdnjs.cloudflare.com	32 KB
1	symantec.com 1 redirects clicktime.symantec.com	610 B
78	21

	Domain	Requested by
36	www.gesa.com	www.gesa.com
4	assets.interface.ai	www.gesa.com
3	www.google.de	www.gesa.com
3	www.google.com	1 redirects www.gesa.com
3	connect.facebook.net	www.gesa.com connect.facebook.net
3	csp.tsrs.cloud	www.gesa.com js.hs-scripts.com
3	use.typekit.net	www.gesa.com
2	www.facebook.com	www.gesa.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	app.marketplan.io	www.googletagmanager.com app.marketplan.io
2	www.google-analytics.com	www.googletagmanager.com www.gesa.com
2	assets.payjo.co	www.gesa.com
2	ssl.google-analytics.com	www.gesa.com
2	widget-gesa.interface.ai	www.gesa.com widget-gesa.interface.ai
1	track.hubspot.com
1	bid.g.doubleclick.net	www.googleadservices.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	google-analytics.bi.owox.com	www.gesa.com
1	stats.g.doubleclick.net	1 redirects
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	www.gesa.com
1	p.typekit.net	www.gesa.com
1	js.hs-scripts.com	www.gesa.com
1	cdnjs.cloudflare.com	www.gesa.com
1	clicktime.symantec.com	1 redirects
78	26

This site contains links to these domains. Also see Links.

Domain
onlinexpress.gesa.com
webchat.gesa.com
www.inspiruscu.org
www.gesahomeloans.com
www.gesabusinessbanking.com
www.gesainvestments.com
applyonline.gesa.com
gesa.satmetrix.com

Subject Issuer	Validity	Valid
*.gesa.com DigiCert SHA2 Secure Server CA	`2017-09-28` - `2020-10-02`	3 years	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
interface.ai Amazon	`2020-02-27` - `2021-03-27`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-04-07` - `2020-10-09`	6 months	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
*.tsrs.cloud Go Daddy Secure Certificate Authority - G2	`2019-12-03` - `2021-02-01`	a year	crt.sh
*.payjo.co Amazon	`2019-09-03` - `2020-10-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
app.marketplan.io Let's Encrypt Authority X3	`2020-03-29` - `2020-06-27`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
google-analytics.bi.owox.com GTS CA 1D2	`2020-02-11` - `2020-05-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
hubspot.com CloudFlare Inc ECC CA-2	`2019-12-04` - `2020-10-09`	10 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.gesa.com/
Frame ID: 4FD646CD8127D1707104452D6B749EB8
Requests: 77 HTTP requests in this frame

Frame: https://widget-gesa.interface.ai/widget/index.html?params=%7B%22domain%22%3A%22https%3A%2F%2Fwww.gesa.com%2F%22%2C%22branding%22%3A%7B%22data%22%3A%7B%22info%22%3A%7B%22title%22%3A%22Uni%22%2C%22logo%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni_Icon.svg%22%2C%22bg%22%3A%22%230075af%22%2C%22subtitle%22%3A%22Hi%2C%20I%27m%20Uni.%20You%20and%20I%20can%20solve%20anything.%22%2C%22headerSubtitleColor%22%3A%22%23bb062c%22%2C%22showDisclaimer%22%3Atrue%2C%22theme%22%3A%7B%22baseColor%22%3A%22%230075af%22%2C%22userChatBoxColor%22%3A%22%23B80D2F%22%2C%22hoverContainerTitleColor%22%3A%22%23FFF%22%2C%22hoverContainerBgColor%22%3A%22%23bb062c%22%2C%22hoverContainerSubTitleColor%22%3A%22%23FFF%22%7D%2C%22placeholderText%22%3A%22Please%20enter%20your%20question%20here%22%2C%22greetingsText%22%3A%22Hey%20%7BName%7D!%22%2C%22greatMessage%22%3A%22Hello%20there!%20My%20name%20is%20Uni.%20I%27m%20an%20AI-based%20digital%20assistant%20for%20Gesa.%22%2C%22greatMessageColor%22%3A%22%230075af%22%2C%22showPayjoWatermark%22%3Atrue%2C%22mainCoverImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22coverImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22thumbsUpSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fwidget%2Fthumbs-up.png%22%2C%22thumbsDownSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fwidget%2Fthumbs-down.png%22%2C%22headerTitle%22%3A%22Hello.%22%2C%22headerTitleColor%22%3A%22%23bb062c%22%2C%22showLoadNotification%22%3Atrue%2C%22loadNotificationText%22%3A%22How%20may%20I%20help%20you%20%3F%22%2C%22menuItems%22%3A%5B%5D%2C%22groups%22%3A%5B%5D%2C%22notifications%22%3A%5B%7B%22id%22%3A471327819%2C%22template_type%22%3A%22text_template%22%2C%22details%22%3A%7B%22frequency%22%3A%22once%22%2C%22title%22%3A%22Hello%20%3Cspan%20class%3D%27payjo-emoji%27%3E%F0%9F%91%8B%3C%2Fspan%3E%22%2C%22text%22%3A%22I%27m%20Uni%2C%20your%20digital%20assistant%20from%20Gesa.%22%2C%22action%22%3A%22open-widget%22%7D%7D%2C%7B%22id%22%3A471327820%2C%22template_type%22%3A%22text_template%22%2C%22details%22%3A%7B%22frequency%22%3A%22once%22%2C%22text%22%3A%22How%20may%20I%20help%20you%3F%22%2C%22action%22%3A%22open-widget%22%7D%7D%5D%7D%2C%22toggleImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22subtitle%22%3A%22Hi%2C%20I%2F%27m%20Uni.%20You%20and%20I%20can%20solve%20anything.%22%7D%2C%22toggleImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22domainId%22%3A%22dom_f6498d6a-aeb7-4922-b874-a4b0e3fa30dd%22%2C%22tenantId%22%3A%22sample%22%7D%2C%22utmPayjoId%22%3Anull%2C%22isSmallDevice%22%3Afalse%2C%22isResizeAllowed%22%3Afalse%2C%22channel%22%3A%22default%2Fdevelopment%3Aiagent%22%2C%22env%22%3A%22dev%22%2C%22socketPath%22%3A%22https%3A%2F%2Fsocket-gesa.interface.ai%22%2C%22fallbackSocketPath%22%3A%22https%3A%2F%2Fsocket-gesa.interface.ai%22%2C%22widgetUrl%22%3A%22https%3A%2F%2Fwidget-gesa.interface.ai%2Fwidget%2Findex.html%22%2C%22forceDisableUserInput%22%3Afalse%2C%22systemInterface%22%3A%7B%22url%22%3A%22https%3A%2F%2Fsi-gesa.interface.ai%2Fclient%2Fconnect%22%2C%22tenant%22%3A%22default%2Fdevelopment%22%2C%22environment%22%3A%22default%22%7D%2C%22mode%22%3A%22web%22%2C%22authContent%22%3Anull%2C%22thirdPartyWidgetDriver%22%3A%22PayjoNoOpWidgetDriver%22%2C%22thirdPartyWidgetUrl%22%3A%22%22%2C%22events%22%3A%5B%7B%22name%22%3A%22transfer%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22disable%22%7D%2C%7B%22name%22%3A%22page_tracking%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22enable%22%7D%2C%7B%22name%22%3A%22url%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22enable%22%7D%5D%2C%22width%22%3A%22300px%22%2C%22height%22%3A%22450px%22%7D
Frame ID: DA00A32E65CF754CC8070A24A9C84F74
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: A3C28DC5933D05CA0984FC69FA596065
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://clicktime.symantec.com/3CJHiLFYQyzPjfKrvK4mtSV7Vc?u=https%3A%2F%2Fwww.gesa.com HTTP 307
https://www.gesa.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

78
Requests

100 %
HTTPS

56 %
IPv6

21
Domains

26
Subdomains

24
IPs

5
Countries

6187 kB
Transfer

6792 kB
Size

4
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://onlinexpress.gesa.com/Banking/SignIn.aspx
Title: Login / Enroll

Search URL Search Domain Scan URL

URL: https://webchat.gesa.com/
Title: Live Chat

Search URL Search Domain Scan URL

URL: https://www.inspiruscu.org/
Title: InspirusCU.org

Search URL Search Domain Scan URL

URL: https://www.gesahomeloans.com/home-equity
Title: Home Equity Loans

Search URL Search Domain Scan URL

URL: https://www.gesahomeloans.com/
Title: Home Loans

Search URL Search Domain Scan URL

URL: https://www.gesabusinessbanking.com/
Title: Business

Search URL Search Domain Scan URL

URL: https://www.gesainvestments.com/
Title: Invest

Search URL Search Domain Scan URL

URL: https://applyonline.gesa.com/VirtualCapture/Products?ProductSubCategory=Savings
Title: Join Now

