www.workingadvantage.com Open in urlscan Pro
104.18.20.78 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://e.email.workingadvantage.com/click/EbGluZGEucm9iYmluc0Bzd2VkaXNoLm9yZw/CeyJtaWQiOiIxNjM2NjQwNTYyMzI3ZGMyZTI2NGNlM2QzIiwiY3QiO...
Effective URL:
https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&s...
Submission: On November 11 via api (November 11th 2021, 4:02:41 pm UTC) from US — Scanned from DE

Summary HTTP 162 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 63 IPs in 8 countries across 46 domains to perform 162 HTTP transactions. The main IP is 104.18.20.78, located in and belongs to CLOUDFLARENET, US. The main domain is www.workingadvantage.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 29th 2021. Valid for: a year.

This is the only time www.workingadvantage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	96.47.20.26 96.47.20.26	46263 (EDIALOG) (EDIALOG)
2 42	104.18.20.78 104.18.20.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.236.154.122 54.236.154.122	14618 (AMAZON-AES) (AMAZON-AES)
9	2a02:26f0:6c0... 2a02:26f0:6c00:28a::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:6c0... 2a02:26f0:6c00:2ba::10fe	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	173.201.201.4 173.201.201.4	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
11	199.101.26.126 199.101.26.126	33411 (BRIGHTPAT...) (BRIGHTPATTERNSC)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	63.32.159.255 63.32.159.255	16509 (AMAZON-02) (AMAZON-02)
1 2	143.204.98.95 143.204.98.95	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	23.111.9.38 23.111.9.38	33438 (HIGHWINDS2) (HIGHWINDS2)
1	54.171.163.246 54.171.163.246	16509 (AMAZON-02) (AMAZON-02)
3	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1 1	54.154.165.122 54.154.165.122	16509 (AMAZON-02) (AMAZON-02)
1	34.250.124.91 34.250.124.91	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
2 5	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1	44.236.162.197 44.236.162.197	16509 (AMAZON-02) (AMAZON-02)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
1	2600:9000:215... 2600:9000:2156:8a00:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	199.38.167.35 199.38.167.35	54312 (ROCKETFUEL) (ROCKETFUEL)
1	143.204.98.63 143.204.98.63	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	34.230.174.180 34.230.174.180	14618 (AMAZON-AES) (AMAZON-AES)
2 6	199.38.167.128 199.38.167.128	54312 (ROCKETFUEL) (ROCKETFUEL)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	143.204.101.87 143.204.101.87	16509 (AMAZON-02) (AMAZON-02)
2	54.236.99.14 54.236.99.14	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.165.115.120 35.165.115.120	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:215... 2600:9000:2156:c00:19:597a:e108:c5a1	16509 (AMAZON-02) (AMAZON-02)
1	54.244.189.41 54.244.189.41	16509 (AMAZON-02) (AMAZON-02)
1	23.20.220.17 23.20.220.17	14618 (AMAZON-AES) (AMAZON-AES)
2 2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	8.39.36.141 8.39.36.141	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	3.122.214.165 3.122.214.165	16509 (AMAZON-02) (AMAZON-02)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.57.82.36 52.57.82.36	16509 (AMAZON-02) (AMAZON-02)
1 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	52.73.93.37 52.73.93.37	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2600:1f18:612... 2600:1f18:612b:4264:c62f:533:271f:3e7e	14618 (AMAZON-AES) (AMAZON-AES)
1	18.169.90.17 18.169.90.17	16509 (AMAZON-02) (AMAZON-02)
1	52.17.218.77 52.17.218.77	16509 (AMAZON-02) (AMAZON-02)
1 2	3.127.120.47 3.127.120.47	16509 (AMAZON-02) (AMAZON-02)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
8	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
3	162.247.243.147 162.247.243.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	44.237.157.168 44.237.157.168	16509 (AMAZON-02) (AMAZON-02)
1	44.238.216.23 44.238.216.23	16509 (AMAZON-02) (AMAZON-02)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
162	63

1 96.47.20.26 (United States) 1 redirects

ASN46263 (EDIALOG, US)
PTR: citizensbank.mx2.bm16.maas.zetaglobal.net

e.email.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 104.18.20.78 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.236.154.122 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-154-122.compute-1.amazonaws.com

initjs.rfk.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:26f0:6c00:28a::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:2ba::10fe (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdnapisec.kaltura.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.201.201.4 (United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-173-201-201-4.ip.secureserver.net

seal.godaddy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 199.101.26.126 (United States)

ASN33411 (BRIGHTPATTERNSC, US)

ebgcc.brightpattern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 63.32.159.255 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.95 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-95.fra50.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.38 (United States)

ASN33438 (HIGHWINDS2, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.163.246 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

entertainmentbenefitsgroupllc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

smetrics.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.165.122 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-165-122.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.124.91 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-124-91.eu-west-1.compute.amazonaws.com

starget.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

6479484.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9767737.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.236.162.197 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-236-162-197.us-west-2.compute.amazonaws.com

dx.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

409-bcn-480.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:8a00:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.35 (United States)

ASN54312 (ROCKETFUEL, US)

com-workadv.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-63.fra50.r.cloudfront.net

cdn.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.230.174.180 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-174-180.compute-1.amazonaws.com

people.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 199.38.167.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

20835101p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.101.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-87.fra50.r.cloudfront.net

d26opx5dl8t69i.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.236.99.14 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-99-14.compute-1.amazonaws.com

alweb.rfk.workingadvantage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.53 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.165.115.120 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-165-115-120.us-west-2.compute.amazonaws.com

stats.kaltura.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:c00:19:597a:e108:c5a1 (United States)

ASN16509 (AMAZON-02, US)

cfvod.kaltura.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.244.189.41 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-244-189-41.us-west-2.compute.amazonaws.com

analytics.kaltura.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.20.220.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-220-17.compute-1.amazonaws.com

events.api.boomtrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.220.243 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.141 (Los Angeles, United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.214.165 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.57.82.36 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-82-36.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.73.93.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-93-37.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:c62f:533:271f:3e7e (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.90.17 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.218.77 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-218-77.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.120.47 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-120-47.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn5bxs0kfcxmozrm9-ebg.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.237.157.168 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-237-157-168.us-west-2.compute.amazonaws.com

px.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.238.216.23 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-216-23.us-west-2.compute.amazonaws.com

ww.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	workingadvantage.com 3 redirects e.email.workingadvantage.com www.workingadvantage.com initjs.rfk.workingadvantage.com smetrics.workingadvantage.com starget.workingadvantage.com alweb.rfk.workingadvantage.com	638 KB
11	qualtrics.com zn5bxs0kfcxmozrm9-ebg.siteintercept.qualtrics.com siteintercept.qualtrics.com	86 KB
11	brightpattern.com ebgcc.brightpattern.com	105 KB
9	doubleclick.net 4 redirects stats.g.doubleclick.net 6479484.fls.doubleclick.net 9767737.fls.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	6 KB
9	kaltura.com cdnapisec.kaltura.com stats.kaltura.com cfvod.kaltura.com analytics.kaltura.com	949 KB
9	adobedtm.com assets.adobedtm.com	152 KB
6	rfihub.com 2 redirects 20835101p.rfihub.com a.rfihub.com p.rfihub.com	9 KB
5	steelhousemedia.com dx.steelhousemedia.com px.steelhousemedia.com ww.steelhousemedia.com	9 KB
5	demdex.net 1 redirects dpm.demdex.net entertainmentbenefitsgroupllc.demdex.net	7 KB
4	google.de 1 redirects www.google.de adservice.google.de	2 KB
4	google.com www.google.com adservice.google.com	2 KB
3	adsrvr.org 2 redirects match.adsrvr.org insight.adsrvr.org	1 KB
3	nr-data.net bam-cell.nr-data.net	2 KB
3	rlcdn.com 1 redirects idsync.rlcdn.com	1011 B
3	adnxs.com 1 redirects secure.adnxs.com ib.adnxs.com	3 KB
3	boomtrain.com cdn.boomtrain.com people.api.boomtrain.com events.api.boomtrain.com	24 KB
3	gstatic.com fonts.gstatic.com	61 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	eyeota.net 1 redirects ps.eyeota.net	1 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
2	cloudfront.net d26opx5dl8t69i.cloudfront.net	86 KB
2	netmng.com com-workadv.netmng.com	6 KB
2	everesttech.net 2 redirects cm.everesttech.net sync-tm.everesttech.net	733 B
2	googletagmanager.com www.googletagmanager.com	86 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	rezync.com 1 redirects live.rezync.com	6 KB
2	marketo.net munchkin.marketo.net	6 KB
2	godaddy.com seal.godaddy.com	6 KB
1	newrelic.com js-agent.newrelic.com	16 KB
1	krxd.net beacon.krxd.net	338 B
1	agkn.com aa.agkn.com	238 B
1	tremorhub.com partners.tremorhub.com	183 B
1	addthis.com x.dlx.addthis.com	191 B
1	rtactivate.com bpi.rtactivate.com	109 B
1	serving-sys.com bs.serving-sys.com	105 B
1	media.net contextual.media.net	614 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	bluekai.com 1 redirects stags.bluekai.com	672 B
1	quantcount.com rules.quantcount.com	355 B
1	googleadservices.com www.googleadservices.com	15 KB
1	rfihub.net c1.rfihub.net	6 KB
1	mktoresp.com 409-bcn-480.mktoresp.com	311 B
1	mouseflow.com cdn.mouseflow.com	58 KB
162	46

	Domain	Requested by
42	www.workingadvantage.com	2 redirects www.workingadvantage.com
11	ebgcc.brightpattern.com	www.workingadvantage.com ebgcc.brightpattern.com
10	siteintercept.qualtrics.com	www.workingadvantage.com
9	assets.adobedtm.com	www.workingadvantage.com assets.adobedtm.com
4	p.rfihub.com	2 redirects
4	dpm.demdex.net	1 redirects www.workingadvantage.com
4	cdnapisec.kaltura.com	www.workingadvantage.com
3	px.steelhousemedia.com	www.workingadvantage.com
3	bam-cell.nr-data.net	www.workingadvantage.com
3	idsync.rlcdn.com	1 redirects www.workingadvantage.com
3	6479484.fls.doubleclick.net	1 redirects www.googletagmanager.com adservice.google.com
3	smetrics.workingadvantage.com	www.workingadvantage.com
3	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	www.workingadvantage.com
2	match.adsrvr.org	2 redirects
2	x.bidswitch.net	1 redirects
2	sync.search.spotxchange.com	1 redirects www.workingadvantage.com
2	dsum-sec.casalemedia.com	1 redirects www.workingadvantage.com
2	ps.eyeota.net	1 redirects
2	cm.g.doubleclick.net	2 redirects
2	cfvod.kaltura.com	www.workingadvantage.com
2	stats.kaltura.com	www.workingadvantage.com
2	secure.adnxs.com	1 redirects 6479484.fls.doubleclick.net
2	adservice.google.de	1 redirects adservice.google.com
2	alweb.rfk.workingadvantage.com	www.workingadvantage.com
2	d26opx5dl8t69i.cloudfront.net	www.workingadvantage.com
2	adservice.google.com	6479484.fls.doubleclick.net 9767737.fls.doubleclick.net
2	www.google.de	www.workingadvantage.com
2	www.google.com	www.workingadvantage.com
2	com-workadv.netmng.com	www.workingadvantage.com
2	9767737.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	www.googletagmanager.com	www.workingadvantage.com
2	www.google-analytics.com	www.workingadvantage.com
2	live.rezync.com	1 redirects www.workingadvantage.com
2	munchkin.marketo.net	www.workingadvantage.com
2	seal.godaddy.com	www.workingadvantage.com
1	insight.adsrvr.org
1	ww.steelhousemedia.com	www.workingadvantage.com
1	js-agent.newrelic.com	www.workingadvantage.com
1	zn5bxs0kfcxmozrm9-ebg.siteintercept.qualtrics.com	www.workingadvantage.com
1	sync-tm.everesttech.net	1 redirects
1	beacon.krxd.net	www.workingadvantage.com
1	aa.agkn.com	www.workingadvantage.com
1	partners.tremorhub.com	www.workingadvantage.com
1	x.dlx.addthis.com	www.workingadvantage.com
1	bpi.rtactivate.com	www.workingadvantage.com
1	bs.serving-sys.com	www.workingadvantage.com
1	contextual.media.net	www.workingadvantage.com
1	pixel.rubiconproject.com	www.workingadvantage.com
1	stags.bluekai.com	1 redirects
1	ib.adnxs.com	www.workingadvantage.com
1	a.rfihub.com	www.workingadvantage.com
1	events.api.boomtrain.com	www.workingadvantage.com
1	analytics.kaltura.com	www.workingadvantage.com
1	pixel.quantserve.com	www.workingadvantage.com
1	rules.quantcount.com	www.workingadvantage.com
1	secure.quantserve.com	www.workingadvantage.com
1	googleads.g.doubleclick.net	www.workingadvantage.com
1	20835101p.rfihub.com	www.workingadvantage.com
1	people.api.boomtrain.com	www.workingadvantage.com
1	www.googleadservices.com	www.workingadvantage.com
1	cdn.boomtrain.com	www.workingadvantage.com
1	c1.rfihub.net	www.workingadvantage.com
1	409-bcn-480.mktoresp.com	munchkin.marketo.net
1	dx.steelhousemedia.com	www.workingadvantage.com
1	stats.g.doubleclick.net	www.workingadvantage.com
1	starget.workingadvantage.com	www.workingadvantage.com
1	cm.everesttech.net	1 redirects
1	entertainmentbenefitsgroupllc.demdex.net	www.workingadvantage.com
1	cdn.mouseflow.com	www.workingadvantage.com
1	initjs.rfk.workingadvantage.com	www.workingadvantage.com
1	e.email.workingadvantage.com	1 redirects
162	72

This site contains links to these domains. Also see Links.

