urlscan.io logo urlscan.io
SecurityTrails logo

gavi.bucketlist.org Open in urlscan Pro
2606:4700:3108::ac42:2b2e  Public Scan

Go To Rescan Add Verdict Report
URL: https://gavi.bucketlist.org/
Submission: On November 28 via manual from CH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3108::ac42:2b2e, located in United States and belongs to CLOUDFLARENET, US. The main domain is gavi.bucketlist.org.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 7th 2022. Valid for: a year.
This is the only time gavi.bucketlist.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 2606:4700:310... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.217.40.60 16509 (AMAZON-02)
4 99.86.8.175 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.208.188.127 16509 (AMAZON-02)
20 6
12    2606:4700:3108::ac42:2b2e (United States)

ASN13335 (CLOUDFLARENET, US)
gavi.bucketlist.org
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    52.217.40.60 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
blcorp-media.s3.amazonaws.com
4    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    34.208.188.127 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-188-127.us-west-2.compute.amazonaws.com
api.segment.io
Apex Domain
Subdomains		 Transfer
12 bucketlist.org
gavi.bucketlist.org
204 KB
4 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1836
33 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1159
177 B
1 gstatic.com
fonts.gstatic.com
24 KB
1 amazonaws.com
blcorp-media.s3.amazonaws.com — Cisco Umbrella Rank: 903216
46 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 107
933 B
20 6
Domain Requested by
12 gavi.bucketlist.org gavi.bucketlist.org
4 cdn.segment.com gavi.bucketlist.org
cdn.segment.com
1 api.segment.io cdn.segment.com
1 fonts.gstatic.com fonts.googleapis.com
1 blcorp-media.s3.amazonaws.com gavi.bucketlist.org
1 fonts.googleapis.com gavi.bucketlist.org
20 6

This site contains links to these domains. Also see Links.

Domain
bucketlistrewards.com
Subject Issuer Validity Valid
*.bucketlist.org
Sectigo RSA Domain Validation Secure Server CA		 2022-03-07 -
2023-04-05		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
*.s3.amazonaws.com
Amazon		 2022-09-21 -
2023-08-26		 a year crt.sh
*.segment.com
Amazon		 2022-01-12 -
2023-02-10		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://gavi.bucketlist.org/
Frame ID: A7C5458190DD60C2175B51884DEEB67B
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bucketlist.org for Gavi, the Vaccine Alliancedescribe-iconExperience Seasons