Search URL Search Domain Scan URL

URL: https://gesa.satmetrix.com/app/datacollection/datacollection/dynaSurvey.jsp?p=MTYAAAAAAAAAAI2zXLzxeFyUlCFXPTi+CX2xJ8JJwCj/db3d1pNQQxCuCeLs5PRryEe+JYcCBDqoA3qmOAc99B+QUyr7QM7dXItZANAonuYil5jRVJ5sf2vk+LwLZFu026Y2HyPdZmQAzq7eNUzriR7kytKZSK6iConQ6/qqHh1jn9IC0/+lNDrBXG4/94qJIZYQW62Y1TC6DIDkrTmytj73ktFhFp3dygXf5aOzhI3O31mpIYRg5H5V&id=996328492&anms=Y&peid=GESA&collectorType=LINK
Title: Tell Us What You Think

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://clicktime.symantec.com/3CJHiLFYQyzPjfKrvK4mtSV7Vc?u=https%3A%2F%2Fwww.gesa.com HTTP 307
https://www.gesa.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&gjid=717219730&_gid=1387158832.1586549457&_u=YSBCgEAB~&z=1253818815 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&_v=j81&z=1253818815 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&_v=j81&z=1253818815&slf_rd=1&random=573933872

78 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.gesa.com/
Redirect Chain

https://clicktime.symantec.com/3CJHiLFYQyzPjfKrvK4mtSV7Vc?u=https%3A%2F%2Fwww.gesa.com
https://www.gesa.com/

22 KB
24 KB

679ms
627ms

Document
text/html

149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx / PHP/7.3.6

Resource Hash

f850af02db03ca231e2ee86af511350edde2cab013679ebb6f41b0f3f2bc90cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

:method: GET
:authority: www.gesa.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
server: nginx
date: Fri, 10 Apr 2020 20:10:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.6
set-cookie: 07b3d6c9a20712d6edf4f0cc5be57506=dcd2qdl00kd023j6aq546r06aq; path=/; secure; HttpOnly 2f703c1cf02c0bb06a802981c76c25f7=19103be97b1562067fb88d472a81d011_58f815acd629c58e446cc7419e16f049_f20e376a7faed2ba69767f6c4f3b4884_290f19763b0fbda81451e2ff71a5d176_d72d1dfe3ca09a5a455e630657e918ff; path=/; secure; HttpOnly nlbi_39714=abxdeyRjgEy/MW7iUtdF9QAAAAC7Z6O6XD4J7+T5cKcucKh0; path=/; Domain=.gesa.com; Secure; SameSite=None visid_incap_39714=6K438MegQH2rk3nXi6phIM3SkF4AAAAAQUIPAAAAAABHbXcMJ8snwaKuSeTD9oVt; expires=Fri, 09 Apr 2021 23:24:37 GMT; HttpOnly; path=/; Domain=.gesa.com; Secure; SameSite=None incap_ses_473_39714=g/GVb09REwMPxHLSv3CQBs7SkF4AAAAAkTjeATKJ3xSGE5odpy+fZg==; path=/; Domain=.gesa.com; Secure; SameSite=None
expires: Wed, 17 Aug 2005 00:00:00 GMT
last-modified: Fri, 10 Apr 2020 20:10:52 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-security-policy-report-only: script-src https://connect.facebook.net/ https://cdnjs.cloudflare.com/ 'self' https://*.google-analytics.com/ https://app.marketplan.io/ https://widget-gesa.interface.ai/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google.com/ 'unsafe-eval' https://www.timevaluecalculators.com/ 'unsafe-inline'; form-action https://gesa.locatorsearch.com/ 'self' https://www.facebook.com/; object-src 'none'; frame-src https://www.facebook.com/ 'self' https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google.com/ https://widget-gesa.interface.ai/ https://gesa.locatorsearch.com/ https://player.vimeo.com/; img-src 'self' data: https:; media-src 'self' https://assets.payjo.co/; block-all-mixed-content;frame-ancestors https://www.inspiruscu.org/ https://www.gesabusinessbanking.com/ https://www.gesainvestments.com/ https://www.gesahomeloans.com/; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self' https://*.typekit.net/ https://www.timevaluecalculators.com/; base-uri 'self'; connect-src https://www.google-analytics.com/ https://use.typekit.net/ https://google-analytics.bi.owox.com/ 'self' https://stats.g.doubleclick.net/ https://app.marketplan.io/ https://gesa.locatorsearch.com/ https://csp.tsrs.cloud/; worker-src 'none'; font-src https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://use.typekit.net/ 'self' data:; report-uri https://csp.tsrs.cloud/r/2885e24a4438f6672407026212e8e697d0942f6c;
strict-transport-security: max-age=63072000; includeSubDomains
x-cdn: Incapsula
x-iinfo: 9-39547914-39385944 pNNN RT(1586549453725 0) q(0 0 0 0) r(6 6) U12

Redirect headers

Server: nginx
Date: Fri, 10 Apr 2020 20:10:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.gesa.com
TA-CODE: FG-CLEAN
X-EventId: 31069055
X-HostId: 91f7a88fba0c5b0c452f2f91ecbe699c
X-AltId: CVwYmYeLMPdXJhlMrA/rlimNtuhgHCQsNWey4WJ5eNbu0GXvt4847NDIEfmvLMbQPoLbCpadsGMZYkeMTvBQJyz19y+tjotpYqnQI9d2T0SLdLL5Bix8AFolxCQ0s8wQw1Bn/Pomp1Up22pZkL39uadl/nGcXdDy25mq2CkOHIIIHgtRbmyK9OkZ/ykNMaDwUcSayoM2onjUbmDIVmQKWuHul0cqzo91OPUwNe49fe1WjTuDxCSsW/Wp/oAzhx+OiY6ntPCSW0GxHgR7N25vdHLLexiE5nTQ9VQjLGvIRs3YhAQ90/OvTNb/BYhYGh+7tiV8jJxVmpOBEeTRLSKXRQ==

GET
H2 200 base.css
www.gesa.com/templates/gesa/css/ 1 MB
1 MB 930ms
927ms Stylesheet
text/css 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/templates/gesa/css/base.css

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

4239a7e96bfe01ad5fe9fed999d11f072a2f9ce50bedb757a11df61a769b2cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-1491a1"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: text/css
status: 200
x-iinfo: 9-39547992-39547993 2NNN RT(1586549454359 0) q(0 0 0 -1) r(0 9) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 1348001
x-cdn: Incapsula

GET
H2 200 base.css
www.gesa.com/templates/gesa/css/slideshow/ 2 KB
2 KB 748ms
745ms Stylesheet
text/css 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/templates/gesa/css/slideshow/base.css?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

d5307228c34c70979637ce52b02a5a887fe7c79069779b7618a92135cb3df90a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-943"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: text/css
status: 200
x-iinfo: 9-39547994-39547846 2NNN RT(1586549454361 0) q(0 0 0 -1) r(7 7) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 2371
x-cdn: Incapsula

GET
H2 200 base.css
www.gesa.com/templates/gesa/css/carousel/ 5 KB
5 KB 759ms
756ms Stylesheet
text/css 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/templates/gesa/css/carousel/base.css?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

018cd6bac1901e39702bde0232b90382ebf0305e07c2c4c9e413818175ed9de5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 10 Apr 2020 20:10:53 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-1392"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: text/css
status: 200
x-iinfo: 9-39547995-39547996 2NNN RT(1586549454362 0) q(0 0 0 -1) r(0 7) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 5010
x-cdn: Incapsula

GET
H2 200 base.css
www.gesa.com/templates/gesa/css/search/ 632 KB
635 KB 932ms
930ms Stylesheet
text/css 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/templates/gesa/css/search/base.css?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

abf3e5e1f9758ad8ab63b386dc9379f0daf2c7899f52c34a231d082274fd87ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-9deab"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: text/css
status: 200
x-iinfo: 9-39547997-39547998 2NNN RT(1586549454362 0) q(0 0 0 -1) r(0 9) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 646827
x-cdn: Incapsula

GET
H2 200 jquery.min.js Show response
www.gesa.com/media/jui/js/ 94 KB
95 KB 930ms
927ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/media/jui/js/jquery.min.js?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

46438fa269f3c172286b81be52a5de84753d68dcc6580f6a98b7942cf129bdc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:53 GMT
last-modified: Wed, 08 Apr 2020 10:11:02 GMT
server: nginx
etag: "5e8da336-1795e"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39547999-39548000 2NNN RT(1586549454363 0) q(0 0 0 -1) r(0 9) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 96606
x-cdn: Incapsula

GET
H2 200 jquery-noconflict.js Show response
www.gesa.com/media/jui/js/ 21 B
186 B 753ms
750ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/media/jui/js/jquery-noconflict.js?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:53 GMT
last-modified: Wed, 08 Apr 2020 10:11:02 GMT
server: nginx
etag: "5e8da336-15"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39548001-39548002 2NNN RT(1586549454363 0) q(0 0 0 -1) r(0 7) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 21
x-cdn: Incapsula