Domain
www.paypal.com
www.google.com
policies.google.com
tools.google.com
www.oracle.com
mouseflow.com
optout.networkadvertising.org
youradchoices.com
www.facebook.com
optout.aboutads.info
zetaglobal.com
www.sizmek.com

Subject Issuer	Validity	Valid
workingadvantage.com Cloudflare Inc ECC CA-3	`2021-10-29` - `2022-10-28`	a year	crt.sh
*.rfk.plumbenefits.com Amazon	`2021-03-18` - `2022-04-16`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.kaltura.com DigiCert SHA2 Secure Server CA	`2021-06-14` - `2022-06-22`	a year	crt.sh
mastercert.ext.pki.godaddy.com Go Daddy Secure Certificate Authority - G2	`2021-09-10` - `2022-10-12`	a year	crt.sh
*.brightpattern.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2020-10-26` - `2021-11-26`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.rezync.com Amazon	`2021-01-26` - `2022-02-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.mouseflow.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-12` - `2022-09-14`	2 years	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
smetrics.workingadvantage.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-05` - `2022-08-05`	a year	crt.sh
starget.ticketsatwork.com DigiCert SHA2 High Assurance Server CA	`2020-03-09` - `2022-03-14`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.steelhousemedia.com Go Daddy Secure Certificate Authority - G2	`2020-05-27` - `2022-07-16`	2 years	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
*.rfihub.net Sectigo RSA Domain Validation Secure Server CA	`2021-02-10` - `2022-02-10`	a year	crt.sh
*.netmng.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-04` - `2022-02-04`	a year	crt.sh
cdn.boomtrain.com Amazon	`2021-03-16` - `2022-04-14`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.api.boomtrain.com Amazon	`2020-12-16` - `2022-01-14`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
bs.serving-sys.com Amazon	`2021-05-10` - `2022-06-08`	a year	crt.sh
rtactivate.com Amazon	`2021-05-13` - `2022-06-11`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-10-18` - `2022-04-26`	6 months	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-24` - `2022-09-24`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Frame ID: 8FFE30C9D3C39F430DDD5F54CDABF337
Requests: 127 HTTP requests in this frame

Frame: https://entertainmentbenefitsgroupllc.demdex.net/dest5.html?d_nsid=0
Frame ID: F12E730B0C49B1E3BA644F74CD6C7AFE
Requests: 1 HTTP requests in this frame

Frame: https://6479484.fls.doubleclick.net/activityi;dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll
Frame ID: 1B581C98A31CEF39C2B0E9E283DD8C35
Requests: 1 HTTP requests in this frame

Frame: https://9767737.fls.doubleclick.net/activityi;dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll
Frame ID: 12FFAD0F511CB36F09B4CF200EBED20A
Requests: 1 HTTP requests in this frame

Frame: https://20835101p.rfihub.com/ca.html?ver=9&rb=42748&ca=20835101&pid=&pname=&ptype=&cust4=account%3A%20enroll&cust5=register_enroll&cust6=&cust7=&cust8=&cust9=&cust10=&cust11=&cust12=&cust13=&cust14=&cust15=&cust16=&cust17=&cust18=&cust19=&pe=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&pf=&ra=2721524907463566
Frame ID: 55E165BDE0463D956BAE557F0EC60811
Requests: 20 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll
Frame ID: 92860D6853BCF42DB11C4598A34AE219
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll
Frame ID: 6F28B22931B408EAE03D2975CB6E3BEC
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll
Frame ID: 6F609E03400E272F7CDF841709E5BFAA
Requests: 1 HTTP requests in this frame

Frame: https://6479484.fls.doubleclick.net/ddm/fls/r/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll
Frame ID: 7845069E8F2A0BD06827B270EFBBF672
Requests: 2 HTTP requests in this frame

Frame: https://cdnapisec.kaltura.com/html5/html5lib/v2.90/load.php?debug=false&lang=en&modules=Hlsjs%2CPolyfill_Set%2CacCheck%2CacPreview%2Cbase64_decode%2Cbase64_encode%2Cclass%2CcontrolBarContainer%2CcurrentTimeLabel%2CdurationLabel%2CexpandToggleBtn%2Cid3Tag%2CkAnalony%2Ckdark%2CkeyboardShortcuts%2CkgitGuard%2ClargePlayBtn%2CliveStream%2CmatchMedia%2CmorePlugins%2CnativeBridge%2CplayPauseBtn%2Cpolyfill_Array_filter%2CqualitySettings%2CreportError%2Cscreenfull%2Cscrubber%2CsideBarContainer%2CsourceSelector%2CstatisticsPlugin%2CtopBarContainer%2CunMuteOverlayButton%2Cutf8_encode%2CvolumeControl%7Cjquery.client%2Ccolor%2Ccookie%2Cdebouncedresize%2ChoverIntent%2CmessageBox%2CmwEmbedUtil%2CmwExtension%2CnaturalSize%7Cjquery.ui.core%2Cmouse%2Cposition%2Cslider%2Ctooltip%2CtouchPunch%2Cwidget%7Cmediawiki.Uri%2CUtilitiesTime%2CUtilitiesUrl%2Cclient%2CjqueryMsg%2Ckmenu%2Clanguage%2Cutil%7Cmediawiki.util.tmpl%7Cmw.EmbedPlayer%2CEmbedPlayerImageOverlay%2CEmbedPlayerKplayer%2CEmbedPlayerNative%2CEmbedPlayerNativeComponent%2CEmbedTypes%2CKAnalytics%2CKBaseButton%2CKBaseComponent%2CKBasePlugin%2CKBaseSmartContainer%2CKCuePoints%2CKDPMapping%2CKEntryLoader%2CKWidgetSupport%2CKalturaIframePlayerSetup%2CMediaElement%2CMediaPlayer%2CMediaPlayers%2CMediaSource%2CPlayerElement%2CPlayerElementFlash%2CPlayerElementHTML%2CPluginManager%7Cmw.MwEmbedSupport.style&pskwidgetpath=..%2Fkwidget-ps%2F&skin=no-theme&version=20210805T073204Z&*&protocol=https&wid=_1093992
Frame ID: DAE75BE33124A5BDF47141C335A8A447
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Working Advantage - Employee Discounts

Page URL History Show full URLs

https://e.email.workingadvantage.com/click/EbGluZGEucm9iYmluc0Bzd2VkaXNoLm9yZw/CeyJtaWQiOiIxNjM2NjQwNTYyMzI3ZGMyZ... HTTP 302
https://www.workingadvantage.com/pages.php?sub=elf-on-the-shelf-a-christmas-musical&utm_campaign=the-elf-on-t... HTTP 302
https://www.workingadvantage.com/pages.php?sub=elf-on-the-shelf-a-christmas-musical&utm_campaign=the-elf-on-t... HTTP 302
https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=No... Page URL

Page Statistics

162
Requests

93 %
HTTPS

25 %
IPv6

46
Domains

72
Subdomains

63
IPs

8
Countries

2377 kB
Transfer

6704 kB
Size

68
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypal.com/
Title: www.paypal.com

Search URL Search Domain Scan URL

URL: https://www.google.com/policies/privacy
Title: http://www.google.com/policies/privacy

Search URL Search Domain Scan URL

URL: https://policies.google.com/technologies/partner-sites
Title: https://policies.google.com/technologies/partner-sites

Search URL Search Domain Scan URL

URL: https://tools.google.com/dlpage/gaoptout/
Title: https://tools.google.com/dlpage/gaoptout/

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy?hl=en&fg=1
Title: https://policies.google.com/privacy?hl=en&fg=1

Search URL Search Domain Scan URL

URL: https://www.google.com/ads/preferences/
Title: http://www.google.com/ads/preferences/

Search URL Search Domain Scan URL

URL: https://www.oracle.com/legal/privacy/addthis-privacy-policy.html
Title: https://www.oracle.com/legal/privacy/addthis-privacy-policy.html

Search URL Search Domain Scan URL

URL: https://mouseflow.com/opt-out/
Title: https://mouseflow.com/opt-out/

Search URL Search Domain Scan URL

URL: https://optout.networkadvertising.org/?c=1
Title: https://optout.networkadvertising.org/?c=1

Search URL Search Domain Scan URL

URL: https://youradchoices.com/
Title: https://youradchoices.com/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/privacy/explanation
Title: https://www.facebook.com/privacy/explanation

Search URL Search Domain Scan URL

URL: https://www.facebook.com/business/help/742478679120153?id=1205376682832142
Title: https://www.facebook.com/business/help/742478679120153?id=1205376682832142

Search URL Search Domain Scan URL

URL: https://www.facebook.com/help/568137493302217
Title: https://www.facebook.com/help/568137493302217

Search URL Search Domain Scan URL

URL: http://optout.aboutads.info/?c=2&lang=EN
Title: http://optout.aboutads.info/?c=2&lang=EN

Search URL Search Domain Scan URL

URL: https://zetaglobal.com/privacy-policy/
Title: https://zetaglobal.com/privacy-policy/

Search URL Search Domain Scan URL

URL: https://www.sizmek.com/
Title: https://www.sizmek.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://e.email.workingadvantage.com/click/EbGluZGEucm9iYmluc0Bzd2VkaXNoLm9yZw/CeyJtaWQiOiIxNjM2NjQwNTYyMzI3ZGMyZTI2NGNlM2QzIiwiY3QiOiJlYmctd2EtMzU3MjZiYzQ5NGE0NmJhYTk3MjU3MGMyNjk0ODJjNDctMSIsInJkIjoic3dlZGlzaC5vcmcifQ/HWkhfZWJnd2FfTkRCQU0xMTExMjAyMTQ5OTgzMjEsZWIyLGh0dHBzOi8vd3d3LndvcmtpbmdhZHZhbnRhZ2UuY29tL3BhZ2VzLnBocA/qP3N1Yj1lbGYtb24tdGhlLXNoZWxmLWEtY2hyaXN0bWFzLW11c2ljYWwmdXRtX2NhbXBhaWduPXRoZS1lbGYtb24tdGhlLXNoZWxmJnV0bV9zb3VyY2U9ZW1haWwmdXRtX21lZGl1bT1Ob3ZlbWJlci0xMS0yMDIxLU1NRSZmcm9tYnVsbGV0aW49MSZjbHRoYXNoPWMzMDE0NmRjNDNlMWQ1ZjA1MjhjNWNlYjIzMWIxMjQyNjMwMGVjYmMmY21waWQ9ODE3NjkmdWlkPTk3MDI3ODkmY29udl9zb3VyY2U9emV0YSZidF9lZT1WTjJvcGt5REg5dlc0QmEzcVZxS3lFek8wcVBXMThVUkJubXVQcGFuZXoxZHpwY0FKNmN0ZnMySThWJTJGenVUZHAmYnRfdHM9MTYzNjY0MDQ1Njg0Ng/sj2ef5f88f7 HTTP 302
https://www.workingadvantage.com/pages.php?sub=elf-on-the-shelf-a-christmas-musical&utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&frombulletin=1&clthash=c30146dc43e1d5f0528c5ceb231b12426300ecbc&cmpid=81769&uid=9702789&conv_source=zeta&bt_ee=VN2opkyDH9vW4Ba3qVqKyEzO0qPW18URBnmuPpanez1dzpcAJ6ctfs2I8V%2FzuTdp&bt_ts=1636640456846 HTTP 302
https://www.workingadvantage.com/pages.php?sub=elf-on-the-shelf-a-christmas-musical&utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&clthash=c30146dc43e1d5f0528c5ceb231b12426300ecbc&uid=9702789&conv_source=zeta&bt_ee=VN2opkyDH9vW4Ba3qVqKyEzO0qPW18URBnmuPpanez1dzpcAJ6ctfs2I8V/zuTdp&bt_ts=1636640456846 HTTP 302
https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&ts=1636646549099 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&ts=1636646549099

Request Chain 57

https://cm.everesttech.net/cm/dd?d_uuid=55657467707516065170684355911014020782 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY0_lQAAAIHq3AQp

Request Chain 60

https://6479484.fls.doubleclick.net/activityi;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll HTTP 302
https://6479484.fls.doubleclick.net/activityi;dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Request Chain 61

https://9767737.fls.doubleclick.net/activityi;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll HTTP 302
https://9767737.fls.doubleclick.net/activityi;dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Request Chain 83

https://adservice.google.de/ddm/fls/i/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll HTTP 302
https://6479484.fls.doubleclick.net/ddm/fls/r/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Request Chain 93

https://secure.adnxs.com/seg?add=8083872&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D8083872%26t%3D2

Request Chain 109

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=OTY5NzUxNjc2Njg4NDEzNzQz&forward= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEMAtTQZJPQDZTfyg-FfvWpM&google_cver=1

Request Chain 111

https://stags.bluekai.com/site/4722?id=969751676688413743&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D HTTP 302
https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=

Request Chain 114

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=969751676688413743&bid=omt9pi0 HTTP 302
https://ps.eyeota.net/match/bounce/?uid=969751676688413743&bid=omt9pi0

Request Chain 117

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=969751676688413743&referrer=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=ed4fd974-7a3a-41bc-99c9-cad153a3760a%3A1636646549.34&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Ded4fd974-7a3a-41bc-99c9-cad153a3760a%253A1636646549.34 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=ed4fd974-7a3a-41bc-99c9-cad153a3760a%3A1636646549.34 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEGumR3bfHDsmn2fJTWRId5A&google_cver=1

Request Chain 119

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=969751676688413743&forward= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=969751676688413743&forward=&C=1

Request Chain 122

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=969751676688413743&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=969751676688413743&img=1&__user_check__=1&sync_id=c604b2b9-4308-11ec-91b9-11372f1a0406

Request Chain 126

https://x.bidswitch.net/sync?dsp_id=119&user_id=969751676688413743&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=969751676688413743&expires=30

Request Chain 127

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
https://p.rfihub.com/cm?in=1&pub=21653&userid=YY0_lQAAAIHq3AQp

Request Chain 158

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=c7421a67-4308-11ec-b448-e9a08f6fa8a7&gdpr=&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=c7421a67-4308-11ec-b448-e9a08f6fa8a7&gdpr=&gdpr_consent= HTTP 302
https://px.steelhousemedia.com/tdsync?tdid=768a7ee1-9343-4d46-a214-9ba7156aaeb8&shguid=c7421a67-4308-11ec-b448-e9a08f6fa8a7

162 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request account.php Show response
www.workingadvantage.com/
Redirect Chain

https://e.email.workingadvantage.com/click/EbGluZGEucm9iYmluc0Bzd2VkaXNoLm9yZw/CeyJtaWQiOiIxNjM2NjQwNTYyMzI3ZGMyZTI2NGNlM2QzIiwiY3QiOiJlYmctd2EtMzU3MjZiYzQ5NGE0NmJhYTk3MjU3MGMyNjk0ODJjNDctMSIsInJkI...
https://www.workingadvantage.com/pages.php?sub=elf-on-the-shelf-a-christmas-musical&utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&frombulletin=1&clthash=c30146d...
https://www.workingadvantage.com/pages.php?sub=elf-on-the-shelf-a-christmas-musical&utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&clthash=c30146dc43e1d5f0528c5c...
https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

311 KB
63 KB

512ms
511ms

Document
text/html

104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24ea2cc85ad332f5aee31825ffae0928417a46ee60c2e70627bcd9457912f698

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 11 Nov 2021 16:02:28 GMT
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: SAMEORIGIN
referrer-policy: unsafe-url
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6ac8bebfccbe4ee5-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Thu, 11 Nov 2021 16:02:28 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=5184000; includeSubDomains
x-frame-options: SAMEORIGIN
referrer-policy: unsafe-url
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: User-Agent
location: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6ac8bebd897443b8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 li.js Show response
www.workingadvantage.com/common_resources/js/ 25 KB
5 KB 37ms
37ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/common_resources/js/li.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9228e9660ad4173083cb4d622c22d33c09a1e5a99967a8c5dae1ffcc9259782

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 262
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Fri, 23 Jul 2021 18:54:32 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6519-5c7ceef16ea00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cc14ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 interaction_analytics.js Show response
www.workingadvantage.com/common_resources/js/ 5 KB
2 KB 35ms
34ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/common_resources/js/interaction_analytics.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f36ac7ef5717e0cd82cdc61235d73129dd8aa27246e0858f1dd526b23430f821