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

20
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

307 kB
Transfer

883 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
gavi.bucketlist.org/ 		56 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec3ce585d950546cf07e25327c6521686f6095a5916be24b36fe55fd16d92607
Security Headers
Name Value
Content-Security-Policy frame-src https://*.youtube.com https://player.vimeo.com; manifest-src 'self'; media-src 'self' https://media.tenor.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://blcorp-media.s3.amazonaws.com/ https://cdn.segment.com https://browser.sentry-cdn.com https://maps.googleapis.com https://www.google.com/jsapi https://www.gstatic.com/charts/ https://code.jquery.com/jquery-2.2.4.min.js; default-src 'none'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://blcorp-media.s3.amazonaws.com/ https://fonts.googleapis.com https://www.gstatic.com/charts/; img-src https: data:; connect-src 'self' https://api.segment.io https://cdn.segment.com https://api.tenor.com/ https://maps.googleapis.com https://vimeo.com/api/v2/video/
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
77134c853c285c85-FRA
content-encoding
gzip
content-language
en
content-security-policy
frame-src https://*.youtube.com https://player.vimeo.com; manifest-src 'self'; media-src 'self' https://media.tenor.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://blcorp-media.s3.amazonaws.com/ https://cdn.segment.com https://browser.sentry-cdn.com https://maps.googleapis.com https://www.google.com/jsapi https://www.gstatic.com/charts/ https://code.jquery.com/jquery-2.2.4.min.js; default-src 'none'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://blcorp-media.s3.amazonaws.com/ https://fonts.googleapis.com https://www.gstatic.com/charts/; img-src https: data:; connect-src 'self' https://api.segment.io https://cdn.segment.com https://api.tenor.com/ https://maps.googleapis.com https://vimeo.com/api/v2/video/
content-type
text/html; charset=utf-8
date
Mon, 28 Nov 2022 13:02:36 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding,Authorization, Cookie, Accept-Language
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
db1e7baa705b.css
gavi.bucketlist.org/static/CACHE/css/ 		143 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/static/CACHE/css/db1e7baa705b.css
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3d3112970924c221becf5f1a3241c22ed5b53f15c1b5c19d815b9fe1e69e930
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Thu, 24 Nov 2022 02:43:07 GMT
server
cloudflare
content-encoding
gzip
etag
W/"637eda3b-23c49"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
max-age=14400
cf-ray
77134c86af485c85-FRA
067995ca9329.css
gavi.bucketlist.org/static/CACHE/css/ 		406 KB
71 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/static/CACHE/css/067995ca9329.css
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e042ae1aa30ec3e3444078f5f5f361ff5fffee619f85e80021d804e201b2257d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Thu, 24 Nov 2022 02:43:14 GMT
server
cloudflare
content-encoding
gzip
etag
W/"637eda42-65860"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
max-age=14400
cf-ray
77134c86af4c5c85-FRA
css
fonts.googleapis.com/ 		3 KB
933 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,300,700,900
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5ef043454b128260dda530a42312fbb985505034036cd3f3ea23cfe324a7905b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 28 Nov 2022 13:02:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 28 Nov 2022 12:36:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 28 Nov 2022 13:02:36 GMT
4b16eefd6032.js
gavi.bucketlist.org/static/CACHE/js/ 		477 B
324 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/static/CACHE/js/4b16eefd6032.js
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c9939efcae7910f883d4e41b686f794faa7191704281e63ab5665c007859fff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Thu, 24 Nov 2022 02:43:14 GMT
server
cloudflare
content-encoding
gzip
etag
W/"637eda42-1dd"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77134c86af4d5c85-FRA
54e2d214-ffc9-4e31-8046-47795981a30a.png
blcorp-media.s3.amazonaws.com/live/upload/company/501/2021/10/05/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blcorp-media.s3.amazonaws.com/live/upload/company/501/2021/10/05/54e2d214-ffc9-4e31-8046-47795981a30a.png
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.40.60 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e4f700e763ba4335c210062b1a4e29036f83f1c54dae246fb1c0269f06f71c4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date
Mon, 28 Nov 2022 13:02:38 GMT
Last-Modified
Tue, 05 Oct 2021 04:13:34 GMT
Server
AmazonS3
x-amz-request-id
WK1XB6QMWA585SZJ
ETag
"8649d90032c71abf1e9302dd2a0a1292"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
46886
x-amz-id-2
kv0WuxDVE2mgIKgwpr1pNYNlBmGkz7yK63LGuE/wUWachXm8Mn2wa9XcerU9O0XK7CzBLCnIJMc=
logo.png
gavi.bucketlist.org/static/company/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gavi.bucketlist.org/static/company/img/logo.png
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e79ea7a38b531fd2ae2f0a1d44952748d2b16757ac057101b86f115fa11f7cae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 08 Jun 2021 18:18:08 GMT
server
cloudflare
etag
"60bfb460-1e9f"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77134c897da25c85-FRA
content-length
7839
set-goals-icon.svg
gavi.bucketlist.org/static/company/img/svg/ 		666 B
503 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gavi.bucketlist.org/static/company/img/svg/set-goals-icon.svg
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9e0b9a3fc63a92455d4517903a9597790d7d6a839f92d0e18baa9b72bcccd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 11 Apr 2017 10:10:33 GMT
server
cloudflare
content-encoding
gzip
etag
W/"58ecab99-29a"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
77134c897da55c85-FRA
get-inspired-icon.svg
gavi.bucketlist.org/static/company/img/svg/ 		937 B
540 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gavi.bucketlist.org/static/company/img/svg/get-inspired-icon.svg
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93d3406eecaec54852ed9cb92701f22a4a0e7897afbfedaaf9682526b94e7044
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 11 Apr 2017 10:10:33 GMT
server
cloudflare
content-encoding
gzip
etag
W/"58ecab99-3a9"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
77134c897da85c85-FRA
points-icon.svg
gavi.bucketlist.org/static/company/img/svg/ 		332 B
313 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gavi.bucketlist.org/static/company/img/svg/points-icon.svg
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c760b022bdd64e28c310fb3198dfe75c14032f73673f89c621ea634d761a8827
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 11 Apr 2017 10:10:33 GMT
server
cloudflare
content-encoding
gzip
etag
W/"58ecab99-14c"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
77134c897dab5c85-FRA
redirects.js
gavi.bucketlist.org/static/company/js/ 		307 B
291 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/static/company/js/redirects.js
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d082fe3ee3b6dc1a437b700c4228f4cc13c9a2a9437c672a6d3f7be40b4132f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Wed, 16 Nov 2022 03:22:20 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6374576c-133"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77134c882a525c85-FRA
classList.min.js
gavi.bucketlist.org/static/company/js/external_js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/static/company/js/external_js/classList.min.js
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e35842b7da642487e3909ca1162529765ea035fd07e5d0e4fda03b843d2e7da7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Wed, 16 Nov 2022 03:22:20 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6374576c-aaa"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77134c890c5f5c85-FRA
jstimezonedetect.min.js
gavi.bucketlist.org/static/company/js/external_js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/static/company/js/external_js/jstimezonedetect.min.js
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
902a88f509cfc8096570bcb45d7d954039cd379076def049cb28eb65a45ba9aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Wed, 16 Nov 2022 03:22:19 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6374576b-304d"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=14400
cf-ray
77134c896d515c85-FRA
analytics.min.js
cdn.segment.com/analytics.js/v1/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/ 		100 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/analytics.min.js
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6b3a68616b692e8c234b6a6c067a9152253c6b055cbc480f281ad39b507d78e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