GET
H2 200 jquery-migrate.min.js Show response
www.gesa.com/media/jui/js/ 10 KB
10 KB 1282ms
1279ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/media/jui/js/jquery-migrate.min.js?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:53 GMT
last-modified: Wed, 08 Apr 2020 10:11:02 GMT
server: nginx
etag: "5e8da336-2748"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39548003-39547831 2NNN RT(1586549454364 0) q(0 7 7 -1) r(13 13) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 10056
x-cdn: Incapsula

GET
H2 200 caption.js Show response
www.gesa.com/media/system/js/ 491 B
593 B 953ms
949ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/media/system/js/caption.js?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:02 GMT
server: nginx
etag: "5e8da336-1eb"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39548004-39548002 2NNN RT(1586549454365 0) q(0 7 7 -1) r(9 9) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 491
x-cdn: Incapsula

GET
H2 200 tabs.js Show response
www.gesa.com/templates/gesa/js/ 1000 B
1 KB 953ms
950ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/templates/gesa/js/tabs.js?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

eb9282ec520e32af61320303c1c1b0179d2c0c0b8a0f781469d7660eb97f1726

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:53 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-3e8"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39548005-39547996 2NNN RT(1586549454366 0) q(0 7 7 -1) r(9 9) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 1000
x-cdn: Incapsula

GET
H2 200 core.js Show response
www.gesa.com/media/system/js/ 9 KB
9 KB 1470ms
1467ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/media/system/js/core.js?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

ee43222bc3a3d6c1cab5dc4115bd2a3c2b348f4b4e448283e0eaca84de6763d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:02 GMT
server: nginx
etag: "5e8da336-2268"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39548006-39547829 2NNN RT(1586549454367 0) q(0 9 9 -1) r(15 15) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 8808
x-cdn: Incapsula

GET
H2 200 slideshow.js Show response
www.gesa.com/templates/gesa/js/ 1 KB
2 KB 1122ms
1120ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/templates/gesa/js/slideshow.js?bda5884c6e2012644b6ae230398f4165

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

110c1710c16e512531ec6c37fa2e990f3605d94422e4c2e84d1882bdf245dba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-5e9"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39548008-39547996 2NNN RT(1586549454373 0) q(0 9 9 -1) r(11 11) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 1513
x-cdn: Incapsula

GET
H2 200 logo-express-lite.png
www.gesa.com/images/ 477 B
611 B 1293ms
1292ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/logo-express-lite.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

f85f15e28992dc227ea14115687c0e6cf141211d6291117e58db87c16e4d97e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-1dd"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548009-39548000 2NNN RT(1586549454374 0) q(0 11 11 -1) r(13 13) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 477
x-cdn: Incapsula

GET
H2 200 logo.png
www.gesa.com/templates/gesa/images/ 5 KB
5 KB 1289ms
1288ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/templates/gesa/images/logo.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

cc5b044a794f7571234334ae15b218e94a8f3194087f3498c8ee160c21a847a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:53 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-126f"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548010-39548002 2NNN RT(1586549454374 0) q(0 11 11 -1) r(13 13) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 4719
x-cdn: Incapsula

GET
H2 200 personal-checking.jpg
www.gesa.com/images/homepage/ 41 KB
41 KB 846ms
846ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/homepage/personal-checking.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

608919751e567a4836789e8566fc37a18b482cf6c01767cb8b308934e6e8702a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-a435"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548154-39547846 2NNN RT(1586549455854 0) q(0 0 0 -1) r(8 8) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 42037
x-cdn: Incapsula

GET
H2 200 bus-checking.jpg
www.gesa.com/images/homepage/ 33 KB
33 KB 245ms
244ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/homepage/bus-checking.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

91c147b51dc626675a56ee671ac1720b2cfa14adfd7307b78cacda098b935749

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:54 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-8246"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548232-39547993 2NNN RT(1586549456342 0) q(0 0 0 -1) r(2 2) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 33350
x-cdn: Incapsula

GET
H2 200 savings.jpg
www.gesa.com/images/homepage/ 7 KB
7 KB 233ms
231ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/homepage/savings.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

04f5e4738d6ff6e7a985d57e05a63aad55a1932a5c6f8ed7eea2c61b8d52dce1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-1ae6"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548233-39547831 2NNN RT(1586549456342 0) q(0 0 0 -1) r(2 2) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 6886
x-cdn: Incapsula

GET
H2 200 invest-services.jpg
www.gesa.com/images/homepage/ 8 KB
9 KB 257ms
255ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/homepage/invest-services.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

0cba80d4f42cefe897e73008396886daa4b9137631f2ec7de6e4513c53f1736b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-21f7"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548234-39548235 2NNN RT(1586549456343 0) q(0 0 0 -1) r(0 2) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 8695
x-cdn: Incapsula

GET
H2 200 home-loans.jpg
www.gesa.com/images/homepage/ 67 KB
67 KB 441ms
440ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/homepage/home-loans.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

88e216eefc4d35f9f5eff255544e798e6d5f4792787c4e10b5e3eec700a753ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:54 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-10b1b"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548236-39547996 2NNN RT(1586549456343 0) q(0 0 0 -1) r(4 4) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 68379
x-cdn: Incapsula

GET
H2 200 student-loans.jpg
www.gesa.com/images/homepage/ 86 KB
86 KB 760ms
758ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/homepage/student-loans.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

04f38294f5c74a9a358d5cb2036b3553e66887b83723ca4adbcf564a907cd5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-1567f"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548237-39548238 2NNN RT(1586549456345 0) q(0 0 0 -1) r(0 7) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 87679
x-cdn: Incapsula

GET
H2 200 logo-inverse.png
www.gesa.com/templates/gesa/images/ 4 KB
4 KB 415ms
414ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/templates/gesa/images/logo-inverse.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

743b93f19aa21fdce88f36181b48af8fe5a03559a75aae03097aac46bf28d960

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:54 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-10fc"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548239-39547831 2NNN RT(1586549456346 0) q(0 2 2 -1) r(4 4) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 4348
x-cdn: Incapsula

GET
H2 200 eho.png
www.gesa.com/templates/gesa/images/icons/ 3 KB
3 KB 772ms
771ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/templates/gesa/images/icons/eho.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

6a507c948bb93ed95df06ab34ba8181cc9037af90a15f5c7088d703f5264c8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-b93"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548240-39548283 2NNN RT(1586549456346 0) q(0 2 2 -1) r(7 7) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 2963
x-cdn: Incapsula

GET
H2 200 ncua.png
www.gesa.com/templates/gesa/images/icons/ 2 KB
3 KB 797ms
796ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/templates/gesa/images/icons/ncua.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

f2f2ed73b18d393f997a4e3ac7d7ad6b14960e3e00ecd0217172b5f4f3f0367f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-9aa"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548241-39548282 2NNN RT(1586549456347 0) q(0 2 2 -1) r(8 8) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 2474
x-cdn: Incapsula

GET
H2 200 base.js Show response
www.gesa.com/templates/gesa/js/ 11 KB
11 KB 203ms
203ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/templates/gesa/js/base.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

38a5ef172e398d91172f1cdc3378b389cf046d0e6e21296771cd46b6e3e0464e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:53 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-2aed"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/javascript
status: 200
x-iinfo: 9-39548140-39548000 2NNN RT(1586549455650 0) q(0 0 0 -1) r(2 2) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 10989
x-cdn: Incapsula

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.6.0/ 97 KB
32 KB 23ms
23ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.6.0/polyfill.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffd69fe47638ddab4d2d063208bcba11e4ef1eed27b4101de18c9ac3ab5587f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
content-encoding: br
cf-cache-status: HIT
age: 3906042
cf-ray: 581f1d32cb6cbf14-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Fri, 06 Sep 2019 18:22:21 GMT
server: cloudflare
etag: W/"5d72a3dd-1840e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 31 Mar 2021 20:10:55 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.003

GET
H2 200 widget-loader.js Show response
widget-gesa.interface.ai/ 49 KB
50 KB 775ms
716ms Script
application/json 143.204.97.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-gesa.interface.ai/widget-loader.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.97.74 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-74.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 412b6163cd711df612c01da0e81bb483482450c78ca3688b17ef6e9df13522dc

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Fri, 28 Feb 2020 10:43:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "f06f764ac5d6c1f047c3c1d20696a382"
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
status: 200
accept-ranges: bytes
content-length: 50438
x-amz-cf-id: d6ZILhhj0_oONE75GmBMsMn93mQC8Y6jUhVAIwzOcZWS2w795P4_8Q==

GET
H2 200 6433123.js Show response
js.hs-scripts.com/ 793 B
824 B 541ms
524ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/6433123.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d795d14eca029ea369162e83d231feb2dd497e719862b4ef4fe1759096d03777

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
access-control-allow-origin: https://www.gesa.com
x-trace: 2B44197E16F6DD9BE0DF26A794794C92490F09FAD1000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 581f1d373c88d6e5-FRA
expires: Fri, 10 Apr 2020 20:11:57 GMT