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 262
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Wed, 20 Oct 2021 13:13:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1510-5cec88aae19c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cc24ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H2 200 init.js Show response
initjs.rfk.workingadvantage.com/rfk/js/11273-152007103/ 15 KB
7 KB 336ms
113ms Script
application/javascript 54.236.154.122
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://initjs.rfk.workingadvantage.com/rfk/js/11273-152007103/init.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.154.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-154-122.compute-1.amazonaws.com
Software: gunicorn/19.6.0 /
Resource Hash: 790368acf998c4e913735f6ad69be0d2f644439f80a49cbe5bb316a1081d47ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
cache-control: max-age=600
content-type: application/javascript
server: gunicorn/19.6.0
content-encoding: gzip
expires: Thu, 11 Nov 2021 16:12:29 GMT

GET
H2 200 launch-3ef1ffa7e1d7.min.js Show response
assets.adobedtm.com/a281455e4dfe/1c19d10a0484/ 528 KB
135 KB 27ms
8ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/launch-3ef1ffa7e1d7.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3398ac1d4e6993bff6f885284cb8dcc1ce4c83fd0cdb50d48c6aa15c6d0949c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 13:23:30 GMT
server: AkamaiNetStorage
etag: "848b54f225930b1b472b0e3a4b7a98bb:1635945810.792468"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 137263
expires: Thu, 11 Nov 2021 17:02:29 GMT

GET
H3 200 reset.css
www.workingadvantage.com/css/ 1 KB
1 KB 35ms
34ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/reset.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d24d4a11bd569cd44e25a8c36341f9669fa448d55bbad6c993ac3362e852711

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 262
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 05 Sep 2017 19:27:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"443-558763704cd00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cc84ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 grid.css
www.workingadvantage.com/css/ 4 KB
1 KB 42ms
41ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/grid.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f45c73c0747a0f7b5e5eec6fbc6250a562a0a009b04012eaf80aa52d4e51a55a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 262
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Wed, 07 Jul 2021 13:26:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1161-5c6887b6ac500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32ccb4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 site.css
www.workingadvantage.com/css/ 56 KB
12 KB 30ms
29ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/site.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c6ff2453e82bbbe81b215b46fa26be3e4b0265fa18f28f44908504f4abe4123

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 262
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 17 May 2021 14:55:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"dfce-5c287c855e840"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32ccd4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 jquery-ui-1.10.3.custom.min.css
www.workingadvantage.com/css/ui-lightness/ 27 KB
6 KB 28ms
26ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/ui-lightness/jquery-ui-1.10.3.custom.min.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dcf743efbf47f310fd9243d9aa78f4c3f6ee8ea260ad2f3d17a4fdda2479ab7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 05 Sep 2017 19:26:59 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6a13-55876360166c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32ccf4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 chosen.min.css
www.workingadvantage.com/css/ 11 KB
3 KB 31ms
29ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/chosen.min.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40073d8997c3dd31bc10edfd8601660cad988a7601170e17b19f4331eaf5c6e9

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 05 Sep 2017 19:27:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2d72-558763704cd00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cd14ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 font-awesome.min.css
www.workingadvantage.com/css/ 27 KB
7 KB 43ms
41ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/font-awesome.min.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bcb0f820377a5dc80f3f43d991c950d5442ad601328305c0b52785c984bce48

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 05 Sep 2017 19:27:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6b38-5587637235180"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cd24ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 menu_default.css
www.workingadvantage.com/css/ 10 KB
2 KB 54ms
52ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/menu_default.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

176bfb0e73f4480f870fdf93e5f45624e7fc171b7d4adbc10d6475a382efd604

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Wed, 29 Jul 2020 12:58:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2700-5ab941b1dca80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cd64ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 register_enroll.css
www.workingadvantage.com/css/ 7 KB
2 KB 55ms
53ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/register_enroll.css?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9c1d54cd634cba994b1fc6060948e0b843354b01aefd178a51dc9c91ce1a8c1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 227
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Wed, 29 Jul 2020 12:58:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1d52-5ab941b1dca80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cd84ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
878 B 43ms
17ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,900

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

83a921154ba4d9cbb1666930210a10ea9757a344dd7774385ffa5af2ff2aabd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 15:25:09 GMT
server: ESF
date: Thu, 11 Nov 2021 16:02:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
593 B 44ms
18ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

731ee3bbaa9f2fd92879f9087c9fbbf7438d3a52595c6c8a8020bb2a69b7afd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 16:00:05 GMT
server: ESF
date: Thu, 11 Nov 2021 16:02:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
868 B 44ms
18ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito:300,400|Open+Sans:400,600

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

062550863ac201e15f06acde2a881de70f1873b624b6e5e8c6cb6204a3e95cce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 16:02:29 GMT
server: ESF
date: Thu, 11 Nov 2021 16:02:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H3 200 jquery-3.5.1.min.js Show response
www.workingadvantage.com/common_resources/js/ 87 KB
32 KB 51ms
49ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/common_resources/js/jquery-3.5.1.min.js

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 31 Aug 2020 15:45:29 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"15d84-5ae2e4aba3840"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cd94ee5-FRA

GET
H3 200 jquery-ui-1.12.1.custom.min.js Show response
www.workingadvantage.com/js/ 248 KB
68 KB 43ms
41ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/jquery-ui-1.12.1.custom.min.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f69ebbd9d36211cef558cb24f539fb4c6ad866dc603cdc8f588ee3f63dbe3b5d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 08 Jul 2019 13:02:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3def0-58d2b0df7b140"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cda4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 jquery-migrate-3.0.0.min.js Show response
www.workingadvantage.com/js/ 7 KB
3 KB 31ms
29ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/jquery-migrate-3.0.0.min.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a44b5727bd453959ba8f2ae37fd2359272b730ada09e80fb2a5bbffd086ef075

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 08 Jul 2019 13:02:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1bac-58d2b0df7b140"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cdc4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 chosen.jquery.min.js Show response
www.workingadvantage.com/js/ 25 KB
7 KB 61ms
60ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/chosen.jquery.min.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06708edc30f6877320af98a385a4350ad9769c1aca9d44f8a262acf0c6dfefbd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 05 Sep 2017 19:28:01 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6459-5587639b37240"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cdf4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 site.js Show response
www.workingadvantage.com/js/ 68 KB
17 KB 63ms
62ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/site.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

668aeb0f18d6cfd195670546ba5cc3d33de3fc6abfa5fc11364901fe2a6ad468

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 27 Jul 2021 14:39:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"11100-5c81bd5313f80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32ce14ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 menu_default.js Show response
www.workingadvantage.com/js/ 24 B
597 B 36ms
34ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/menu_default.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cd60e08308ac0d8d91d3cc2b6c4162607c6217b9e350e01854fbdbb70164747

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 24
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 07 Jan 2019 14:44:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "18-57edf427f5080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec32ce54ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 common.js Show response
www.workingadvantage.com/js/ 702 B
906 B 35ms
34ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/common.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e86ebaabaa7bfc75d8972d7446fd9cd23b28f5891fbfa0839ae6d1701af0e08

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 227
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 05 Sep 2017 19:28:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2be-5587639a43000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32ce74ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 countryprovinceselector.js Show response
www.workingadvantage.com/js/ 19 KB
4 KB 32ms
30ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/countryprovinceselector.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3c681a83aa4ab7a79e1b747baad02372b9182c4c28c8227f74a713ab1e48921

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 227
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 09 Sep 2019 14:07:09 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"4c9b-5921f4db67d40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32ce84ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 register_enroll_email_or_code.js Show response
www.workingadvantage.com/js/ 647 B
815 B 70ms
69ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/js/register_enroll_email_or_code.js?ebgcbv=116

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f9c44faecc50e0a4481d95801cf059a5b05d0ea70a096b204b9550ec9ce347a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 227
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 05 Sep 2017 19:28:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"287-5587639a43000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec32cea4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H2 200 1093992 Show response
cdnapisec.kaltura.com/p/1093992/sp/109399200/embedIframeJs/uiconf_id/23289491/partner_id/ 76 KB
21 KB 54ms
8ms Script
text/javascript 2a02:26f0:6c00:2ba::10fe
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnapisec.kaltura.com/p/1093992/sp/109399200/embedIframeJs/uiconf_id/23289491/partner_id/1093992?ebgcbv=116
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2ba::10fe Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e4e27006ed29a6f6eb25ecda4d4b02edd01cb89079333f47a7c527761a5bf664

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-kaltura: dumpUrl
x-me: ny-nvp1-fplay-4021, ny-nvp1-fplay-4021
date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
x-kaltura-session: 1223104268, 1636646322
content-length: 21602
pragma
last-modified: Thu, 11 Nov 2021 15:58:42 GMT
server: nginx
etag: d4da89ea1f50ea9df8a5cb6eee395ff9
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=396
x-robots-tag: noindex
expires: Thu, 11 Nov 2021 16:09:05 GMT

GET
H3 200 api.js Show response
www.workingadvantage.com/cdn-cgi/bm/cv/669835187/ 35 KB
9 KB 17ms
15ms Script
text/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/cdn-cgi/bm/cv/669835187/api.js

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=604800, public
cf-ray: 6ac8bec4a8594ee5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 loading2.gif
www.workingadvantage.com/img/ 2 KB
2 KB 43ms
41ms Image
image/gif 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/loading2.gif

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

448e99a570408c6cf2eda6133ec9ea7b86b8494120fc2ab35f7fbab75fefa5e8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1924
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 31 Mar 2014 19:04:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "784-4f5ebb8d61480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/gif
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4a85f4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 logo.png
www.workingadvantage.com/img/ 8 KB
9 KB 34ms
32ms Image
image/png 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/logo.png

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebb8b0b73ecae21b1840d76dbf4f67f96ac8e821d437166e74400227766ae75d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 260
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8509
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 10 Nov 2015 14:07:29 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "213d-524303aea0a40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4a8604ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 redeem_a_reward_button.png
www.workingadvantage.com/img/ 3 KB
3 KB 49ms
47ms Image
image/png 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/redeem_a_reward_button.png

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4071d8dd8df954a09136ddea2d3ee4fb20514e64f34afd206c9da33b5bb7250

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 227
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2961
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 22 Aug 2016 18:02:59 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "b91-53aacdbbdfac0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4a8624ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 enroll_featured.jpg
www.workingadvantage.com/img/ 45 KB
45 KB 25ms
23ms Image
image/jpeg 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/enroll_featured.jpg

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33cb692469df42cfecaf7569e66269c79f04411746fa5a2ea33fe0ae8f001bfa

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 227
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45756
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
expires: Sun, 12 Dec 2021 16:02:29 GMT
last-modified: Tue, 14 Feb 2017 19:58:07 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "b2bc-54882fb8fb1c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4a8644ee5-FRA
cf-bgj: h2pri

GET
H3 200 payment_option_logos.png
www.workingadvantage.com/img/ 12 KB
13 KB 55ms
52ms Image
image/png 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/payment_option_logos.png

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff90e45faf4f1517337648274a38902d62cb6e0ee6dc5961a41383d348608fa

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 260
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 12229
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Thu, 25 Feb 2016 16:23:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "2fc5-52c9a9ab9b200"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4a8674ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 email-decode.min.js Show response
www.workingadvantage.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
929 B 10ms
10ms Script
application/javascript 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Nov 2021 15:43:33 GMT
server: cloudflare
etag: W/"618945a5-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
strict-transport-security: max-age=5184000; includeSubDomains
cf-ray: 6ac8bec45fa34ee5-FRA
vary: Accept-Encoding
expires: Sat, 13 Nov 2021 16:02:29 GMT

GET
H/1.1 200
OK getSeal Show response
seal.godaddy.com/ 4 KB
2 KB 767ms
113ms Script
text/html 173.201.201.4
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://seal.godaddy.com/getSeal?sealID=3sWmy8slw8uXQfXoEpQqdaAxBbiNOJPDKWJ8kKHGPR6VEFMdHwSJDuWFLucG
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.201.201.4 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-173-201-201-4.ip.secureserver.net
Software: Apache /
Resource Hash: 2731279a7d1a73e9f9337cb97c35568e9a86ccb378050fbaa06824b991642bd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Expires: Thu, 11 Nov 2021 20:02:29 GMT

GET
H3 200 seal_chase_paymentech.png
www.workingadvantage.com/img/ 22 KB
23 KB 35ms
32ms Image
image/png 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/seal_chase_paymentech.png

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b4c3f4c48f128e247706a610fd46ac8164ca7bed2a6d6e3b0564b253348ed5f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 260
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 23031
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Thu, 12 Nov 2020 17:12:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "59f7-5b3ec039fa080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4a8684ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 seal_alert_logic.png
www.workingadvantage.com/img/ 79 KB
80 KB 38ms
36ms Image
image/png 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/seal_alert_logic.png

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe56b80ead65e2a7d73f02da98bfd21557555823ac2da75aae27e3966a8429df

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 260
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 81182
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Thu, 12 Nov 2020 17:12:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "13d1e-5b3ec039fa080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4a86a4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:29 GMT

GET
H3 200 logo.svg
www.workingadvantage.com/img/ 7 KB
3 KB 35ms
33ms Image
image/svg+xml 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/img/logo.svg

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c8b033cc69116a4670f6828ace15adda22d4d3ed1bb17e31daea73abbdfbede

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 259
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 27 Aug 2018 15:48:45 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1d49-5746ca90c5140"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=7776000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec4a86d4ee5-FRA
expires: Wed, 09 Feb 2022 16:02:29 GMT

GET
H/1.1 200
OK form.css
ebgcc.brightpattern.com/clientweb/chat-client-v4/css/ 3 KB
3 KB 464ms
153ms Stylesheet
text/css 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/chat-client-v4/css/form.css

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4471d3760ad27b466ca99f4e9ac126ee8d9eb24d7d9989561b12e40ca118dcf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Last-Modified: Fri, 08 Oct 2021 20:26:04 GMT
Server: nginx/1.21.3
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2620

GET
H/1.1 200
OK init.js Show response
ebgcc.brightpattern.com/clientweb/chat-client-v4/js/ 6 KB
7 KB 461ms
152ms Script
application/javascript 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/chat-client-v4/js/init.js

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

ed953262370c9dd1f14474cc6d4c24d6f7ef4a2327f419acb656a02ee26b1ea6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Last-Modified: Fri, 08 Oct 2021 20:26:04 GMT
Server: nginx/1.21.3
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6602

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 25ms
8ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&ts=1636646549099
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&ts=1636646549099

388 B
1 KB

32ms
32ms

XHR
application/json

63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&ts=1636646549099

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

42ec2b6b24321ff62530ffbd0ea49a49bcb3fc1ea8dbdeec8da73fcd222ed1e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-0a22ddc4b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 0kXIPZcSTvQ=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.workingadvantage.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 323
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v019-0920decde.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.workingadvantage.com
X-TID: CAkoBBFbS+4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&ts=1636646549099
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/ 33 KB
12 KB 11ms
9ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/launch-3ef1ffa7e1d7.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 02e1c4508320ee6bc6b884c4de9a0d73e541b6735fa139cbd957a27f42c72140

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 19:44:20 GMT
server: AkamaiNetStorage
etag: "b135e36e0ffbaaaebca4ed5a17a3a5c5:1631821460.47263"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12201
expires: Thu, 11 Nov 2021 17:02:29 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/ 3 KB
2 KB 11ms
10ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP6326e4d6b32f4a71ad5204459cc57d66/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/launch-3ef1ffa7e1d7.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a176b44662d7eb55562527b7df840e6eb620d9f326989674a16f0765dc94f360