x-amz-version-id
fcPUnwVbFz_c2GzkBNKOQ1NO3cg.J.Qp
content-encoding
br
via
1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
date
Mon, 28 Nov 2022 13:02:37 GMT
x-amz-cf-pop
FRA6-C1
age
17
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 21 Nov 2022 20:05:53 GMT
server
AmazonS3
etag
W/"f7d9a3a2a49f5110343c59f7fe9beafa"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
MlornwvgBu56RqsE_e61T5otsXIyxO2ztzt1ul7w8oHjHQS5V_-v_Q==
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://gavi.bucketlist.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Tue, 22 Nov 2022 17:07:14 GMT
x-content-type-options
nosniff
age
503723
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:48:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Nov 2023 17:07:14 GMT
fontawesome-webfont.woff2
gavi.bucketlist.org/static/company/bower_components/font-awesome/fonts/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gavi.bucketlist.org/static/company/bower_components/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3&e6cf7c6ec7c2
Requested by
Host: gavi.bucketlist.org
URL: https://gavi.bucketlist.org/static/CACHE/css/db1e7baa705b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b2e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://gavi.bucketlist.org/static/CACHE/css/db1e7baa705b.css
Origin
https://gavi.bucketlist.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Tue, 22 Nov 2016 01:33:52 GMT
server
cloudflare
etag
"5833a080-118d8"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77134c89be435c85-FRA
content-length
71896
settings
cdn.segment.com/v1/projects/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7ac105c627520948b757d844a97bfdab965d57750fe1fa5b1c3a804fbc04dcfd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

x-amz-version-id
c7mcWw6PhACUJToxiCbFSRlDURF8df4Z
content-encoding
br
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
date
Mon, 28 Nov 2022 10:06:05 GMT
x-amz-cf-pop
FRA6-C1
age
10593
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 09 May 2022 22:43:13 GMT
server
AmazonS3
etag
W/"dd552bba1caaa6fa1a04f284d82fe6bf"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
2oPLqJPVK8_IlaUN-vlzFpO2Yi2zHARoI-5MNkDKnWsq9N52GXqgJA==
ajs-destination.bundle.f10d3096539d72f6123e.js
cdn.segment.com/analytics-next/bundles/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.f10d3096539d72f6123e.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d69f268036b3545e930a8b74711a739e7e973debc9bd006841cbd2a558b44432