GET
H2 200 _Incapsula_Resource Show response
www.gesa.com/ 132 KB
19 KB 31ms
30ms Script
application/javascript 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=711699933

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

Resource Hash

f19c8327473c233a211c94f4d82212711805d9f40b02cab02e477a40429750ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 200
strict-transport-security: max-age=63072000; includeSubDomains
content-encoding: gzip
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 19202
content-type: application/javascript

GET
H2 200 klp2vqp.css
use.typekit.net/ 3 KB
914 B 122ms
64ms Stylesheet
text/css 104.111.215.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/klp2vqp.css

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.215.74 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-215-74.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2a6623616b93dbefe7d9941230015d38ffebdc220363f032e731c844d5410eba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
access-control-allow-origin: *
date: Fri, 10 Apr 2020 20:10:56 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
status: 200
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 714

GET
H2 200 p.css
p.typekit.net/ 5 B
168 B 31ms
30ms Stylesheet
text/css 104.111.215.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=klp2vqp&ht=tk&f=6958.6959.6960.6961&a=13318212&app=typekit&e=css
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.74 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
last-modified: Mon, 21 Oct 2019 19:51:00 GMT
server: nginx
access-control-allow-origin: *
etag: "5dae0c24-5"
content-type: text/css
status: 200
cache-control: max-age=604800
accept-ranges: bytes
content-length: 5
expires: Wed, 30 Oct 2019 04:50:36 GMT

GET
H2 200 bg-stone-white.jpg
www.gesa.com/templates/gesa/images/ 779 KB
783 KB 1047ms
1046ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/templates/gesa/images/bg-stone-white.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

5606596ef821549fc97be9eee206d55a0a5d6b49e6b83f922dcc2ac5597b4877

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/templates/gesa/css/carousel/base.css?bda5884c6e2012644b6ae230398f4165
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-c2b59"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548243-39548280 2NNN RT(1586549456357 0) q(0 3 3 -1) r(10 10) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 797529
x-cdn: Incapsula

GET
H2 200 bg-stone-blue.jpg
www.gesa.com/templates/gesa/images/ 329 KB
331 KB 1103ms
1103ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/templates/gesa/images/bg-stone-blue.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

a91bdb3afe0005e211f65757e83da0797475ab5ded58aa5d88bb79146ff9606b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/templates/gesa/css/base.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
last-modified: Wed, 08 Apr 2020 10:11:08 GMT
server: nginx
etag: "5e8da33c-5221f"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548244-39548279 2NNN RT(1586549456358 0) q(0 4 4 -1) r(11 11) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 336415
x-cdn: Incapsula

GET
H2 200 l
use.typekit.net/af/dfade6/0000000000000000000124f9/27/ 52 KB
53 KB 92ms
34ms Font
application/font-woff2 104.111.215.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/dfade6/0000000000000000000124f9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.74 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 219119b0dfb4b53bf518a3be743821cae24d6890cf9c034640b69b17cad90ca2

Request headers

Referer: https://use.typekit.net/klp2vqp.css
Origin: https://www.gesa.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
server: nginx
access-control-allow-origin: *
etag: "5f6d8e5605adcf50768089d8e44edca78e0f54b5"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 53628

GET
H2 200 l
use.typekit.net/af/86d3cf/0000000000000000000124fa/27/ 54 KB
55 KB 123ms
65ms Font
application/font-woff2 104.111.215.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/86d3cf/0000000000000000000124fa/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.74 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 08afc989dbb4d1289bce2627057595f3c7364103a2dfdb9baab3535ca547c548

Request headers

Referer: https://use.typekit.net/klp2vqp.css
Origin: https://www.gesa.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
server: nginx
access-control-allow-origin: *
etag: "34f5a904f3612a99fffa630f88b4eb838b56e3e5"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 55616

GET
DATA 200
OK truncated
/ 17 KB
17 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c8d91e072b92f023b5cafca6b7f6d83acbba90eb9beebb8851a8545ad11b68f

Request headers

Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:814::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 5776
date: Fri, 10 Apr 2020 18:34:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 17168
expires: Fri, 10 Apr 2020 20:34:40 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 94 KB
32 KB 41ms
40ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

46dc685a1f941cba38106bf2c7ebdaa3e2549837ba9cb4d6683c2ac4b2ea4da4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 32718
x-xss-protection: 0
last-modified: Fri, 10 Apr 2020 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 10 Apr 2020 20:10:56 GMT

POST
H2 200 2885e24a4438f6672407026212e8e697d0942f6c
csp.tsrs.cloud/r/ 0
0 623ms
198ms Other
text/html 52.11.60.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.tsrs.cloud/r/2885e24a4438f6672407026212e8e697d0942f6c
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.60.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-60-74.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
Sec-Fetch-Dest: report
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/csp-report

Response headers

access-control-allow-origin: *

GET
H2 200 SmallBusiness_WebBanners_GCU_Eng.jpg
www.gesa.com/images/banners/ 249 KB
251 KB 1382ms
1381ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/banners/SmallBusiness_WebBanners_GCU_Eng.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

5c0437cf74bc6cf4e8db36447cf01a9544271ac89a78a7958a6f9cf803ca8c53

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Wed, 08 Apr 2020 20:57:02 GMT
server: nginx
etag: "5e8e3a9e-3e3f9"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548290-39547846 2NNN RT(1586549456633 0) q(0 3 3 -1) r(13 13) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 254969
x-cdn: Incapsula

GET
H2 200 EmergencyFinancialRefief_WebBanner_ENG.png
www.gesa.com/images/banners/ 25 KB
25 KB 1986ms
1985ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/banners/EmergencyFinancialRefief_WebBanner_ENG.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

2529cda012eee779fafdd2ab6bb9a8aa5de2afa8d84885184d52d965292437df

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
last-modified: Tue, 17 Mar 2020 21:36:13 GMT
server: nginx
etag: "5e7142cd-63b5"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548291-39548273 2NNN RT(1586549456634 0) q(0 4 4 -1) r(19 19) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 25525
x-cdn: Incapsula

GET
H2 200 TemporaryChanges_WebBanner_ENG.jpg
www.gesa.com/images/banners/ 181 KB
183 KB 913ms
912ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/banners/TemporaryChanges_WebBanner_ENG.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

2dec7a5d124b9bc972f3209384ccd1c7a2e6fe6a00d5e02422d6b0098ee11887

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:55 GMT
last-modified: Sat, 21 Mar 2020 00:24:30 GMT
server: nginx
etag: "5e755ebe-2d5f4"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548292-39548283 2NNN RT(1586549456634 0) q(0 5 5 -1) r(9 9) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 185844
x-cdn: Incapsula

GET
H2 200 SageCollegePrepSeminar_CommunityBanner.png
www.gesa.com/images/categories/community/ 667 KB
670 KB 858ms
858ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/categories/community/SageCollegePrepSeminar_CommunityBanner.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

85aea14fc481ff476a5af522a48ebc88f58c5f55c42bd784de18912f6a95a37c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
last-modified: Thu, 21 Nov 2019 18:50:51 GMT
server: nginx
etag: "5dd6dc8b-a6c5b"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548293-39548238 2NNN RT(1586549456635 0) q(0 6 6 -1) r(8 8) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 683099
x-cdn: Incapsula

GET
H2 200 GesaFinancialFlixPremiere_Banner-CommunityBannerFINAL.png
www.gesa.com/images/categories/community/ 793 KB
796 KB 1641ms
1640ms Image
image/png 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/categories/community/GesaFinancialFlixPremiere_Banner-CommunityBannerFINAL.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

9caa60dc0b10effe791a02b11839d19d55d208a80345defe849bf5b281701ef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
last-modified: Fri, 12 Jul 2019 19:09:36 GMT
server: nginx
etag: "5d28daf0-c6295"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/png
status: 200
x-iinfo: 9-39548294-39548282 2NNN RT(1586549456635 0) q(0 12 12 -1) r(16 16) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 811669
x-cdn: Incapsula

GET
H2 200 theatre.jpg
www.gesa.com/images/categories/community/ 74 KB
74 KB 1557ms
1556ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/categories/community/theatre.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

eda9d9d8ac803f0d928089da72ad120e52cdfeb44a67edc7bdbda735097d196d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:58 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-126f5"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548295-39548279 2NNN RT(1586549456636 0) q(0 13 13 -1) r(15 15) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 75509
x-cdn: Incapsula

GET
H2 200 ams.jpg
www.gesa.com/images/categories/community/ 29 KB
29 KB 1585ms
1584ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/categories/community/ams.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

8d5ba4611226fa7fc280ade8a3e6fbc89057a401bd50bc924047d949e5f6f9f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:56 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-7445"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548296-39548238 2NNN RT(1586549456636 0) q(0 13 13 -1) r(15 15) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 29765
x-cdn: Incapsula