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 19:44:20 GMT
server: AkamaiNetStorage
etag: "92ba45f9116eed843514845165336fae:1631821460.690196"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1594
expires: Thu, 11 Nov 2021 17:02:29 GMT

GET
H2 200 sync Show response
live.rezync.com/ 5 KB
5 KB 199ms
164ms Script
application/javascript 143.204.98.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=709a910d70f1371b086451223dfeb219&zmpID=ebg-wa&cache_buster=1636646549156&k=ebg-wa-pixel-6542&custom3=account%3A%20enroll&custom4=register_enroll
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-95.fra50.r.cloudfront.net
Software: lighttpd/1.4.33 /
Resource Hash: 95e2976580ffd853ecf923bd973fbc89955dbc61fd286428a0fa3d2640444c27

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
server: lighttpd/1.4.33
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/javascript
content-length: 4611
x-amz-cf-id: gWhZkxrDIGcjbPj0nyGnibF_ZWkPjeK2iA4GUnh-rvlQNgNvdMzRKQ==

GET
H3 200 bootstrap4.min.css
www.workingadvantage.com/css/bootstrap/ 153 KB
23 KB 26ms
25ms Stylesheet
text/css 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/bootstrap/bootstrap4.min.css

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/css/site.css?ebgcbv=116

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f7d6357a349f9b2e41547131f5dd5d1098529d07473a2b59220201c1602c8aa

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/css/site.css?ebgcbv=116
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Tue, 28 Apr 2020 14:20:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"262f2-5a45a8a02bb40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec44f784ee5-FRA

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
24 KB 32ms
8ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.workingadvantage.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 12:11:32 GMT
x-content-type-options: nosniff
age: 13857
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 11 Nov 2022 12:11:32 GMT

GET
H3 200 lato-italic-webfont.woff
www.workingadvantage.com/css/fonts/ 29 KB
30 KB 53ms
52ms Font
font/opentype 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/fonts/lato-italic-webfont.woff

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/css/site.css?ebgcbv=116

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

962f868106ea626a1e0a64e7269fc0a017a46e8fbf995a9580caed4e29f58520

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.workingadvantage.com/css/site.css?ebgcbv=116
Origin: https://www.workingadvantage.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4996349
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 29984
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Wed, 05 Feb 2014 21:28:51 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "7520-4f1af71672ac0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: font/opentype
vary: Accept-Encoding
cache-control: public, max-age=7776000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4b88a4ee5-FRA
expires: Wed, 09 Feb 2022 16:02:29 GMT

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
22 KB 33ms
15ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.workingadvantage.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 15:26:11 GMT
x-content-type-options: nosniff
age: 261378
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:56 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 08 Nov 2022 15:26:11 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v40/ 16 KB
16 KB 30ms
12ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v40/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.workingadvantage.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 04 Nov 2021 22:35:19 GMT
x-content-type-options: nosniff
age: 581230
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16016
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:16:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 04 Nov 2022 22:35:19 GMT

GET
H3 200 lato-bold-webfont.woff
www.workingadvantage.com/css/fonts/ 32 KB
32 KB 36ms
35ms Font
font/opentype 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/css/fonts/lato-bold-webfont.woff

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/css/site.css?ebgcbv=116

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2eec22fcd09b2b38293ffa6f773ffbe507618a06c2f422c077ae565b15f9e6a5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.workingadvantage.com/css/site.css?ebgcbv=116
Origin: https://www.workingadvantage.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 258
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 32392
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Wed, 05 Feb 2014 21:28:48 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "7e88-4f1af71396400"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: font/opentype
vary: Accept-Encoding
cache-control: public, max-age=7776000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8bec4b88d4ee5-FRA
expires: Wed, 09 Feb 2022 16:02:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 35ms
11ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 115
date: Thu, 11 Nov 2021 16:00:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 11 Nov 2021 18:00:34 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
47 KB 45ms
22ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W9THHDH

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d7d2bed3257f7de22dbe0a2e0871329e06313b930a860a1a559508d7733cb4a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47254
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 15:24:52 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H2 200 913a7fd6-dc0a-49da-96d8-8f73cb55b75c.js Show response
cdn.mouseflow.com/projects/ 175 KB
58 KB 23ms
7ms Script
application/javascript 23.111.9.38
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mouseflow.com/projects/913a7fd6-dc0a-49da-96d8-8f73cb55b75c.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.38 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: cbb7efa55c925ce495c64155705a2cfd6a7d073ac5bfd5a1f90f7a013e00e7d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
last-modified: Fri, 05 Nov 2021 16:00:48 GMT
server: NetDNA-cache/2.2
etag: W/"1987714c5ed2d71:0"
x-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400

POST
H3 200 li.php Show response
www.workingadvantage.com/common_resources/ 460 B
935 B 877ms
877ms XHR
application/json 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/common_resources/li.php

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

415eb502436bc46c52fb7c201fb0d0c9631b6e1cc61557074a53bc865565ea28

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
X-NewRelic-ID: XA4PUldACQMDUlhRAQc=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa OUR OTR IND DSP IDC COR"
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: unsafe-url
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent
content-type: application/json
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec5394c4ee5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 8ms
8ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Sat, 19 Feb 2022 16:02:29 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
216 B 15ms
14ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=851341568&t=pageview&_s=1&dl=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&ul=en-us&de=UTF-8&dt=Working%20Advantage%20-%20Employee%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAAC~&jid=732078295&gjid=1964215255&cid=1089567603.1636646549&tid=UA-4045288-1&_gid=1914361460.1636646549&_r=1&_slc=1&z=1983364292

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dest5.html Show response
entertainmentbenefitsgroupllc.demdex.net/ Frame F12E 7 KB
3 KB 127ms
31ms Document
text/html 54.171.163.246
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://entertainmentbenefitsgroupllc.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.163.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Thu, 11 Nov 2021 16:02:29 GMT
DCS: dcs-prod-irl1-2-v019-014acb01f.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 14 Oct 2021 11:09:01 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: RwjaHKAaRZo=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
smetrics.workingadvantage.com/ 48 B
521 B 62ms
18ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.workingadvantage.com/id?d_visid_ver=5.3.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=55623312877831268580681044055305096977&ts=1636646549371

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

959f258fa004f31508253dba2d6dfd28a8ca400c8cf281fe6aafdb5ef0f08bcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6988cccb6f-v5t47
vary: Origin
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.workingadvantage.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YY0_lQAAAIHq3AQp
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=55657467707516065170684355911014020782
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY0_lQAAAIHq3AQp

42 B
945 B

34ms
34ms

Image
image/gif

63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY0_lQAAAIHq3AQp

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-0a22ddc4b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 9Y35GebIRlo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY0_lQAAAIHq3AQp
Date: Thu, 11 Nov 2021 16:02:29 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
starget.workingadvantage.com/rest/v1/ 1 KB
877 B 113ms
40ms XHR
application/json 34.250.124.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://starget.workingadvantage.com/rest/v1/delivery?client=entertainmentbenefit&sessionId=2b2c11a2d5f549a680c9a5f03d5912a1&version=2.6.1
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.124.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-124-91.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7f6ca2ce4df95696aa0bfcbc4b77a7e5b69f248fa3d4ff6789d479800a863ec4

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.workingadvantage.com
date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
access-control-allow-credentials: true
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
x-request-id: e8c3e5638303c50f72ac539223ea6f37
content-type: application/json;charset=UTF-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
449 B 45ms
16ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-4045288-1&cid=1089567603.1636646549&jid=732078295&gjid=1964215255&_gid=1914361460.1636646549&_u=IEBAAAAAAAAAAC~&z=1109910073

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 11 Nov 2021 16:02:29 GMT
content-type: text/plain
access-control-allow-origin: https://www.workingadvantage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php... Show response
6479484.fls.doubleclick.net/ Frame 1B58
Redirect Chain

https://6479484.fls.doubleclick.net/activityi;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.p...
https://6479484.fls.doubleclick.net/activityi;dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fww...

612 B
494 B

47ms
32ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6479484.fls.doubleclick.net/activityi;dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9THHDH

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

2e41da27e9d30c228f36a70b8586fcd0e2703992b033817fe25156eb2dcb1425

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 469
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://6479484.fls.doubleclick.net/activityi;dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

activityi;dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2... Show response
9767737.fls.doubleclick.net/ Frame 12FF
Redirect Chain

https://9767737.fls.doubleclick.net/activityi;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A...
https://9767737.fls.doubleclick.net/activityi;dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantag...

654 B
500 B

48ms
33ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9767737.fls.doubleclick.net/activityi;dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9THHDH

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

7342a08b82a2fbc6abfc2845dbe59c85c979350bda0904d9d68e6217f2b8c1a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 475
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9767737.fls.doubleclick.net/activityi;dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200 spx Show response
dx.steelhousemedia.com/ 16 KB
5 KB 684ms
170ms Script
application/javascript 44.236.162.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.steelhousemedia.com/spx?dxver=4.0.0&shaid=23005&tdr=&plh=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&cb=36506817757522024
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.236.162.197 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-236-162-197.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: b85eb5599c7088890a87ff4b4aa2bf1d9d476f0ed69cb74ce907d7cb4544cde2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
connection: close
content-type: application/javascript;charset=utf-8
vary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-701690947

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

15bd54ace92a04738adb0e5f33c21472369b9ce4a69fdee95f477f7231d0008c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39810
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 15:24:52 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 11 Nov 2021 16:02:29 GMT

POST
H/1.1 200
OK visitWebPage
409-bcn-480.mktoresp.com/webevents/ 2 B
311 B 623ms
157ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://409-bcn-480.mktoresp.com/webevents/visitWebPage?_mchNc=1636646549420&_mchCn=&_mchId=409-BCN-480&_mchTk=_mch-workingadvantage.com-1636646549419-56701&_mchHo=www.workingadvantage.com&_mchPo=&_mchRu=%2Faccount.php&_mchPc=https%3A&_mchVr=161&_mchEcid=B5F9FF2554F608410A4C98C6%40AdobeOrg%3A6%3A55623312877831268580681044055305096977&_mchHa=&_mchRe=&_mchQp=utm_campaign%3Dthe-elf-on-the-shelf__-__utm_source%3Demail__-__utm_medium%3DNovember-11-2021-MME__-__sub%3Denroll
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 88c3178f-7d5e-4ef6-90ea-3443a3a6b390

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 54ms
10ms Script
application/x-javascript 2600:9000:2156:8a00:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:8a00:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:06 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 16:01:56 GMT
server: Jetty(9.3.29.v20201019)
age: 23
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: dcWtUAiAG4okhvxF4vSOD4yi-qXu36Okwoq5N4512e0ShovAUZWu2w==
expires: Thu, 11 Nov 2021 17:02:06 GMT

GET
H/1.1 200
OK / Show response
com-workadv.netmng.com/ 7 KB
4 KB 490ms
205ms Script
text/javascript 199.38.167.35
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://com-workadv.netmng.com/?aid=6323&siclientid=105193&url=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&p5=account%3A%20enroll&p6=register_enroll&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.38.167.35 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: openresty /
Resource Hash: 71966c141628e8fb90d63a4359f4277705604060cb605b82d6eab9ab8561345c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Nov 2021 16:02:30 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Nov 2021 16:02:29 GMT
Server: openresty
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=UTF-8
Expires: Tue, 09 Nov 2021 16:02:29 GMT

GET
H/1.1 200
OK p13n.min.js Show response
cdn.boomtrain.com/p13n/ebg-wa/ 74 KB
24 KB 44ms
8ms Script
application/javascript 143.204.98.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.boomtrain.com/p13n/ebg-wa/p13n.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-63.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 12a707e11e2dc4d9b49d1a98cf484363b1549a6914a387a9c96d27679d285849

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: bLcLTcFA_oHxMAP31hbRVIu7KSbuEkOC
Content-Encoding: gzip
ETag: W/"03cbd84e539f4c48d168f3c70ac3319e"
Age: 1661
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 08 Nov 2021 01:32:14 GMT
Server: AmazonS3
Date: Thu, 11 Nov 2021 15:59:57 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e5.cloudfront.net (CloudFront)
Cache-Control: public, max-age=3600
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: O1qVYLQKCHy25X_WJX1OzzMFyMjzqBa5mvenI17Yu7CIe6aIKGhSuQ==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 54ms
30ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-4045288-1&cid=1089567603.1636646549&jid=732078295&_u=IEBAAAAAAAAAAC~&z=762422324

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 58ms
30ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-4045288-1&cid=1089567603.1636646549&jid=732078295&_u=IEBAAAAAAAAAAC~&z=762422324

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 59ms
36ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

1b5f1cf2147c10f37ac1e6a14635b8fcda9a5569e2492152a08ed6fe781d6db2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14366
x-xss-protection: 0
server: cafe
etag: 5620846958848637340
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H/1.1 200
OK resolve Show response
people.api.boomtrain.com/identify/ 118 B
433 B 407ms
108ms XHR
application/json 34.230.174.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiZWQ0ZmQ5NzQtN2EzYS00MWJjLTk5YzktY2FkMTUzYTM3NjBhOjE2MzY2NDY1NDkuMzQifX0%3D&site_id=ebg-wa
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.174.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-174-180.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8ee63a750f57ce65ec067b31f90944bc96b3401d74ca1eb6a3e59cd593e9e7f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Server: nginx
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Content-Length: 118

GET
H/1.1 200
OK ca.html Show response
20835101p.rfihub.com/ Frame 55E1 3 KB
4 KB 345ms
92ms Document
text/html 199.38.167.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20835101p.rfihub.com/ca.html?ver=9&rb=42748&ca=20835101&pid=&pname=&ptype=&cust4=account%3A%20enroll&cust5=register_enroll&cust6=&cust7=&cust8=&cust9=&cust10=&cust11=&cust12=&cust13=&cust14=&cust15=&cust16=&cust17=&cust18=&cust19=&pe=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&pf=&ra=2721524907463566
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 199.38.167.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 32287886b3a7ef7c746b99c63f4ab7de572079f36181e014784b5d76c6db9847

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 2899
Server: Jetty(9.3.29.v20201019)

GET
H2 200 dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_cam... Show response
adservice.google.com/ddm/fls/i/ Frame 9286 611 B
540 B 70ms
45ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Requested by

Host: 6479484.fls.doubleclick.net
URL: https://6479484.fls.doubleclick.net/activityi;dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e27ed0586477a2724e3f1c61203f05504cbd696b7b76c6a2e28e8ccff860ab5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://6479484.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 470
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.wo... Show response
adservice.google.com/ddm/fls/i/ Frame 6F28 653 B
945 B 68ms
45ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Requested by

Host: 9767737.fls.doubleclick.net
URL: https://9767737.fls.doubleclick.net/activityi;dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e44d42d92186898bf5ef70ec41e22b3f1c9ee6d3235c8d0101dd2630ea75eb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://9767737.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 476
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/701690947/ 2 KB
2 KB 105ms
82ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/701690947/?random=1636646549553&cv=9&fst=1636646549553&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oab80&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&tiba=Working%20Advantage%20-%20Employee%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8563a7e5543cf346f564f0c21f1bfab0a96b9cfda172bb1df091b5e546d86e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1124
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 reflektion.js Show response
d26opx5dl8t69i.cloudfront.net/js/ 129 KB
53 KB 38ms
10ms Script
text/javascript 143.204.101.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d26opx5dl8t69i.cloudfront.net/js/reflektion.js?t=909242
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-87.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37a013e390c9cefbded3a14025a985b268d2445f9bfbac9dc06ff54c084d8661