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 21:48:16 GMT
x-amz-version-id
3Hf4h.Co5DPn4jNS77iC2GtWq8FAh9Ck
content-encoding
br
via
1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
573262
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 21 Nov 2022 21:43:29 GMT
server
AmazonS3
etag
W/"3fe4d92339c7d21c57f0044fcdcf5274"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
AldLSoEyrpJspEQ4B-6iFPwOQiRejPvD2RDFdkLUoNWvBttx21-lEg==
schemaFilter.bundle.debb169c1abb431faaa6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.debb169c1abb431faaa6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gavi.bucketlist.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date
Sat, 05 Nov 2022 02:10:35 GMT
x-amz-version-id
PLd.pUpm7LMRbNOoL15lZ8ocuYHxqnzt
content-encoding
br
via
1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
2026323
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Sat, 05 Nov 2022 01:03:42 GMT
server
AmazonS3
etag
W/"3e448afdfea355c0f19700d04431ce7d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
PxbrzEQ0f5fMUmRoFuU5d_eRWXlYxBrZO3Rhz9j_t8RyPRO3NxnUbQ==
p
api.segment.io/v1/ 		21 B
177 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/7hJdJIt6rIdiG0KvWKFBGCPlCxLjvXmQ/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.208.188.127 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-208-188-127.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://gavi.bucketlist.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://gavi.bucketlist.org
date
Mon, 28 Nov 2022 13:02:37 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| bucketlistAnalytics object| analytics object| existingSvgsBySrc object| existingSvgsByIds function| reworkSVG function| retrieveSvgAsset function| convertImageToSvg function| parseHTML object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| jstz

3 Cookies

Domain/Path Name / Value
gavi.bucketlist.org/ Name: django_language
Value: en
gavi.bucketlist.org/ Name: csrftoken
Value: cpE6OUtIcR205JTuNIiN4RDodQ3LZ7Eacnm4VSlJjSg886kBw9ZOP6DIBQBXl6Rm
.bucketlist.org/ Name: ajs_anonymous_id
Value: ba53d236-c182-4501-bb62-63df1c3bb8e1

1 Console Messages

Source Level URL
Text
rendering warning URL: https://gavi.bucketlist.org/(Line 5)
Message:
The key "target-densitydpi" is not supported.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src https://*.youtube.com https://player.vimeo.com; manifest-src 'self'; media-src 'self' https://media.tenor.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://blcorp-media.s3.amazonaws.com/ https://cdn.segment.com https://browser.sentry-cdn.com https://maps.googleapis.com https://www.google.com/jsapi https://www.gstatic.com/charts/ https://code.jquery.com/jquery-2.2.4.min.js; default-src 'none'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://blcorp-media.s3.amazonaws.com/ https://fonts.googleapis.com https://www.gstatic.com/charts/; img-src https: data:; connect-src 'self' https://api.segment.io https://cdn.segment.com https://api.tenor.com/ https://maps.googleapis.com https://vimeo.com/api/v2/video/
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
blcorp-media.s3.amazonaws.com
cdn.segment.com
fonts.googleapis.com
fonts.gstatic.com
gavi.bucketlist.org
2606:4700:3108::ac42:2b2e
2a00:1450:4001:802::200a
2a00:1450:4001:830::2003
34.208.188.127
52.217.40.60
99.86.8.175
0c9e0b9a3fc63a92455d4517903a9597790d7d6a839f92d0e18baa9b72bcccd6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
5ef043454b128260dda530a42312fbb985505034036cd3f3ea23cfe324a7905b
6b3a68616b692e8c234b6a6c067a9152253c6b055cbc480f281ad39b507d78e4
7ac105c627520948b757d844a97bfdab965d57750fe1fa5b1c3a804fbc04dcfd
7c9939efcae7910f883d4e41b686f794faa7191704281e63ab5665c007859fff
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
902a88f509cfc8096570bcb45d7d954039cd379076def049cb28eb65a45ba9aa
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
93d3406eecaec54852ed9cb92701f22a4a0e7897afbfedaaf9682526b94e7044
a3d3112970924c221becf5f1a3241c22ed5b53f15c1b5c19d815b9fe1e69e930
c760b022bdd64e28c310fb3198dfe75c14032f73673f89c621ea634d761a8827
d082fe3ee3b6dc1a437b700c4228f4cc13c9a2a9437c672a6d3f7be40b4132f3
d69f268036b3545e930a8b74711a739e7e973debc9bd006841cbd2a558b44432
e042ae1aa30ec3e3444078f5f5f361ff5fffee619f85e80021d804e201b2257d
e35842b7da642487e3909ca1162529765ea035fd07e5d0e4fda03b843d2e7da7
e4f700e763ba4335c210062b1a4e29036f83f1c54dae246fb1c0269f06f71c4d
e79ea7a38b531fd2ae2f0a1d44952748d2b16757ac057101b86f115fa11f7cae
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42
ec3ce585d950546cf07e25327c6521686f6095a5916be24b36fe55fd16d92607