GET
H2 200 carasoleofdreams.jpg
www.gesa.com/images/categories/community/ 208 KB
210 KB 2352ms
2351ms Image
image/jpeg 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/images/categories/community/carasoleofdreams.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

nginx /

Resource Hash

7e98a5bc74b6714509037605c45d73a57596694bed94b34f6a39fd1cd7c102de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:58 GMT
last-modified: Wed, 26 Jun 2019 18:27:06 GMT
server: nginx
etag: "5d13b8fa-340a1"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
status: 200
x-iinfo: 9-39548297-39548270 2NNN RT(1586549456637 0) q(0 14 14 -1) r(23 23) U18
cache-control: max-age=0
accept-ranges: bytes
content-length: 213153
x-cdn: Incapsula

GET
H2 200 _Incapsula_Resource
www.gesa.com/ 1 B
36 B 20ms
19ms Image
text/plain 149.126.77.13
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/_Incapsula_Resource?SWKMTFSR=1&e=0.18470772950942926

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.13 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.13.ip.incapdns.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 Uni_Icon.svg
assets.interface.ai/images/GESA/ 1 KB
881 B 478ms
426ms Image
image/svg+xml 143.204.97.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.interface.ai/images/GESA/Uni_Icon.svg
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.97.125 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-125.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 043102135196e16ff1789f22713bd3cf086a52f6826ecc004ddffcb2f6ad13ff

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:58 GMT
content-encoding: gzip
last-modified: Thu, 26 Dec 2019 07:15:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
status: 200
x-amz-cf-id: aEwL-O__fUs7rZoiKTiBlyUuw6qf49_nkIuAZ0u1GcaeUGT5EKJHhA==
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)

GET
H2 200 index.html
widget-gesa.interface.ai/widget/ Frame DA00 0
0 245ms
245ms Document
text/html 143.204.97.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-gesa.interface.ai/widget/index.html?params=%7B%22domain%22%3A%22https%3A%2F%2Fwww.gesa.com%2F%22%2C%22branding%22%3A%7B%22data%22%3A%7B%22info%22%3A%7B%22title%22%3A%22Uni%22%2C%22logo%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni_Icon.svg%22%2C%22bg%22%3A%22%230075af%22%2C%22subtitle%22%3A%22Hi%2C%20I%27m%20Uni.%20You%20and%20I%20can%20solve%20anything.%22%2C%22headerSubtitleColor%22%3A%22%23bb062c%22%2C%22showDisclaimer%22%3Atrue%2C%22theme%22%3A%7B%22baseColor%22%3A%22%230075af%22%2C%22userChatBoxColor%22%3A%22%23B80D2F%22%2C%22hoverContainerTitleColor%22%3A%22%23FFF%22%2C%22hoverContainerBgColor%22%3A%22%23bb062c%22%2C%22hoverContainerSubTitleColor%22%3A%22%23FFF%22%7D%2C%22placeholderText%22%3A%22Please%20enter%20your%20question%20here%22%2C%22greetingsText%22%3A%22Hey%20%7BName%7D!%22%2C%22greatMessage%22%3A%22Hello%20there!%20My%20name%20is%20Uni.%20I%27m%20an%20AI-based%20digital%20assistant%20for%20Gesa.%22%2C%22greatMessageColor%22%3A%22%230075af%22%2C%22showPayjoWatermark%22%3Atrue%2C%22mainCoverImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22coverImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22thumbsUpSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fwidget%2Fthumbs-up.png%22%2C%22thumbsDownSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fwidget%2Fthumbs-down.png%22%2C%22headerTitle%22%3A%22Hello.%22%2C%22headerTitleColor%22%3A%22%23bb062c%22%2C%22showLoadNotification%22%3Atrue%2C%22loadNotificationText%22%3A%22How%20may%20I%20help%20you%20%3F%22%2C%22menuItems%22%3A%5B%5D%2C%22groups%22%3A%5B%5D%2C%22notifications%22%3A%5B%7B%22id%22%3A471327819%2C%22template_type%22%3A%22text_template%22%2C%22details%22%3A%7B%22frequency%22%3A%22once%22%2C%22title%22%3A%22Hello%20%3Cspan%20class%3D%27payjo-emoji%27%3E%F0%9F%91%8B%3C%2Fspan%3E%22%2C%22text%22%3A%22I%27m%20Uni%2C%20your%20digital%20assistant%20from%20Gesa.%22%2C%22action%22%3A%22open-widget%22%7D%7D%2C%7B%22id%22%3A471327820%2C%22template_type%22%3A%22text_template%22%2C%22details%22%3A%7B%22frequency%22%3A%22once%22%2C%22text%22%3A%22How%20may%20I%20help%20you%3F%22%2C%22action%22%3A%22open-widget%22%7D%7D%5D%7D%2C%22toggleImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22subtitle%22%3A%22Hi%2C%20I%2F%27m%20Uni.%20You%20and%20I%20can%20solve%20anything.%22%7D%2C%22toggleImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22domainId%22%3A%22dom_f6498d6a-aeb7-4922-b874-a4b0e3fa30dd%22%2C%22tenantId%22%3A%22sample%22%7D%2C%22utmPayjoId%22%3Anull%2C%22isSmallDevice%22%3Afalse%2C%22isResizeAllowed%22%3Afalse%2C%22channel%22%3A%22default%2Fdevelopment%3Aiagent%22%2C%22env%22%3A%22dev%22%2C%22socketPath%22%3A%22https%3A%2F%2Fsocket-gesa.interface.ai%22%2C%22fallbackSocketPath%22%3A%22https%3A%2F%2Fsocket-gesa.interface.ai%22%2C%22widgetUrl%22%3A%22https%3A%2F%2Fwidget-gesa.interface.ai%2Fwidget%2Findex.html%22%2C%22forceDisableUserInput%22%3Afalse%2C%22systemInterface%22%3A%7B%22url%22%3A%22https%3A%2F%2Fsi-gesa.interface.ai%2Fclient%2Fconnect%22%2C%22tenant%22%3A%22default%2Fdevelopment%22%2C%22environment%22%3A%22default%22%7D%2C%22mode%22%3A%22web%22%2C%22authContent%22%3Anull%2C%22thirdPartyWidgetDriver%22%3A%22PayjoNoOpWidgetDriver%22%2C%22thirdPartyWidgetUrl%22%3A%22%22%2C%22events%22%3A%5B%7B%22name%22%3A%22transfer%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22disable%22%7D%2C%7B%22name%22%3A%22page_tracking%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22enable%22%7D%2C%7B%22name%22%3A%22url%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22enable%22%7D%5D%2C%22width%22%3A%22300px%22%2C%22height%22%3A%22450px%22%7D
Requested by: Host: widget-gesa.interface.ai
URL: https://widget-gesa.interface.ai/widget-loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.97.74 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-74.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: widget-gesa.interface.ai
:scheme: https
:path: /widget/index.html?params=%7B%22domain%22%3A%22https%3A%2F%2Fwww.gesa.com%2F%22%2C%22branding%22%3A%7B%22data%22%3A%7B%22info%22%3A%7B%22title%22%3A%22Uni%22%2C%22logo%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni_Icon.svg%22%2C%22bg%22%3A%22%230075af%22%2C%22subtitle%22%3A%22Hi%2C%20I%27m%20Uni.%20You%20and%20I%20can%20solve%20anything.%22%2C%22headerSubtitleColor%22%3A%22%23bb062c%22%2C%22showDisclaimer%22%3Atrue%2C%22theme%22%3A%7B%22baseColor%22%3A%22%230075af%22%2C%22userChatBoxColor%22%3A%22%23B80D2F%22%2C%22hoverContainerTitleColor%22%3A%22%23FFF%22%2C%22hoverContainerBgColor%22%3A%22%23bb062c%22%2C%22hoverContainerSubTitleColor%22%3A%22%23FFF%22%7D%2C%22placeholderText%22%3A%22Please%20enter%20your%20question%20here%22%2C%22greetingsText%22%3A%22Hey%20%7BName%7D!%22%2C%22greatMessage%22%3A%22Hello%20there!%20My%20name%20is%20Uni.%20I%27m%20an%20AI-based%20digital%20assistant%20for%20Gesa.%22%2C%22greatMessageColor%22%3A%22%230075af%22%2C%22showPayjoWatermark%22%3Atrue%2C%22mainCoverImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22coverImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22thumbsUpSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fwidget%2Fthumbs-up.png%22%2C%22thumbsDownSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fwidget%2Fthumbs-down.png%22%2C%22headerTitle%22%3A%22Hello.%22%2C%22headerTitleColor%22%3A%22%23bb062c%22%2C%22showLoadNotification%22%3Atrue%2C%22loadNotificationText%22%3A%22How%20may%20I%20help%20you%20%3F%22%2C%22menuItems%22%3A%5B%5D%2C%22groups%22%3A%5B%5D%2C%22notifications%22%3A%5B%7B%22id%22%3A471327819%2C%22template_type%22%3A%22text_template%22%2C%22details%22%3A%7B%22frequency%22%3A%22once%22%2C%22title%22%3A%22Hello%20%3Cspan%20class%3D%27payjo-emoji%27%3E%F0%9F%91%8B%3C%2Fspan%3E%22%2C%22text%22%3A%22I%27m%20Uni%2C%20your%20digital%20assistant%20from%20Gesa.%22%2C%22action%22%3A%22open-widget%22%7D%7D%2C%7B%22id%22%3A471327820%2C%22template_type%22%3A%22text_template%22%2C%22details%22%3A%7B%22frequency%22%3A%22once%22%2C%22text%22%3A%22How%20may%20I%20help%20you%3F%22%2C%22action%22%3A%22open-widget%22%7D%7D%5D%7D%2C%22toggleImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22subtitle%22%3A%22Hi%2C%20I%2F%27m%20Uni.%20You%20and%20I%20can%20solve%20anything.%22%7D%2C%22toggleImageSrc%22%3A%22https%3A%2F%2Fassets.interface.ai%2Fimages%2FGESA%2FUni-Banner.svg%22%2C%22domainId%22%3A%22dom_f6498d6a-aeb7-4922-b874-a4b0e3fa30dd%22%2C%22tenantId%22%3A%22sample%22%7D%2C%22utmPayjoId%22%3Anull%2C%22isSmallDevice%22%3Afalse%2C%22isResizeAllowed%22%3Afalse%2C%22channel%22%3A%22default%2Fdevelopment%3Aiagent%22%2C%22env%22%3A%22dev%22%2C%22socketPath%22%3A%22https%3A%2F%2Fsocket-gesa.interface.ai%22%2C%22fallbackSocketPath%22%3A%22https%3A%2F%2Fsocket-gesa.interface.ai%22%2C%22widgetUrl%22%3A%22https%3A%2F%2Fwidget-gesa.interface.ai%2Fwidget%2Findex.html%22%2C%22forceDisableUserInput%22%3Afalse%2C%22systemInterface%22%3A%7B%22url%22%3A%22https%3A%2F%2Fsi-gesa.interface.ai%2Fclient%2Fconnect%22%2C%22tenant%22%3A%22default%2Fdevelopment%22%2C%22environment%22%3A%22default%22%7D%2C%22mode%22%3A%22web%22%2C%22authContent%22%3Anull%2C%22thirdPartyWidgetDriver%22%3A%22PayjoNoOpWidgetDriver%22%2C%22thirdPartyWidgetUrl%22%3A%22%22%2C%22events%22%3A%5B%7B%22name%22%3A%22transfer%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22disable%22%7D%2C%7B%22name%22%3A%22page_tracking%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22enable%22%7D%2C%7B%22name%22%3A%22url%22%2C%22configuration%22%3A%22%22%2C%22action%22%3A%22enable%22%7D%5D%2C%22width%22%3A%22300px%22%2C%22height%22%3A%22450px%22%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.gesa.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.gesa.com/