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 23:02:54 GMT
content-encoding: gzip
age: 2566776
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 54137
last-modified: Tue, 12 Oct 2021 23:01:06 GMT
server: AmazonS3
etag: "4789063576e3ebaa438d87a459701947"
x-amz-version-id: c.PfklEd0Q5eLSQQXbta0HNUL1wSHOj3
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
cache-control: max-age=31556926
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: text/javascript
x-amz-cf-id: Gz60LR4mEEenPxB5KuWN00R3djREJIzKWNurCoGs0R4saqaGpdmDOQ==

GET
H2 200 jquery-3.4.1.m.1588889810.js Show response
d26opx5dl8t69i.cloudfront.net/js/ 95 KB
33 KB 10ms
10ms Script
application/javascript 143.204.101.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d26opx5dl8t69i.cloudfront.net/js/jquery-3.4.1.m.1588889810.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-87.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bed9883e3afc4f01beb8391653527dc2d5c8cfb3b1869dceebb7334142158fbf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 23:17:18 GMT
content-encoding: gzip
age: 6453912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 33438
last-modified: Thu, 07 May 2020 23:27:22 GMT
server: AmazonS3
etag: "61160be211038e73a64c8ba4e71d34a0"
x-amz-version-id: _4v6jx9BkibaPZt1vz0EmKTjiKsKT5tF
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
cache-control: max-age=31556926
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: BvXMl1F5vuC9MJAhf2Vy12hGHQxuWQCtU51kaflzj3v63GUpZTNllA==

GET
H2 200 an
alweb.rfk.workingadvantage.com/rfkj/1/11273-152007103/ 44 B
163 B 337ms
120ms Image
image/gif 54.236.99.14
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alweb.rfk.workingadvantage.com/rfkj/1/11273-152007103/an?data=1,uO9GsO8W8z8Mcz4Jcj0Jcj8Jtz4yb29Qt28W8BtLsCJFrCswgmhSomVQomtB82QwhmRMr6ZVpmkwh6BPoSZRrDhP8yMytmBA8zEycjkOc30Tcj0PbntGbmkTbjhUbj5MbnlDrPsTsm4TqCgMcCtKcClCpmNDbj4ScPoSd3oRd3AScj4yb29EsO8W8DtTtOVTrT9HqmVDomhSomVQomtBbCdLri8I8DlOqi8W8yZxoSdLtmVQbD1Es3ZRt6RvoS5Js65FpSUZt6xBbmlIpyRLryRQq6kJsSxBr6oCtnhJnTdLtn9zpjRBrm5Fr2pRt6RvrmlAqnlJfkVLtClJoClObj4Nbj8Mcz4JjkR59DdRozRBrD9Lr6Myb29Qs7cyez4ScPoSd3oRd3AScj4I8DhzsO8WcjoPdzoQdzkQejoNciMytCcyez4I8D1z8zENb29Ss6cyez4I8DgMs28WcjoPdzoQdzkQdP4Pe2Myt31F8zENdzcSdzgSdjgVdjkVb29Qc28WcjoPdzoQdzkQejoNciMyt7dF8zENdzcSdzgSdjgVdj0Mb29Pqmgyey8Nc3kObzsMbzgUbz4Re30NbzcOe38PbCdzojBCc6gOdjwTcyQRdOQOc38Ncj4NciUNcP8Mcj8yb29zoO8WczAPd3sI8CdQ8zENdzcSdzcTcj4Rbz8I8D9zoO8WczAMejoI8CdPs28WuO9y8zEMb29Q8zEMb29Ps28Wc2MyoO8Wc7QI8DhW8zEMb29DpmYyeDIyoO8W8AtRrDFBrCxxtndBry8I8DhW8zENb29Fs28W8z4Se2UNcjAKczkKcjAR8yMyry8W8Ah58yMysy8W8A9xumlOry8I8DEyey9erThvkTlMs6ZOt6lA8DQI8Dlxq28W8zkTrSMPpDEUe6pxu28I8C9MsO8WmO9He6Bxu6gTpjsVdSwyb28Ten0UdzdCejkUdTgyb29HqSMRej1MdmpyoT0yniMysT8yeBINdz0Mb34Oc31tb29TsO8WmP4Sc30Icj8Mc5QI8Cgyey9MoO8I8ANzqO8Wcj8MdyMyoDdP8zEycj4N8yMyj6NP8zERd3gI8ANPsO8We38Ob29Msy8W8ChFsClzt28I8D9Pti8W8z4yb29zoSIyey9KflZDoONCfmtzb7cZciNzfj8Ve3AIt78Zej0IsCUZdjoOb7hPfj8Mcz4Ncj4Nbz4Sc38Ip3RMoONPtjQNeSUZsS8Nb6oZsS8IsPQNb6cZcz0NciNQfj8McjwNcz0Sbz0MdjgXrzROtP4IpzROtONPfj4IoPQOdPsTb7gZcz0Ocj0Rc3sKc3sQdO8I8Dgyez4ScPoSd3oRd3AScPcI8Dpxr7lB8zFX8CdLrDhBu7gyeDIysThLsCkyeDIypT9Ltn1vqmgyey8Od3AU8yMyqmgyey8M8DRZvnQ,&C=1,uO8AuSxZb2hXt7QI97JAviNRsSlO8zENb28AuSxZb2hXl7QI97JAviNRsSlO8zENb28AuSxZb2hXt7QI97JAviNFrCBQqDcyez4I8yhXq7QI97JQviMAuShZb7pFpnsyez4I8yhXq7QI97JkviMAuShZb79PtjENb71SqmlT8zENb28AuSxZb2hXt7QI97JAviNSqndFt28WciMy97JEviMAuRhZb2hXp7QIp7gNs7gMs3EN8zENb28AuSxZb2hXl7QI97JAviNAt31Qcn0Wc28WciMy97JEviMAuRhZb2hXp7QIp7gMt31Fez0yez4I8yhXq7QI97JkviMAuShZb71zez4yez4I8ChE8zEycjkOc30Tcj0P8yMyp28W8D1z8DQ,&N=1,uO9OsTkyey8N8DQ,&t=1636646549634
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.99.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-99-14.compute-1.amazonaws.com
Software: gunicorn/19.6.0 /
Resource Hash: d1c4aa4fc27ca65d42b693b60f19546c4a50c002394c364dbbef45710858df7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
last-modified: Wed, 19 May 2021 07:43:58 GMT
server: gunicorn/19.6.0
content-length: 44
content-type: image/gif

GET
H2 200 s11227095429187
smetrics.workingadvantage.com/b/ss/entbenworking/1/JS-2.22.2-LBWB/ 43 B
334 B 19ms
18ms Image
image/gif 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.workingadvantage.com/b/ss/entbenworking/1/JS-2.22.2-LBWB/s11227095429187?AQB=1&ndh=1&pf=1&t=11%2F10%2F2021%2016%3A2%3A29%204%200&sdid=14196C82A0B704E2-548AEB9DD95E0AE6&mid=55623312877831268580681044055305096977&aamlh=6&ce=UTF-8&ns=entertainmentbenefits&cdp=2&fpCookieDomainPeriods=2&pageName=account%3A%20enroll&g=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&cc=USD&ch=account&server=www.workingadvantage.com&v0=ga%7Cemail%7Cnovember-11-2021-mme%7Cthe-elf-on-the-shelf%7C%7C&events=event10%2Cevent67&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=account&h1=WorkingAdvantage&c4=enroll&v4=D%3Dc4&c6=desktop&c7=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3Dnovember-11-2021-mme%26sub%3Denroll&c9=anonymous&v9=Thursday%20-%2011%3A00AM&c10=register_enroll&c11=not%20logged%20in&c12=Working%20Advantage%20-%20Employee%20Discounts&c13=2498%7CWorkingAdvantage.com%20Site&v13=2498&c15=the-elf-on-the-shelf&v15=D%3Dc15&c16=email&v16=D%3Dc16&c17=november-11-2021-mme&v17=D%3Dc17&c29=wa&v37=D%3Dc11&c46=November%7C11%7C2021%7CThursday%7C11%7C02%7CAM%7CWeekday%7CMorning&c47=account%3A%20enroll&v61=55623312877831268580681044055305096977&c66=%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3Dnovember-11-2021-mme%26sub%3Denroll&c67=%2Faccount.php&c68=%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3Dnovember-11-2021-mme%26sub%3Denroll&c73=mty4ljexos4yns4xotu%3D&c74=wa%7Ccorp%7Caccount%7Csub%3Denroll&v85=D%3Dc7&v88=D%3Dc73&v96=D%3Dc47&v97=D%3Dc13&v98=D%3Dc46&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&AQE=1

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 12 Nov 2021 16:02:29 GMT
server: jag
xserver: anedge-6988cccb6f-692gf
etag: 3514671702647177216-4619885858571723928
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 10 Nov 2021 16:02:29 GMT

GET
H2 200 RC99c39b8088f34dd0a7fed9a34a10c2e6-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/ 1019 B
846 B 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/RC99c39b8088f34dd0a7fed9a34a10c2e6-source.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8620213452b7d6c72d828a0f23894a324345cfbfa46759a54b357274c519606e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 13:23:31 GMT
server: AkamaiNetStorage
etag: "7fa29e6958917f091283bd7a69da5fbd:1635945811.617187"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 573
expires: Thu, 11 Nov 2021 17:02:29 GMT

GET
H/1.1 200
OK page-lib.min.js Show response
ebgcc.brightpattern.com/clientweb/chat-client-v4/build/ 16 KB
8 KB 153ms
153ms Script
application/javascript 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/chat-client-v4/build/page-lib.min.js

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

a573a5c7e757fc9ff9bb66611d63178290d28423fa744badb37f71459e8910bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Oct 2021 20:26:04 GMT
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 200 dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.wo... Show response
adservice.google.de/ddm/fls/i/ Frame 6F60 194 B
287 B 82ms
45ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COH0z8HXkPQCFUTV7Qodbp8HiA;src=9767737;type=retarget;cat=wa-si0;ord=7096583520077;gtm=2wgb80;auiddc=1490200210.1636646549;u6=www.workingadvantage.com%2Faccount.php;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
expires: Thu, 11 Nov 2021 16:02:29 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3

200

dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_cam... Show response
6479484.fls.doubleclick.net/ddm/fls/r/ Frame 7845
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workin...
https://6479484.fls.doubleclick.net/ddm/fls/r/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fww...

351 B
309 B

35ms
34ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6479484.fls.doubleclick.net/ddm/fls/r/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

5a4cb3e40e997262cdaca83b631a64058872bbc368dd5f0af88cbd10cad927b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
expires: Thu, 11 Nov 2021 16:02:29 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 286
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 11 Nov 2021 16:02:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://6479484.fls.doubleclick.net/ddm/fls/r/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.google.com/pagead/1p-user-list/701690947/ 42 B
154 B 22ms
21ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/701690947/?random=1636646549553&cv=9&fst=1636646400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oab80&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&tiba=Working%20Advantage%20-%20Employee%20Discounts&async=1&fmt=3&is_vtc=1&random=2484984088&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/701690947/ 42 B
154 B 22ms
21ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/701690947/?random=1636646549553&cv=9&fst=1636646400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oab80&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&tiba=Working%20Advantage%20-%20Employee%20Discounts&async=1&fmt=3&is_vtc=1&random=2484984088&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 countryprovince.php Show response
www.workingadvantage.com/ 39 KB
4 KB 343ms
343ms XHR
text/xml 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/countryprovince.php

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0fd47cbb9eb97c56ea50c860db6359d34448da5bbeb28fedad3e81d03cd39a5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: XA4PUldACQMDUlhRAQc=
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: unsafe-url
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent
content-type: text/xml; charset=ISO-8859-4
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8bec79ea34ee5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 mwEmbedFrame.php Show response
cdnapisec.kaltura.com/html5/html5lib/v2.90/ 189 KB
57 KB 8ms
7ms Script
text/javascript 2a02:26f0:6c00:2ba::10fe
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnapisec.kaltura.com/html5/html5lib/v2.90/mwEmbedFrame.php?&wid=_1093992&uiconf_id=23289491&cache_st=1504033729&entry_id=1_vcy14csy&playerId=kaltura_player_1504033729&forceMobileHTML5=true&urid=2.90&protocol=https&callback=mwi_kalturaplayer15040337290
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2ba::10fe Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1d2edf6bcea702bd9c3df09ecdc7fc9c7559ff143c4e7c051ed386db71fa463b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-me: ny-nvp1-fplay-c183
date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
server: nginx
etag: 62da596af4a6edd70c206de9dc58850d
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=320
x-robots-tag: noindex
content-length: 58499
expires: Thu, 11 Nov 2021 16:07:49 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 47ms
11ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 18 Nov 2021 16:02:29 GMT

GET
H2 200 load.php Show response
cdnapisec.kaltura.com/html5/html5lib/v2.90/ Frame DAE7 3 MB
691 KB 17ms
16ms Script
text/javascript 2a02:26f0:6c00:2ba::10fe
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnapisec.kaltura.com/html5/html5lib/v2.90/load.php?debug=false&lang=en&modules=Hlsjs%2CPolyfill_Set%2CacCheck%2CacPreview%2Cbase64_decode%2Cbase64_encode%2Cclass%2CcontrolBarContainer%2CcurrentTimeLabel%2CdurationLabel%2CexpandToggleBtn%2Cid3Tag%2CkAnalony%2Ckdark%2CkeyboardShortcuts%2CkgitGuard%2ClargePlayBtn%2CliveStream%2CmatchMedia%2CmorePlugins%2CnativeBridge%2CplayPauseBtn%2Cpolyfill_Array_filter%2CqualitySettings%2CreportError%2Cscreenfull%2Cscrubber%2CsideBarContainer%2CsourceSelector%2CstatisticsPlugin%2CtopBarContainer%2CunMuteOverlayButton%2Cutf8_encode%2CvolumeControl%7Cjquery.client%2Ccolor%2Ccookie%2Cdebouncedresize%2ChoverIntent%2CmessageBox%2CmwEmbedUtil%2CmwExtension%2CnaturalSize%7Cjquery.ui.core%2Cmouse%2Cposition%2Cslider%2Ctooltip%2CtouchPunch%2Cwidget%7Cmediawiki.Uri%2CUtilitiesTime%2CUtilitiesUrl%2Cclient%2CjqueryMsg%2Ckmenu%2Clanguage%2Cutil%7Cmediawiki.util.tmpl%7Cmw.EmbedPlayer%2CEmbedPlayerImageOverlay%2CEmbedPlayerKplayer%2CEmbedPlayerNative%2CEmbedPlayerNativeComponent%2CEmbedTypes%2CKAnalytics%2CKBaseButton%2CKBaseComponent%2CKBasePlugin%2CKBaseSmartContainer%2CKCuePoints%2CKDPMapping%2CKEntryLoader%2CKWidgetSupport%2CKalturaIframePlayerSetup%2CMediaElement%2CMediaPlayer%2CMediaPlayers%2CMediaSource%2CPlayerElement%2CPlayerElementFlash%2CPlayerElementHTML%2CPluginManager%7Cmw.MwEmbedSupport.style&pskwidgetpath=..%2Fkwidget-ps%2F&skin=no-theme&version=20210805T073204Z&*&protocol=https&wid=_1093992
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2ba::10fe Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f07a8bec2143aba541175e64caca4da75c723e53f09fa39854d47631bb9453b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-me: ny-nvp1-fplay-b9dc
date: Thu, 11 Nov 2021 16:02:29 GMT
content-encoding: gzip
last-modified: Sat, 30 Oct 2021 09:32:35 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1531818, s-maxage=2592000
x-robots-tag: noindex
content-length: 705478
expires: Mon, 29 Nov 2021 09:32:47 GMT