Response headers

status: 200
content-type: text/html
content-length: 1811
date: Fri, 10 Apr 2020 20:10:58 GMT
last-modified: Thu, 27 Feb 2020 11:31:56 GMT
etag: "7483c115f96c43b255df0e9af106d8ee"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 4cBP8JidHTB4suRwUpPIx70YQsDCJMICoORoG4GG2gjwoZ_Ai9Xoyg==

GET
H2 200 Uni-Banner.svg
assets.interface.ai/images/GESA/ 4 KB
2 KB 482ms
433ms Image
image/svg+xml 143.204.97.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.interface.ai/images/GESA/Uni-Banner.svg
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.97.125 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-125.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 500245700701d5ee30ac3028eb41ed6921a9522eaf74da267fe4f60bfa2d8945

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:58 GMT
content-encoding: gzip
last-modified: Thu, 26 Dec 2019 07:15:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
status: 200
x-amz-cf-id: uEB0C40njv_Qkd2WuT7EMhQVlXK0JwqRRF-iRh2WP3YWVbvVZu7yAg==
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)

GET
H2 200 thumbs-up.png
assets.interface.ai/widget/ 9 KB
9 KB 448ms
400ms Image
image/png 143.204.97.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.interface.ai/widget/thumbs-up.png
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.97.125 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-125.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 95a8827147009dbb66c6273a554580d0251f67bef2fd6dbb0aea14bcb8235f85

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:58 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
last-modified: Sat, 16 Nov 2019 20:25:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "e84dacf91f48267d51d3e8a5f553be19"
x-cache: Miss from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 8804
x-amz-cf-id: UidQNsj_BSaib1MkgR0uV73KHTkG1TKfwur5WCj6KbBF6nW7PP2X_g==

GET
H2 200 thumbs-down.png
assets.interface.ai/widget/ 9 KB
9 KB 461ms
412ms Image
image/png 143.204.97.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.interface.ai/widget/thumbs-down.png
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.97.125 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-125.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7d6dc445434df5642294b345c9439550818c7646eef2409a6fa4af23069a5292

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:58 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
last-modified: Sat, 16 Nov 2019 20:25:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "a379af8d6d9bd73938b667b0b9b6a974"
x-cache: Miss from cloudfront
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 8846
x-amz-cf-id: 9ny_Enn8oOsbJsEv9kIzBSpBo9DMlTPTlxXDTi0eISaS3Kr4JOd8cA==

GET
H2 200 launcher-icon-bg_evnhyf.svg
assets.payjo.co/images/ 2 KB
1 KB 90ms
22ms Image
image/svg+xml 13.225.73.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.payjo.co/images/launcher-icon-bg_evnhyf.svg
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.73.57 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-57.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 53ff7317219b58ccf50cf5e9f6a1ac43790ed0538d39c10295b2f8f217afaac8

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 17:12:14 GMT
content-encoding: gzip
last-modified: Fri, 05 Jan 2018 05:59:56 GMT
server: AmazonS3
age: 10723
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
status: 200
cache-control: max-age=604800
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: YvK7gcnjDRxuawRvHV7m26_4umL-JkcevWkoPTq0es0TOUGhgi401Q==
via: 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront)

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
199 B 14ms
14ms Image
image/gif 2a00:1450:4001:814::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1567965336&utmhn=www.gesa.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Home%20-%20Gesa%20Credit%20Union&utmhid=534912411&utmr=-&utmp=%2F&utmht=1586549456932&utmac=UA-32823301-1&utmcc=__utma%3D94013323.326782752.1586549457.1586549457.1586549457.1%3B%2B__utmz%3D94013323.1586549457.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=236812060&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: cltfCEs+QwmKLpo25RjuwVYPXuoh+PPvNK/CrKt25S6X2MNGe9gOfmHi6hi9OX3xVjBVG0W3WvkFhsTCEg1PxQ==
x-fb-trip-id: 1850256238
date: Fri, 10 Apr 2020 20:10:56 GMT, Fri, 10 Apr 2020 20:10:56 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 28 KB
11 KB 77ms
33ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

bd9f024524eb156e3efe0bc6da368781546bbe5e68576de2b891ffba12dc1352

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 10605
x-xss-protection: 0
server: cafe
etag: 3781276879497621476
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 10 Apr 2020 20:10:57 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 5541
date: Fri, 10 Apr 2020 18:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Fri, 10 Apr 2020 20:38:35 GMT

GET
H2 200 track.js Show response
app.marketplan.io/ 2 KB
2 KB 499ms
132ms Script
application/javascript 74.208.230.218
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.marketplan.io/track.js?x=1586549456949
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 74.208.230.218 , United States, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS: u20835219.onlinehome-server.com
Software: nginx / PleskLin
Resource Hash: 1f9f3cb42ce7173ac732bca48c7e3f778111582f1b85eabdc0f3d9c0773c286d

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
etag: "5daebf30-853"
last-modified: Tue, 22 Oct 2019 08:34:56 GMT
server: nginx
access-control-allow-origin: *
x-powered-by: PleskLin
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 2131

GET
H2 200 309829729581526 Show response
connect.facebook.net/signals/config/ 100 KB
25 KB 54ms
53ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/309829729581526?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d218e9a8c49934fc9b26ab4c20011c242a3d06060809b3bd1d1f48c086719a44

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: RSJIvyRDhs1GBLLAieFxHGd9Z3dWVOGZQcdOBMm9dnasP6rOowG/XrEhNleThk6X3dF/YC3g3gHMjI36aLXu/A==
x-fb-trip-id: 1850256238
date: Fri, 10 Apr 2020 20:10:57 GMT, Fri, 10 Apr 2020 20:10:57 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
98 B 6ms
5ms Image
image/gif 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&a=534912411&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2F&ul=en-us&de=UTF-8&dt=Home%20-%20Gesa%20Credit%20Union&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_utma=94013323.326782752.1586549457.1586549457.1586549457.1&_utmz=94013323.1586549457.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1586549456969&_u=YSBCgEAB~&jid=1066619674&gjid=717219730&cid=326782752.1586549457&tid=UA-32823301-17&_gid=1387158832.1586549457&gtm=2wg432MTFL685&cd1=326782752.1586549457_1586549456969&z=2062210167