GET
DATA 200
OK truncated
/ Frame DAE7 159 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 791fd110609c55ba57308b2b152520619e48cda3ef61de34ba7b4ed7b4d87b98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 result Show response
www.workingadvantage.com/cdn-cgi/bm/cv/ 0
521 B 15ms
14ms XHR
text/plain 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/cdn-cgi/bm/cv/result?req_id=6ac8bebfccbe4ee5

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

X-NewRelic-ID: XA4PUldACQMDUlhRAQc=
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=5184000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
date: Thu, 11 Nov 2021 16:02:29 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-ray: 6ac8bec8481a4ee5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 rules-p-zhY3S1asLzBpZ.js Show response
rules.quantcount.com/ 2 B
355 B 37ms
9ms Script
application/javascript 2600:9000:2156:400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-zhY3S1asLzBpZ.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 15:42:07 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
server: AmazonS3
age: 1221
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA50-C1
content-length: 2
x-amz-cf-id: kPwF3uDSQIFq657zBUb-SOanQMpS7ezjcw4MiNpgkUw2RJ_IHjW7iw==

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame 7845
Redirect Chain

https://secure.adnxs.com/seg?add=8083872&t=2
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D8083872%26t%3D2

43 B
1023 B

13ms
13ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D8083872%26t%3D2

Requested by

Host: 6479484.fls.doubleclick.net
URL: https://6479484.fls.doubleclick.net/ddm/fls/r/dc_pre=CKTUz8HXkPQCFVnk7Qod_kICXQ;src=6479484;type=retarget;cat=worki0;ord=6218058503826;gtm=2wgb80;auiddc=1490200210.1636646549;~oref=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://6479484.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Nov 2021 16:02:29 GMT
X-Proxy-Origin: 168.119.25.195; 168.119.25.195; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 84360a93-967d-4980-8fe1-8bcf212c2d99
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 11 Nov 2021 16:02:29 GMT
X-Proxy-Origin: 168.119.25.195; 168.119.25.195; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 618ace1f-8c22-481e-bc3c-1c4ca53b124d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D8083872%26t%3D2
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK chat-widget.min.js Show response
ebgcc.brightpattern.com/clientweb/chat-client-v4/build/ 215 KB
64 KB 157ms
157ms Script
application/javascript 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/chat-client-v4/build/chat-widget.min.js?cache-control=1337

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

d562166d55f4a91e0051cbaf6f164730b7f3b11f01d1560607c7740eabc067a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Oct 2021 20:26:04 GMT
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK index.php Show response
stats.kaltura.com/api_v3/ 48 B
646 B 671ms
167ms XHR
application/javascript 35.165.115.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.kaltura.com/api_v3/index.php?service=stats&apiVersion=3.1&expiry=86400&clientTag=kwidget%3Av2.90&format=1&ignoreNull=1&action=collect&event:eventType=2&event:clientVer=2.90&event:currentPoint=0&event:duration=99&event:eventTimestamp=1636646550011&event:isFirstInSession=false&event:objectType=KalturaStatsEvent&event:partnerId=1093992&event:sessionId=0d46eac9-0c24-2564-8d3e-bfadf388176a&event:uiconfId=23289491&event:seek=false&event:entryId=1_vcy14csy&event:historyEvents=010000000000000000000000-1-1&event:widgetId=_1093992&event:referrer=https%253A%252F%252Fwww.workingadvantage.com%252Faccount.php&hasKanalony=true&kalsig=e35f26674f249912482600e7297b82bb
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.165.115.120 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-165-115-120.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 56ed1ccd023395fd2603c2f8829779a907bda62b69ff68ad15c585c1900f10aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: nginx
X-Kava-Me: ip-172-30-37-146
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Expose-Headers: Server,Content-Length,Content-Range,Date
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin,Range,Accept-Encoding,Referer,Cache-Control,User-Agent,Content-Type
Expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H/1.1 200
OK 260
cfvod.kaltura.com/p/1093992/sp/109399200/thumbnail/entry_id/1_vcy14csy/version/100031/width/460/height/ Frame DAE7 29 KB
30 KB 41ms
9ms Image
image/jpeg 2600:9000:2156:c00:19:597a:e108:c5a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cfvod.kaltura.com/p/1093992/sp/109399200/thumbnail/entry_id/1_vcy14csy/version/100031/width/460/height/260
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:c00:19:597a:e108:c5a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: de451150b977bde62d4f17739f9969b72fa6ef56bdb6ec135798b772bf2e6a86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

X-Kaltura: cached-thumb-exists,d38dc87d52428da6f44a34d955809da5
X-Me: ny-nvp1-fthumb-1618
Date: Thu, 11 Nov 2021 15:59:57 GMT
Via: 1.1 cdb2dba3874dd4d7b53213b8c63a0997.cloudfront.net (CloudFront)
Age: 1661
X-Cache: Hit from cloudfront
X-Vod-Session: 1982046259
X-Proxy-Me: nvp1-vod-proxy-blue-77447ccf4d-2t9fp
Connection: keep-alive
Content-Length: 29591
Pragma
Last-Modified: Tue, 29 Aug 2017 18:53:05 GMT
Server: openresty
X-Proxy-Session: fc081f159a07232c6f4d213d404d0371
X-Vod-Me: nvp1-vod-packager-blue-78fcd744db-g67qd
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, max-stale=0
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
X-Kaltura-Session: 91885271, 1636615918
X-Amz-Cf-Id: ufvFplf2dq4Md1nqax5UHDBgLE30p2TkcX3ezrhNZktHs91UUD2QIA==
Expires: Thu, 11 Nov 2021 16:34:49 GMT

GET
H2 200 pixel;r=440647734;rf=0;a=p-zhY3S1asLzBpZ;url=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26su...
pixel.quantserve.com/ 35 B
371 B 20ms
11ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=440647734;rf=0;a=p-zhY3S1asLzBpZ;url=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll;uht=2;fpan=1;fpa=P0-295690296-1636646550018;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=workingadvantage.com;je=0;sr=1600x1200x24;dst=0;et=1636646550017;tzo=0;ogl=

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 icomoon.woff
cdnapisec.kaltura.com/html5/html5lib/v2.90//skins/kdark/fonts/ Frame DAE7 14 KB
14 KB 31ms
15ms Font
application/font-woff 2a02:26f0:6c00:2ba::10fe
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnapisec.kaltura.com/html5/html5lib/v2.90//skins/kdark/fonts/icomoon.woff?2021-08-05T07:31:40Z
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2ba::10fe Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f736e25921404b6af52d9d645965a6f88db506d6dda0d96125f79a1f46aba2bc

Request headers

Referer: https://www.workingadvantage.com/
Origin: https://www.workingadvantage.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-me: ny-nvp1-fplay-e041
date: Thu, 11 Nov 2021 16:02:30 GMT
last-modified: Thu, 05 Aug 2021 07:32:04 GMT
server: nginx
etag: "3744-5c8caea55e500"
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=1864244
accept-ranges: bytes
x-robots-tag: noindex
content-length: 14148
expires: Fri, 03 Dec 2021 05:53:14 GMT

GET
H/1.1 200
OK index.php Show response
analytics.kaltura.com/api_v3/ 48 B
646 B 678ms
169ms XHR
application/javascript 54.244.189.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.kaltura.com/api_v3/index.php?service=analytics&apiVersion=3.1&expiry=86400&clientTag=kwidget%3Av2.90&format=1&ignoreNull=1&action=trackEvent&entryId=1_vcy14csy&partnerId=1093992&eventType=1&sessionId=0d46eac9-0c24-2564-8d3e-bfadf388176a&eventIndex=1&bufferTime=0&actualBitrate=-1&flavorId=-1&referrer=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php&deliveryType=hls&sessionStartTime=null&uiConfId=23289491&clientVer=2.90&position=0&playbackType=vod&kalsig=0404e08cdc4fd5f80b7e6464cd5d0005
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.244.189.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-244-189-41.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 86b18276c88083ba14a48f2816d98f13603e6155f0a6d2323ae60c30cd7af9ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: nginx
X-Kava-Me: ip-172-30-41-201
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Expose-Headers: Server,Content-Length,Content-Range,Date
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin,Range,Accept-Encoding,Referer,Cache-Control,User-Agent,Content-Type
Expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H/1.1 200
OK index.php Show response
stats.kaltura.com/api_v3/ 48 B
646 B 665ms
167ms XHR
application/javascript 35.165.115.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.kaltura.com/api_v3/index.php?service=stats&apiVersion=3.1&expiry=86400&clientTag=kwidget%3Av2.90&format=1&ignoreNull=1&action=collect&event:eventType=1&event:clientVer=2.90&event:currentPoint=0&event:duration=99&event:eventTimestamp=1636646550109&event:isFirstInSession=false&event:objectType=KalturaStatsEvent&event:partnerId=1093992&event:sessionId=0d46eac9-0c24-2564-8d3e-bfadf388176a&event:uiconfId=23289491&event:seek=false&event:entryId=1_vcy14csy&event:historyEvents=110000000000000000000000-2-2&event:widgetId=_1093992&event:referrer=https%253A%252F%252Fwww.workingadvantage.com%252Faccount.php&hasKanalony=true&kalsig=3cf8123344d70a41b7e8e495e5e4be2d
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.165.115.120 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-165-115-120.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: ee97f07e8554de3237390dbaf3262421cb1f4c2f8b1e5992b73afcab1e29f279

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: nginx
X-Kava-Me: ip-172-30-40-253
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Expose-Headers: Server,Content-Length,Content-Range,Date
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin,Range,Accept-Encoding,Referer,Cache-Control,User-Agent,Content-Type
Expires: Thu, 11 Nov 2021 16:02:29 GMT

GET
H2 200 s15085044603712
smetrics.workingadvantage.com/b/ss/entbenworking/1/JS-2.22.2-LBWB/ 43 B
322 B 19ms
19ms Image
image/gif 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.workingadvantage.com/b/ss/entbenworking/1/JS-2.22.2-LBWB/s15085044603712?AQB=1&ndh=1&pf=1&t=11%2F10%2F2021%2016%3A2%3A30%204%200&mid=55623312877831268580681044055305096977&aamlh=6&ce=UTF-8&ns=entertainmentbenefits&cdp=2&fpCookieDomainPeriods=2&g=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&cc=USD&server=www.workingadvantage.com&c6=desktop&v9=Thursday%20-%2011%3A00AM&c29=wa&c46=November%7C11%7C2021%7CThursday%7C11%7C02%7CAM%7CWeekday%7CMorning&v81=reflektion%20experience%20selected&pe=lnk_o&pev2=rfk&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&lrt=46&AQE=1

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
x-content-type-options: nosniff
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 12 Nov 2021 16:02:30 GMT
server: jag
xserver: anedge-6988cccb6f-tdtpz
etag: 3514671705661374464-4619599417002114856
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 10 Nov 2021 16:02:30 GMT

POST
H2 200 track Show response
events.api.boomtrain.com/event/ 2 B
248 B 307ms
102ms XHR
text/plain 23.20.220.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://events.api.boomtrain.com/event/track
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.20.220.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-20-220-17.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
server: nginx
allow: GET, HEAD, OPTIONS, POST
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
content-length: 2

GET
H2 200 RCa74f93b2a9844c559b33b24b12dec6e8-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/ 492 B
572 B 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/RCa74f93b2a9844c559b33b24b12dec6e8-source.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 77afc215f4e8ab8f24d8f33319564fd49e6e5ed996c647e69a2d8962c4d677ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 13:23:31 GMT
server: AkamaiNetStorage
etag: "7fa29e6958917f091283bd7a69da5fbd:1635945811.617187"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 299
expires: Thu, 11 Nov 2021 17:02:30 GMT

GET
H2 200 RCc2397d04bf364fbf9c479b26f4f89af4-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/ 409 B
536 B 8ms
8ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/RCc2397d04bf364fbf9c479b26f4f89af4-source.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9faebf61199974ed2b71794fed6e38e037b079aa84be128ef8224eaa11a2bf1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 13:23:31 GMT
server: AkamaiNetStorage
etag: "7fa29e6958917f091283bd7a69da5fbd:1635945811.617187"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 263
expires: Thu, 11 Nov 2021 17:02:30 GMT

GET
H2 200 RC4c249ae6eb834f3481a5808daa1fa12c-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/ 496 B
568 B 9ms
9ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/RC4c249ae6eb834f3481a5808daa1fa12c-source.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61fe729593f83befae01a317be0201eda3bad26eec85298e2ff12cc4a1a9e1d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 13:23:31 GMT
server: AkamaiNetStorage
etag: "7fa29e6958917f091283bd7a69da5fbd:1635945811.617187"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 295
expires: Thu, 11 Nov 2021 17:02:30 GMT

GET
H2 200 RCaebef32d48d84459b4cf19acbda9386d-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/ 1018 B
818 B 9ms
9ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/RCaebef32d48d84459b4cf19acbda9386d-source.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5670f561e329e2da068fa4ca6100f1fd8d7064b46fe24791f97a366b48c3537b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 13:23:31 GMT
server: AkamaiNetStorage
etag: "7fa29e6958917f091283bd7a69da5fbd:1635945811.617187"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 545
expires: Thu, 11 Nov 2021 17:02:30 GMT

GET
H/1.1 200
OK / Show response
com-workadv.netmng.com/ 3 KB
2 KB 103ms
103ms Script
text/javascript 199.38.167.35
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://com-workadv.netmng.com/?vid=ytke4rlv3tljt&referer=&browserPixelRatio=1&browserWidth=1600&browserHeight=1200&aid=6323&siclientid=105193&url=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&p5=account%3A%20enroll&p6=register_enroll&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=&function=browser_check&nmfp=1&r=74a10d
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 199.38.167.35 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: openresty /
Resource Hash: e24abe72296c21b54ee5617d062f168d11c193edf55f2aa45b98d35a19dc7153

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Nov 2021 16:02:30 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Nov 2021 16:02:30 GMT
Server: openresty
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=UTF-8
Expires: Tue, 09 Nov 2021 16:02:30 GMT

GET
H/1.1 200
OK siteseal_gd_3_h_l_m.gif
seal.godaddy.com/images/3/en/ 4 KB
4 KB 112ms
112ms Image
image/gif 173.201.201.4
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seal.godaddy.com/images/3/en/siteseal_gd_3_h_l_m.gif
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.201.201.4 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-173-201-201-4.ip.secureserver.net
Software: Apache /
Resource Hash: 1449346947ba3d2266f702cc5488e1a0fb75ef67cdb105d5dbe178eff0af14b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Cache-Control: max-age=86400
Expires: Fri, 12 Nov 2021 16:02:30 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3827
Content-Type: image/gif