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 05:39:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 52286
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&gjid=717219730&_gid=1387158832.1586549457&_u=YSBCgEAB~&z=1253818815
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&_v=j81&z=1253818815
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&_v=j81&z=1253818815&slf_rd=1&random=573933872

42 B
109 B

17ms
16ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&_v=j81&z=1253818815&slf_rd=1&random=573933872

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:57 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-32823301-17&cid=326782752.1586549457&jid=1066619674&_v=j81&z=1253818815&slf_rd=1&random=573933872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
google-analytics.bi.owox.com/ 29 B
29 B 127ms
37ms Image
image/gif 35.186.228.179
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://google-analytics.bi.owox.com/collect?v=1&_v=j81&a=534912411&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2F&ul=en-us&de=UTF-8&dt=Home%20-%20Gesa%20Credit%20Union&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_utma=94013323.326782752.1586549457.1586549457.1586549457.1&_utmz=94013323.1586549457.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1586549456969&_u=YSBCgEAB~&jid=1066619674&gjid=717219730&cid=326782752.1586549457&tid=UA-32823301-17&_gid=1387158832.1586549457&gtm=2wg432MTFL685&cd1=326782752.1586549457_1586549456969&z=2062210167
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.228.179 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.228.186.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
via: 1.1 google
server: openresty
access-control-allow-origin: *
content-type: image/gif
status: 200
owoxcode: 404
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 802797680067475 Show response
connect.facebook.net/signals/config/ 100 KB
25 KB 49ms
49ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/802797680067475?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cd1e025d70829dcf878256ed8358f8362c54a92d137a5814704e0e349799dfc

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: w891B/pbkNlzs0wtaDme0LOgog4pk8E2u7TPZM1PZEyZNFTFbjR/THnpJbXu45Rw8sn0eV8ai0KeYIn3IQdafQ==
x-fb-trip-id: 1850256238
date: Fri, 10 Apr 2020 20:10:57 GMT, Fri, 10 Apr 2020 20:10:57 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/783161191/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/783161191/?random=1586549457026&cv=9&fst=1586549457026&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.gesa.com%2F&tiba=Home%20-%20Gesa%20Credit%20Union&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b4655fc3103e06a163fa000eedaa8702617c49bda178b139d03f0a9ac33846d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1007
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794148304/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794148304/?random=1586549457028&cv=9&fst=1586549457028&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.gesa.com%2F&tiba=Home%20-%20Gesa%20Credit%20Union&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7dee612d7d5a9d046403e70c976b5fe0d7a8b229ca08cd6e7809d3ef8c8b4330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 994
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 2885e24a4438f6672407026212e8e697d0942f6c
csp.tsrs.cloud/r/ 0
0 366ms
199ms Other
text/html 52.11.60.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.tsrs.cloud/r/2885e24a4438f6672407026212e8e697d0942f6c
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6433123.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.60.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-60-74.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
Sec-Fetch-Dest: report
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/csp-report

Response headers

access-control-allow-origin: *

GET
H2 200 6433123.js Show response
js.hs-banner.com/ 26 KB
7 KB 55ms
55ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/6433123.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6433123.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f28ab017d089ea31d3a87a317ac6e8b0eab9179004207941b21fb624a202a2c5

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: REVALIDATED
status: 200
x-guploader-uploadid: AEnB2Uqw05vg0XFSVqxbCK1ZNavMCQryfSVBAfIi_2G1hKGujeuG_FIRvaqsrZ0OsGEJYKDXehxaBhd3M7ja43su1stMsoZvpw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-ray: 581f1d3a7c570eab-FRA
last-modified: Wed, 25 Mar 2020 17:36:19 GMT
server: cloudflare
etag: W/"c57e1cb14eb1281dd30de9c6ab6ac546"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
x-goog-hash: crc32c=/cPN1w==, md5=xX4csU6xKB3TDenGq2rFRg==
content-type: text/javascript
x-goog-generation: 1585157779688367
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
x-goog-stored-content-length: 26597
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Fri, 10 Apr 2020 20:15:57 GMT

POST
H2 200 2885e24a4438f6672407026212e8e697d0942f6c
csp.tsrs.cloud/r/ 0
0 370ms
210ms Other
text/html 52.11.60.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.tsrs.cloud/r/2885e24a4438f6672407026212e8e697d0942f6c
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6433123.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.60.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-60-74.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
Sec-Fetch-Dest: report
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/csp-report

Response headers

access-control-allow-origin: *

GET
H2 200 6433123.js Show response
js.hs-analytics.net/analytics/1586549400000/ 80 KB
22 KB 174ms
174ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1586549400000/6433123.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6433123.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 155b7d9620cb2ca0a3f455e32c2606c4f079c842c7d2fac0ce5eab28b29669a0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: B98DCE917931994F
x-amz-server-side-encryption: AES256
status: 200
content-type: text/javascript
x-amz-id-2: xuRDVU8IT0eAqajahH6ahFiugYhGXqQ76u3mOo80N5smpOlo/SROallrb2bcPUphMQA5GUqvndU=
last-modified: Thu, 02 Apr 2020 17:00:54 GMT
server: cloudflare
etag: W/"1c6b51b8c36fbc06ca1f322e340c9a3b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 581f1d3a8c28c2e5-FRA
expires: Fri, 10 Apr 2020 20:15:57 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/783161191/ 42 B
118 B 19ms
19ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/783161191/?random=1586549457026&cv=9&fst=1586548800000&num=1&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&frm=0&url=https%3A%2F%2Fwww.gesa.com%2F&tiba=Home%20-%20Gesa%20Credit%20Union&async=1&fmt=3&is_vtc=1&random=679082953&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:57 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/783161191/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/783161191/?random=1586549457026&cv=9&fst=1586548800000&num=1&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&frm=0&url=https%3A%2F%2Fwww.gesa.com%2F&tiba=Home%20-%20Gesa%20Credit%20Union&async=1&fmt=3&is_vtc=1&random=679082953&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:57 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/794148304/ 42 B
118 B 19ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794148304/?random=1586549457028&cv=9&fst=1586548800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&frm=0&url=https%3A%2F%2Fwww.gesa.com%2F&tiba=Home%20-%20Gesa%20Credit%20Union&async=1&fmt=3&is_vtc=1&random=1551396718&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:57 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/794148304/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/794148304/?random=1586549457028&cv=9&fst=1586548800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&frm=0&url=https%3A%2F%2Fwww.gesa.com%2F&tiba=Home%20-%20Gesa%20Credit%20Union&async=1&fmt=3&is_vtc=1&random=1551396718&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 10 Apr 2020 20:10:57 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
250 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=309829729581526&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2F&rl=&if=false&ts=1586549457075&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&fbp=fb.1.1586549457074.720335405&it=1586549456960&coo=false&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT, Fri, 10 Apr 2020 20:10:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 10 Apr 2020 20:10:57 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=802797680067475&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2F&rl=&if=false&ts=1586549457076&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&fbp=fb.1.1586549457074.720335405&it=1586549456960&coo=false&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:57 GMT, Fri, 10 Apr 2020 20:10:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 10 Apr 2020 20:10:57 GMT

GET
H2 500 track.php Show response
app.marketplan.io/ 0
84 B 396ms
134ms XHR
text/html 74.208.230.218
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.marketplan.io/track.php?pid=2&mpageid=undefined&user=marama&ref=&jsurl=https%3A%2F%2Fwww.gesa.com%2F
Requested by: Host: app.marketplan.io
URL: https://app.marketplan.io/track.js?x=1586549456949
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 74.208.230.218 , United States, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS: u20835219.onlinehome-server.com
Software: nginx / PHP/7.2.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 500
date: Fri, 10 Apr 2020 20:10:57 GMT
server: nginx
x-powered-by: PHP/7.2.19
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 pixel
bid.g.doubleclick.net/xbbe/ Frame A3C2 0
0 82ms
29ms Document
text/html 74.125.206.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.gesa.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.gesa.com/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 10 Apr 2020 20:10:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 10-Apr-2020 20:25:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000
expires: Fri, 10 Apr 2020 20:10:59 GMT
cache-control: private

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
233 B 32ms
31ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=818329955&v=1.1&a=6433123&pu=https%3A%2F%2Fwww.gesa.com%2F&t=Home+-+Gesa+Credit+Union&cts=1586549459556&vi=cf38bd93eeb5bd95cd326836df16d8c1&nc=true&u=112026331.cf38bd93eeb5bd95cd326836df16d8c1.1586549459553.1586549459553.1586549459553.1&b=112026331.1.1586549459553

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 10 Apr 2020 20:10:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 581f1d4a389cc2bd-FRA
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 206 Message_Received_-_FB_Notification_3_b2vbzc.mp3
assets.payjo.co/videos/ 19 KB
19 KB 25ms
24ms Media
audio/mp3 13.225.73.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.payjo.co/videos/Message_Received_-_FB_Notification_3_b2vbzc.mp3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.73.57 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-57.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc39fa3a310520939c76370d5382aa5ecc1836994bd212a9989a34c3e2aa431