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame 55E1
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=OTY5NzUxNjc2Njg4NDEzNzQz&forward=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEMAtTQZJPQDZTfyg-FfvWpM&google_cver=1

42 B
1 KB

346ms
93ms

Image
image/gif

199.38.167.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEMAtTQZJPQDZTfyg-FfvWpM&google_cver=1
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Server: 199.38.167.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEMAtTQZJPQDZTfyg-FfvWpM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK setuid
ib.adnxs.com/ Frame 55E1 43 B
996 B 40ms
12ms Image
image/gif 185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=18&code=969751676688413743

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Nov 2021 16:02:30 GMT
X-Proxy-Origin: 168.119.25.195; 168.119.25.195; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2c3101a3-5d49-4eee-a539-9a731d4a911f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 55E1
Redirect Chain

https://stags.bluekai.com/site/4722?id=969751676688413743&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D
https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=

42 B
974 B

306ms
86ms

Image
image/gif

199.38.167.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=
Protocol: HTTP/1.1
Server: 199.38.167.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=
Date: Thu, 11 Nov 2021 16:02:30 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 55E1 0
239 B 686ms
170ms Image
image/gif 8.39.36.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=969751676688413743&
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.39.36.141 Los Angeles, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6683ee3a8662a9679fcacb9fe223a3f8
Content-Type: image/gif

GET
H/1.1 200
OK ibs:dpid=1121&dpuuid=969751676688413743&redir=
dpm.demdex.net/ Frame 55E1 42 B
945 B 38ms
34ms Image
image/gif 63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=969751676688413743&redir=

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-05f4e7fba.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: kCHfvh2dR6g=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

/
ps.eyeota.net/match/bounce/ Frame 55E1
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=969751676688413743&bid=omt9pi0
https://ps.eyeota.net/match/bounce/?uid=969751676688413743&bid=omt9pi0

70 B
440 B

9ms
9ms

Image
image/gif

3.122.214.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match/bounce/?uid=969751676688413743&bid=omt9pi0
Protocol: HTTP/1.1
Server: 3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /match/bounce/?uid=969751676688413743&bid=omt9pi0
Date: Thu, 11 Nov 2021 16:02:30 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2 200 cksync.php
contextual.media.net/ Frame 55E1 45 B
614 B 85ms
51ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=969751676688413743

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Thu, 11 Nov 2021 16:02:30 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Thu, 11 Nov 2021 16:02:30 GMT

GET
H2 200 serving
bs.serving-sys.com/ Frame 55E1 0
105 B 43ms
8ms Image
text/plain 52.57.82.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.82.36 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-82-36.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-length: 0
p3p: CP="NOI DEVa OUR BUS UNI"

GET
H2

200

362358.gif
idsync.rlcdn.com/ Frame 55E1
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=969751676688413743&referrer=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_sou...
https://p.rfihub.com/cm?pub=39342&in=0&userid=ed4fd974-7a3a-41bc-99c9-cad153a3760a%3A1636646549.34&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Ded4fd974-7a3a-41bc-99c9-cad153a3760a...
https://idsync.rlcdn.com/501709.gif?partner_uid=ed4fd974-7a3a-41bc-99c9-cad153a3760a%3A1636646549.34
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEGumR3bfHDsmn2fJTWRId5A&google_cver=1

42 B
300 B

15ms
15ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEGumR3bfHDsmn2fJTWRId5A&google_cver=1
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Nov 2021 16:02:30 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEGumR3bfHDsmn2fJTWRId5A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 55E1 43 B
109 B 336ms
120ms Image
image/gif 52.73.93.37
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=969751676688413743
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.73.93.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-93-37.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 55E1
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=969751676688413743&forward=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=969751676688413743&forward=&C=1

43 B
1005 B

18ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=969751676688413743&forward=&C=1
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 11 Nov 2021 16:02:30 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=969751676688413743&forward=&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 294
Expires: Thu, 11 Nov 2021 16:02:30 GMT

GET
H2 200 360947.gif
idsync.rlcdn.com/ Frame 55E1 42 B
418 B 41ms
16ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=969751676688413743
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 11 Nov 2021 16:02:30 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ Frame 55E1 43 B
191 B 218ms
188ms Image
image/gif 104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=969751676688413743

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-215-191.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:30 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 11 Nov 2021 16:02:30 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 55E1
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=969751676688413743&img=1
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=969751676688413743&img=1&__user_check__=1&sync_id=c604b2b9-4308-11ec-91b9-11372f1a0406

43 B
549 B

23ms
23ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=969751676688413743&img=1&__user_check__=1&sync_id=c604b2b9-4308-11ec-91b9-11372f1a0406
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 139
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: nginx
Location: /partner?adv_id=7180&uid=969751676688413743&img=1&__user_check__=1&sync_id=c604b2b9-4308-11ec-91b9-11372f1a0406
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 25
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame 55E1 43 B
183 B 286ms
94ms Image
image/gif 2600:1f18:612b:4264:c62f:533:271f:3e7e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=969751676688413743&r=sdfhZtKtXVXZ
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:c62f:533:271f:3e7e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 55E1 43 B
238 B 92ms
23ms Image
image/gif 18.169.90.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=969751676688413743
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.90.17 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:30 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 55E1 0
338 B 100ms
28ms Image
text/plain 52.17.218.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=969751676688413743
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.218.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-218-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=34 t=1636646550
x-served-by: beacon-n011-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame 55E1
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=119&user_id=969751676688413743&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=969751676688413743&expires=30

43 B
495 B

10ms
10ms

Image
image/gif

3.127.120.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=969751676688413743&expires=30
Protocol: HTTP/1.1
Server: 3.127.120.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-120-47.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=969751676688413743&expires=30
Date: Thu, 11 Nov 2021 16:02:30 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 55E1
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
https://p.rfihub.com/cm?in=1&pub=21653&userid=YY0_lQAAAIHq3AQp

42 B
1 KB

316ms
86ms

Image
image/gif

199.38.167.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=21653&userid=YY0_lQAAAIHq3AQp
Protocol: HTTP/1.1
Server: 199.38.167.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20835101p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:30 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1636646550.353297,VS0,VE0
x-served-by: cache-fra19122-FRA
x-cache: HIT
location: https://p.rfihub.com/cm?in=1&pub=21653&userid=YY0_lQAAAIHq3AQp
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 RC68c132235d834acaa4f19f1eaf4f4f73-source.min.js Show response
assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/ 298 B
456 B 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/a281455e4dfe/1c19d10a0484/d7c510cf1605/RC68c132235d834acaa4f19f1eaf4f4f73-source.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0f39a213e3bc78eb8cc14a68214e32cd7a5f6492980db3f9b7bc7140d7b3832d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 13:23:31 GMT
server: AkamaiNetStorage
etag: "7fa29e6958917f091283bd7a69da5fbd:1635945811.617187"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.workingadvantage.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 183
expires: Thu, 11 Nov 2021 17:02:30 GMT

POST
H3 200 li.php Show response
www.workingadvantage.com/common_resources/ 0
632 B 194ms
194ms XHR
text/html 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/common_resources/li.php

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
X-NewRelic-ID: XA4PUldACQMDUlhRAQc=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa OUR OTR IND DSP IDC COR"
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: unsafe-url
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent
content-type: text/html; charset=iso-8859-1
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8becabd294ee5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 6028.png
www.workingadvantage.com/common_resources/campaigns/ 104 KB
104 KB 41ms
40ms Image
image/png 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/common_resources/campaigns/6028.png

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50b62a48ee47ece097e7f07a8c1c44f08a27fd808d2df523b4a2e05a4749d954

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 106310
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Mon, 08 Nov 2021 14:30:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "19f46-5d047d4494742"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8becabd2d4ee5-FRA
expires: Sun, 12 Dec 2021 16:02:30 GMT

GET
H3 200 close.png
www.workingadvantage.com/common_resources/campaigns/ 4 KB
5 KB 30ms
30ms Image
image/png 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.workingadvantage.com/common_resources/campaigns/close.png

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

537d4fed9f1381b8d19b83550252fa2cac347ab0f2a638d45deb81ac9e88ab31

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 261
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4163
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
last-modified: Thu, 07 Jan 2016 13:41:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1043-528bea1065f80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=5184000; includeSubDomains
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
accept-ranges: bytes
cf-ray: 6ac8becb0dc84ee5-FRA
expires: Sun, 12 Dec 2021 16:02:30 GMT

GET
H2 200 / Show response
zn5bxs0kfcxmozrm9-ebg.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
4 KB 55ms
33ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn5bxs0kfcxmozrm9-ebg.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_5BxS0KFcxMOzRM9&t=1636646550318

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

986f98a85b06434e6056e98cdc951fd412644371a4cb2406ba4cf4b14819f37a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 196672
cf-polished: origSize=8435
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
timing-allow-origin: *
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"20f3-yk4v5gfzlCXRpkrf0jVjTa1Hhus"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 6ac8becbad7a05c4-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 nr-spa-1211.min.js Show response
js-agent.newrelic.com/ 43 KB
16 KB 36ms
6ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1211.min.js
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 539877722caad874241ab2ec930b7b4aaa5327a34984b64ad813f8a2998bb862

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: CLSa7QJ2hagEFCkLjcLamPCZ0EDdPlaV
content-encoding: gzip
etag: "a5ee6c68d7de5e7446d73910964b5c10"
x-amz-request-id: 0S4XFNJFYQZN9637
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16260
x-amz-id-2: v26Y2Ym4qOzM3icLTsVPo7p+x1EvrE6TG7atauVW/H4IwE2a7G7tJ/ZX4jGwn698O07ljqFSUSk=
x-served-by: cache-fra19160-FRA
last-modified: Mon, 27 Sep 2021 20:46:51 GMT
server: AmazonS3
x-timer: S1636646550.352695,VS0,VE0
date: Thu, 11 Nov 2021 16:02:30 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 931

OPTIONS
H/1.1 200
OK configuration
ebgcc.brightpattern.com/clientweb/api/v1/ Frame 0
0 462ms
152ms Preflight 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/api/v1/configuration?tenantUrl=ebgcc.brightpattern.com&domain=www.workingadvantage.com&appId=05363aaa62214ab49d457fb6ae0dc5e4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://www.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.21.3
Date: Thu, 11 Nov 2021 16:02:30 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Accept, Origin, Content-type, Authorization
Access-Control-Allow-Credentials: true
Allow: GET, HEAD, POST, TRACE, OPTIONS
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK snippet.css
ebgcc.brightpattern.com/clientweb/chat-client-v4/css/ 9 KB
9 KB 152ms
152ms Stylesheet
text/css 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/chat-client-v4/css/snippet.css

Requested by

Host: ebgcc.brightpattern.com
URL: https://ebgcc.brightpattern.com/clientweb/chat-client-v4/build/chat-widget.min.js?cache-control=1337

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

1eae87c50589775a5471dcc9fee06fb6d545e5c758f5fbb6ab1d97fcd846c76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Last-Modified: Fri, 08 Oct 2021 20:26:04 GMT
Server: nginx/1.21.3
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8986

GET
H/1.1 200
OK configuration Show response
ebgcc.brightpattern.com/clientweb/api/v1/ 14 KB
14 KB 153ms
152ms XHR
application/json 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/api/v1/configuration?tenantUrl=ebgcc.brightpattern.com&domain=www.workingadvantage.com&appId=05363aaa62214ab49d457fb6ae0dc5e4

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

58f60bb9964c615bbb12602b6563c6d459dbd15ea6787c455293375842774784

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Authorization: MOBILE-API-140-327-PLAIN appId="05363aaa62214ab49d457fb6ae0dc5e4", clientId="undefined"
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Server: nginx/1.21.3
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Origin, Content-type, Authorization
Content-Length: 14023

GET
H/1.1 200
OK f30ac265f9 Show response
bam-cell.nr-data.net/1/ 49 B
715 B 575ms
555ms Script
text/javascript 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/f30ac265f9?a=10369366&v=1211.ba193a8&to=ZFUGY0tVWRdVB0ENVl0fMUVQG14KUAFNSklbQA%3D%3D&rst=3229&ck=1&ref=https://www.workingadvantage.com/account.php&ap=326&be=2020&fe=3182&dc=2540&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1636646547138,%22n%22:0,%22f%22:1310,%22dn%22:1311,%22dne%22:1311,%22c%22:1311,%22s%22:1311,%22ce%22:1311,%22rq%22:1311,%22rp%22:1822,%22rpe%22:1851,%22dl%22:1825,%22di%22:2539,%22ds%22:2539,%22de%22:2542,%22dc%22:3180,%22l%22:3180,%22le%22:3184%7D,%22navigation%22:%7B%7D%7D&fp=2122&fcp=2410&at=SBIFFQNPShk%3D&jsonp=NREUM.setToken
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:30 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6ac8becbed37c2ea-FRA

GET
H2 200 12.0dd1d9e7d155335870a6.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 55 KB
17 KB 30ms
29ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.0dd1d9e7d155335870a6.chunk.js?Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web&Q_BRANDID=www.workingadvantage.com

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

068dd32c638718b56c231035622c9684605299229b279ffc99ef3157bc0b2ae5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 550172
cf-polished: origSize=57365
cf-ray: 6ac8becbdde805c4-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Oct 2021 18:30:12 GMT
server: cloudflare
etag: W/"e015-17cbdddf320"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
1 KB 142ms
142ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_5BxS0KFcxMOzRM9&Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ec5f85cfcd3367b000155cc6cd3009c75b087b65512ffb70f5562f9cf122451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 6
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.workingadvantage.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: e2f21521c5479713
cf-ray: 6ac8becc1e6705c4-FRA

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 99 KB
31 KB 31ms
31ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web&Q_BRANDID=ebg

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13240b3ce0f2614422012708fc83e706dd9ed31973bf724d4c2d9007eb203b04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15320
cf-polished: origSize=102276
cf-ray: 6ac8becd08a505c4-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 24
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Oct 2021 18:30:12 GMT
server: cloudflare
etag: W/"18f84-17cbdddf320"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 4.fb684567ce86ad1f4655.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
906 B 33ms
33ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/4.fb684567ce86ad1f4655.chunk.js?Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web&Q_BRANDID=ebg

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79f49b23898091340108b17215fba34524545affcf88e0a07820b18466bebc6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 145051
cf-polished: origSize=2539
cf-ray: 6ac8becd594f05c4-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 20
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Oct 2021 18:30:12 GMT
server: cloudflare
etag: W/"9eb-17cbdddf320"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 1.266dfdaea7d1f3348c4a.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
6 KB 39ms
38ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.266dfdaea7d1f3348c4a.chunk.js?Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web&Q_BRANDID=ebg

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5251c6ea010dfdff4e5e2caeb33e68f81338bbf76436ff79074b10fb10edcfe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 145051
cf-polished: origSize=29269
cf-ray: 6ac8becd595205c4-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 8
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Oct 2021 18:30:12 GMT
server: cloudflare
etag: W/"7255-17cbdddf320"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 64 KB
23 KB 39ms
39ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web&Q_BRANDID=ebg