Request headers

Referer: https://www.gesa.com/
Sec-Fetch-Dest: audio
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 10 Apr 2020 16:33:25 GMT
via: 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront)
last-modified: Mon, 26 Feb 2018 11:21:13 GMT
server: AmazonS3
age: 13057
etag: "d550fb78d3a2ac6d164093349a96675e"
x-cache: Hit from cloudfront
content-type: audio/mp3
status: 206
cache-control: max-age=2592000
Content-Range: bytes 0-19485/19486
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
Content-Length: 19486
x-amz-cf-id: jYehUMOI9Fh8f7l7p1bxbtct5ybFpV2QhsIZnSRK0Xy1bNKKh9eAgA==

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gesa.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.gesa.com/	1970-01-19 08:42:31	Name: __hssc Value: 112026331.1.1586549459553
.gesa.com/	1970-01-19 18:04:05	Name: hubspotutk Value: cf38bd93eeb5bd95cd326836df16d8c1
.gesa.com/	1970-01-19 18:04:05	Name: __hstc Value: 112026331.cf38bd93eeb5bd95cd326836df16d8c1.1586549459553.1586549459553.1586549459553.1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.gesa.com/media/jui/js/jquery-migrate.min.js?bda5884c6e2012644b6ae230398f4165(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://app.marketplan.io/track.js?x=1586549456949(Line 3) Message: t

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.marketplan.io
assets.interface.ai
assets.payjo.co
bid.g.doubleclick.net
cdnjs.cloudflare.com
clicktime.symantec.com
connect.facebook.net
csp.tsrs.cloud
google-analytics.bi.owox.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
p.typekit.net
ssl.google-analytics.com
stats.g.doubleclick.net
track.hubspot.com
use.typekit.net
widget-gesa.interface.ai
www.facebook.com
www.gesa.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.111.215.74
13.225.73.57
143.204.97.125
143.204.97.74
149.126.77.13
172.217.23.162
2606:4700::6810:85e5
2606:4700::6811:45b0
2606:4700::6811:d4cc
2606:4700::6812:14bf
2606:4700::6813:9b53
2a00:1450:4001:800::2008
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:814::2008
2a00:1450:4001:817::2002
2a00:1450:4001:817::200e
2a00:1450:400c:c00::9a
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.246.220.115
35.186.228.179
52.11.60.74
74.125.206.155
74.208.230.218
018cd6bac1901e39702bde0232b90382ebf0305e07c2c4c9e413818175ed9de5
043102135196e16ff1789f22713bd3cf086a52f6826ecc004ddffcb2f6ad13ff
04f38294f5c74a9a358d5cb2036b3553e66887b83723ca4adbcf564a907cd5d3
04f5e4738d6ff6e7a985d57e05a63aad55a1932a5c6f8ed7eea2c61b8d52dce1
08afc989dbb4d1289bce2627057595f3c7364103a2dfdb9baab3535ca547c548
0cba80d4f42cefe897e73008396886daa4b9137631f2ec7de6e4513c53f1736b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
110c1710c16e512531ec6c37fa2e990f3605d94422e4c2e84d1882bdf245dba2
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
155b7d9620cb2ca0a3f455e32c2606c4f079c842c7d2fac0ce5eab28b29669a0
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c8d91e072b92f023b5cafca6b7f6d83acbba90eb9beebb8851a8545ad11b68f
1f9f3cb42ce7173ac732bca48c7e3f778111582f1b85eabdc0f3d9c0773c286d
20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc
219119b0dfb4b53bf518a3be743821cae24d6890cf9c034640b69b17cad90ca2
2529cda012eee779fafdd2ab6bb9a8aa5de2afa8d84885184d52d965292437df
2a6623616b93dbefe7d9941230015d38ffebdc220363f032e731c844d5410eba
2dec7a5d124b9bc972f3209384ccd1c7a2e6fe6a00d5e02422d6b0098ee11887
38a5ef172e398d91172f1cdc3378b389cf046d0e6e21296771cd46b6e3e0464e
412b6163cd711df612c01da0e81bb483482450c78ca3688b17ef6e9df13522dc
4239a7e96bfe01ad5fe9fed999d11f072a2f9ce50bedb757a11df61a769b2cc9
46438fa269f3c172286b81be52a5de84753d68dcc6580f6a98b7942cf129bdc1
46dc685a1f941cba38106bf2c7ebdaa3e2549837ba9cb4d6683c2ac4b2ea4da4
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b4655fc3103e06a163fa000eedaa8702617c49bda178b139d03f0a9ac33846d
500245700701d5ee30ac3028eb41ed6921a9522eaf74da267fe4f60bfa2d8945
53ff7317219b58ccf50cf5e9f6a1ac43790ed0538d39c10295b2f8f217afaac8
5606596ef821549fc97be9eee206d55a0a5d6b49e6b83f922dcc2ac5597b4877
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6
5c0437cf74bc6cf4e8db36447cf01a9544271ac89a78a7958a6f9cf803ca8c53
608919751e567a4836789e8566fc37a18b482cf6c01767cb8b308934e6e8702a
6a507c948bb93ed95df06ab34ba8181cc9037af90a15f5c7088d703f5264c8b5
743b93f19aa21fdce88f36181b48af8fe5a03559a75aae03097aac46bf28d960
7d6dc445434df5642294b345c9439550818c7646eef2409a6fa4af23069a5292
7dee612d7d5a9d046403e70c976b5fe0d7a8b229ca08cd6e7809d3ef8c8b4330
7e98a5bc74b6714509037605c45d73a57596694bed94b34f6a39fd1cd7c102de
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85aea14fc481ff476a5af522a48ebc88f58c5f55c42bd784de18912f6a95a37c
88e216eefc4d35f9f5eff255544e798e6d5f4792787c4e10b5e3eec700a753ee
8d5ba4611226fa7fc280ade8a3e6fbc89057a401bd50bc924047d949e5f6f9f3
91c147b51dc626675a56ee671ac1720b2cfa14adfd7307b78cacda098b935749
95a8827147009dbb66c6273a554580d0251f67bef2fd6dbb0aea14bcb8235f85
9caa60dc0b10effe791a02b11839d19d55d208a80345defe849bf5b281701ef4
9cd1e025d70829dcf878256ed8358f8362c54a92d137a5814704e0e349799dfc
a91bdb3afe0005e211f65757e83da0797475ab5ded58aa5d88bb79146ff9606b
abf3e5e1f9758ad8ab63b386dc9379f0daf2c7899f52c34a231d082274fd87ba
bd9f024524eb156e3efe0bc6da368781546bbe5e68576de2b891ffba12dc1352
cc5b044a794f7571234334ae15b218e94a8f3194087f3498c8ee160c21a847a6
d218e9a8c49934fc9b26ab4c20011c242a3d06060809b3bd1d1f48c086719a44
d5307228c34c70979637ce52b02a5a887fe7c79069779b7618a92135cb3df90a
d795d14eca029ea369162e83d231feb2dd497e719862b4ef4fe1759096d03777
dbc39fa3a310520939c76370d5382aa5ecc1836994bd212a9989a34c3e2aa431
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eb9282ec520e32af61320303c1c1b0179d2c0c0b8a0f781469d7660eb97f1726
eda9d9d8ac803f0d928089da72ad120e52cdfeb44a67edc7bdbda735097d196d
ee43222bc3a3d6c1cab5dc4115bd2a3c2b348f4b4e448283e0eaca84de6763d6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f19c8327473c233a211c94f4d82212711805d9f40b02cab02e477a40429750ca
f28ab017d089ea31d3a87a317ac6e8b0eab9179004207941b21fb624a202a2c5
f2f2ed73b18d393f997a4e3ac7d7ad6b14960e3e00ecd0217172b5f4f3f0367f
f850af02db03ca231e2ee86af511350edde2cab013679ebb6f41b0f3f2bc90cf
f85f15e28992dc227ea14115687c0e6cf141211d6291117e58db87c16e4d97e2
ffd69fe47638ddab4d2d063208bcba11e4ef1eed27b4101de18c9ac3ab5587f7

www.gesa.com Open in urlscan Pro 149.126.77.13 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

78 Requests

100 %HTTPS

56 %IPv6

21 Domains

26 Subdomains

24 IPs

5 Countries

6187 kBTransfer

6792 kBSize

4 Cookies

9 Outgoing links

Page URL History

Redirected requests

78 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.gesa.com Open in urlscan Pro
149.126.77.13 Public Scan

Screenshot
Live screenshot

Full Image

78
Requests

100 %
HTTPS

56 %
IPv6

21
Domains

26
Subdomains

24
IPs

5
Countries

6187 kB
Transfer

6792 kB
Size

4
Cookies

78 HTTP transactions
1 data transactions