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 145042
cf-polished: origSize=66052
cf-ray: 6ac8becd595405c4-FRA
edge-control: max-age=604800
x-envoy-upstream-service-time: 24
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Oct 2021 18:30:12 GMT
server: cloudflare
etag: W/"10204-17cbdddf320"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
964 B 70ms
47ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_eCZGzmPdtkUq0EB&Version=19&Q_ORIGIN=https://www.workingadvantage.com&Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ba84c5184c13f11bdafdd5e4a6b7f1799dee6458e527b2bf41a33df40a34c70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
last-modified: Thu, 11 Nov 2021 15:58:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6ac8becd7d516977-FRA
servershortname
expires: Sun, 09 Nov 2031 15:58:25 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1 KB 61ms
38ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_5mPBvFDb3REP0dT&Version=7&Q_InterceptID=SI_eCZGzmPdtkUq0EB&Q_ORIGIN=https://www.workingadvantage.com&Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2f94807597fa1cb903f7e33ba6fe0f09522edc921465a1cc952ed4176403a80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 466118
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
x-envoy-upstream-service-time: 10
vary: Accept-Encoding
last-modified: Sat, 06 Nov 2021 06:33:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
cf-ray: 6ac8becd7d546977-FRA
servershortname
expires: Tue, 04 Nov 2031 06:33:52 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
256 B 144ms
143ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_5mPBvFDb3REP0dT&Q_SIID=SI_eCZGzmPdtkUq0EB&Q_ASID=AS_56381657&Q_CLIENTVERSION=1.63.1&Q_CLIENTTYPE=web&r=1636646550694

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 10
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 45
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.workingadvantage.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: 41de056ea656dcdd
cf-ray: 6ac8becdde636977-FRA

GET
H2 200 wr-dialog-close-btn-black.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 256 B
511 B 32ms
31ms Image
image/png 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-black.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2547640cd989b80083eb3ade2a4993c1776a1229cfffd41adeb0fef3e86eaf2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20199090
cf-polished: origSize=757
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time: 8
cf-bgj: imgq:85,h2pri
vary: Accept-Encoding
content-length: 256
last-modified: Wed, 10 Mar 2021 21:25:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 6ac8becdda6905c4-FRA
servershortname
expires: Thu, 20 Mar 2031 21:11:00 GMT

OPTIONS
H/1.1 200
OK availability
ebgcc.brightpattern.com/clientweb/api/v1/ Frame 0
0 152ms
152ms Preflight 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/api/v1/availability?tenantUrl=ebgcc.brightpattern.com&domain=www.workingadvantage.com&appId=05363aaa62214ab49d457fb6ae0dc5e4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://www.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.21.3
Date: Thu, 11 Nov 2021 16:02:31 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Accept, Origin, Content-type, Authorization
Access-Control-Allow-Credentials: true
Allow: GET, HEAD, POST, TRACE, OPTIONS
Strict-Transport-Security: max-age=31536000; includeSubDomains

OPTIONS
H/1.1 200
OK iceservers
ebgcc.brightpattern.com/clientweb/api/v1/ Frame 0
0 304ms
152ms Preflight 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/api/v1/iceservers?tenantUrl=ebgcc.brightpattern.com&domain=www.workingadvantage.com&appId=05363aaa62214ab49d457fb6ae0dc5e4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://www.workingadvantage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.21.3
Date: Thu, 11 Nov 2021 16:02:31 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Accept, Origin, Content-type, Authorization
Access-Control-Allow-Credentials: true
Allow: GET, HEAD, POST, TRACE, OPTIONS
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK availability Show response
ebgcc.brightpattern.com/clientweb/api/v1/ 32 B
483 B 153ms
152ms XHR
application/json 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/api/v1/availability?tenantUrl=ebgcc.brightpattern.com&domain=www.workingadvantage.com&appId=05363aaa62214ab49d457fb6ae0dc5e4

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

b1adacbdcd9a1302ebf82abb4695066528a693b75d7f75a110f1834b18c94cec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Authorization: MOBILE-API-140-327-PLAIN appId="05363aaa62214ab49d457fb6ae0dc5e4", clientId="undefined"
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:31 GMT
Server: nginx/1.21.3
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Origin, Content-type, Authorization
Content-Length: 32

GET
H/1.1 200
OK iceservers Show response
ebgcc.brightpattern.com/clientweb/api/v1/ 14 B
465 B 153ms
152ms XHR
application/json 199.101.26.126
BRIGHTPATTERNSC

General

Check archive.org

Show headers Download Go to

Full URL

https://ebgcc.brightpattern.com/clientweb/api/v1/iceservers?tenantUrl=ebgcc.brightpattern.com&domain=www.workingadvantage.com&appId=05363aaa62214ab49d457fb6ae0dc5e4

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.101.26.126 , United States, ASN33411 (BRIGHTPATTERNSC, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

c942d9ddbaf0a866c828a904b734915c84ec8b1137b04a698325500b40a2f238

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Authorization: MOBILE-API-140-327-PLAIN appId="05363aaa62214ab49d457fb6ae0dc5e4", clientId="undefined"
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 11 Nov 2021 16:02:31 GMT
Server: nginx/1.21.3
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.workingadvantage.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Origin, Content-type, Authorization
Content-Length: 14

GET
H/1.1 200
OK 100
cfvod.kaltura.com/p/1093992/sp/109399200/thumbnail/entry_id/1_vcy14csy/version/100031/width/100/height/undefined/vid_slices/ Frame DAE7 133 KB
134 KB 8ms
8ms Image
image/jpeg 2600:9000:2156:c00:19:597a:e108:c5a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cfvod.kaltura.com/p/1093992/sp/109399200/thumbnail/entry_id/1_vcy14csy/version/100031/width/100/height/undefined/vid_slices/100
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:c00:19:597a:e108:c5a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 627e571d76a1633f6ac725b3d619d3ca2add0737c75fe167db775a237e40b1f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

X-Kaltura: cached-thumb-exists,6fd1f887bb7c0d26e1d5a13cb5714b0c
X-Me: ny-nvp1-fthumb-cbd5
Date: Thu, 11 Nov 2021 15:59:58 GMT
Via: 1.1 cdb2dba3874dd4d7b53213b8c63a0997.cloudfront.net (CloudFront)
Age: 226
X-Cache: Hit from cloudfront
X-Vod-Session: 1642623399
X-Proxy-Me: nvp1-vod-proxy-blue-77447ccf4d-clrj6
Connection: keep-alive
Content-Length: 136085
Pragma
Last-Modified: Wed, 16 Aug 2017 18:31:54 GMT
Server: openresty
X-Proxy-Session: 1b335f44778e8e86c4e8d5e6e91f756e
X-Vod-Me: nvp1-vod-packager-blue-78fcd744db-klhrp
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600, max-stale=0
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
X-Kaltura-Session: 1959294884, 1636615919
X-Amz-Cf-Id: 5V5mNebFSAWDwbi-evxUkQrgUrmp_JaCB1YPMVv6l0scJ8BAyTLLqg==
Expires: Thu, 11 Nov 2021 16:58:45 GMT

GET
H2 200 an
alweb.rfk.workingadvantage.com/rfkj/1/11273-152007103/ 44 B
162 B 111ms
110ms Image
image/gif 54.236.99.14
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alweb.rfk.workingadvantage.com/rfkj/1/11273-152007103/an?&C=1,uO8AuSxZb2hXl7QI97JAviNAt39Mt35Mez4yez4I8ChE8zEycjkOc30Tcj0P8yMyp28W8D1z8DQ,&N=1,uO9OsTkyey8N8DQ,&t=1636646551145
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.99.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-99-14.compute-1.amazonaws.com
Software: gunicorn/19.6.0 /
Resource Hash: d1c4aa4fc27ca65d42b693b60f19546c4a50c002394c364dbbef45710858df7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:31 GMT
last-modified: Wed, 19 May 2021 07:43:58 GMT
server: gunicorn/19.6.0
content-length: 44
content-type: image/gif

POST
H/1.1 200
OK f30ac265f9 Show response
bam-cell.nr-data.net/events/1/ 24 B
512 B 631ms
631ms XHR
image/gif 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/f30ac265f9?a=10369366&v=1211.ba193a8&to=ZFUGY0tVWRdVB0ENVl0fMUVQG14KUAFNSklbQA%3D%3D&rst=4272&ck=1&ref=https://www.workingadvantage.com/account.php
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
content-type: text/plain

Response headers

Date: Thu, 11 Nov 2021 16:02:32 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.workingadvantage.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6ac8bed25f17c2ea-FRA
Content-Length: 24

GET
H/1.1 200
OK st Show response
px.steelhousemedia.com/ 2 KB
2 KB 674ms
167ms Script
application/javascript 44.237.157.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.steelhousemedia.com/st?ga_tracking_id=UA-4045288-1&ga_client_id=1089567603.1636646549&shpt=Working%20Advantage%20-%20Employee%20Discounts&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-4045288-1%22%2C%22ga_client_id%22%3A%221089567603.1636646549%22%2C%22shpt%22%3A%22Working%20Advantage%20-%20Employee%20Discounts%22%2C%22dcm_cid%22%3A%221089567603.1636646549%22%2C%22dcm_gid%22%3A%221914361460.1636646549%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getTrackingIdByGA%22%3A%22FAILED%22%2C%22getTrackingIdByOther1%22%3A%22FAILED%22%2C%22getTrackingIdByOther2%22%3A%22OK%22%2C%22getClientIdByGA%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1089567603.1636646549&dcm_gid=1914361460.1636646549&dxver=4.0.0&shaid=23005&plh=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&cb=36506817757522024&shadditional=googletagmanager%3Dtrue%2C%2Csh_conversion%3DSHBLOCK&shpn=Access%20to%20Working%20Advantage%20is%20limited%20to%20registered%20employees%20of%20participating%20Companies&shps=AccesstoWorkingAdvantageislimitedtoregisteredemployeesofparticipatingCompanies&shpc=
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.237.157.168 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-237-157-168.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: f92cdb5df80b31919a700c7cdfaab1b4849a138990b9c1140f6160d298ed9ea1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 11 Nov 2021 16:02:32 GMT
content-encoding: gzip
connection: close
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type: application/javascript;charset=utf-8

GET
H/1.1 200
OK gs Show response
ww.steelhousemedia.com/ 144 B
733 B 678ms
168ms Script
application/javascript 44.238.216.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ww.steelhousemedia.com/gs
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.238.216.23 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-238-216-23.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 964e5261c97c0738b33b25b67eae7298dcff320d92c852f6cfac0548df19bf6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 16:02:32 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 0
connection: close
content-type: application/javascript;charset=utf-8
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 144
x-application-context: application:prod:8080

GET
H/1.1 200
OK st Show response
px.steelhousemedia.com/ 4 KB
2 KB 514ms
181ms Script
application/javascript 44.237.157.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.steelhousemedia.com/st?ga_tracking_id=UA-4045288-1&ga_client_id=1089567603.1636646549&shpt=Working%20Advantage%20-%20Employee%20Discounts&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-4045288-1%22%2C%22ga_client_id%22%3A%221089567603.1636646549%22%2C%22shpt%22%3A%22Working%20Advantage%20-%20Employee%20Discounts%22%2C%22dcm_cid%22%3A%221089567603.1636646549%22%2C%22dcm_gid%22%3A%221914361460.1636646549%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getTrackingIdByGA%22%3A%22FAILED%22%2C%22getTrackingIdByOther1%22%3A%22FAILED%22%2C%22getTrackingIdByOther2%22%3A%22OK%22%2C%22getClientIdByGA%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1089567603.1636646549&dcm_gid=1914361460.1636646549&dxver=4.0.0&shaid=23005&plh=https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll&shadditional=googletagmanager%3Dtrue%2C%2Csh_conversion%3DSHBLOCK&shpn=Access%20to%20Working%20Advantage%20is%20limited%20to%20registered%20employees%20of%20participating%20Companies&shps=AccesstoWorkingAdvantageislimitedtoregisteredemployeesofparticipatingCompanies&shpc=&cb=1636646552344197&shguid=547d857f-7037-332d-9e3f-f77005d5945b&shgts=1636646553025
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.237.157.168 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-237-157-168.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 84c80fdde78a0015bc6f67da67054688cc36b39ac219c58e16b3feac6b1d1375

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 11 Nov 2021 16:02:33 GMT
content-encoding: gzip
connection: close
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type: application/javascript;charset=utf-8

GET
H/1.1

200
OK

tdsync
px.steelhousemedia.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=c7421a67-4308-11ec-b448-e9a08f6fa8a7&gdpr=&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=c7421a67-4308-11ec-b448-e9a08f6fa8a7&gdpr=&gdpr_consent=
https://px.steelhousemedia.com/tdsync?tdid=768a7ee1-9343-4d46-a214-9ba7156aaeb8&shguid=c7421a67-4308-11ec-b448-e9a08f6fa8a7

0
303 B

511ms
176ms

Image
text/plain

44.237.157.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.steelhousemedia.com/tdsync?tdid=768a7ee1-9343-4d46-a214-9ba7156aaeb8&shguid=c7421a67-4308-11ec-b448-e9a08f6fa8a7
Protocol: HTTP/1.1
Server: 44.237.157.168 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-237-157-168.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 11 Nov 2021 16:02:34 GMT
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
access-control-allow-methods: GET, POST, OPTIONS
x-application-context: application:awsprod,confluent:9025

Redirect headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://px.steelhousemedia.com/tdsync?tdid=768a7ee1-9343-4d46-a214-9ba7156aaeb8&shguid=c7421a67-4308-11ec-b448-e9a08f6fa8a7
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 277

GET
H2 200 /
insight.adsrvr.org/track/evnt/ 70 B
261 B 100ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/evnt/?adv=43q8xun&ct=0:eygtemm&fmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Nov 2021 16:02:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H3 200 li.php Show response
www.workingadvantage.com/common_resources/ 0
632 B 200ms
200ms XHR
text/html 104.18.20.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.workingadvantage.com/common_resources/li.php

Requested by

Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.20.78 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
X-NewRelic-ID: XA4PUldACQMDUlhRAQc=
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 11 Nov 2021 16:02:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa OUR OTR IND DSP IDC COR"
strict-transport-security: max-age=5184000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: unsafe-url
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent
content-type: text/html; charset=iso-8859-1
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline';
cf-ray: 6ac8befcb9ee4ee5-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK f30ac265f9 Show response
bam-cell.nr-data.net/events/1/ 24 B
512 B 148ms
147ms XHR
image/gif 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/f30ac265f9?a=10369366&v=1211.ba193a8&to=ZFUGY0tVWRdVB0ENVl0fMUVQG14KUAFNSklbQA%3D%3D&rst=13229&ck=1&ref=https://www.workingadvantage.com/account.php
Requested by: Host: www.workingadvantage.com
URL: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.workingadvantage.com/account.php?utm_campaign=the-elf-on-the-shelf&utm_source=email&utm_medium=November-11-2021-MME&sub=enroll
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
content-type: text/plain

Response headers

Date: Thu, 11 Nov 2021 16:02:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.workingadvantage.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6ac8bf0a4ff9c2ea-FRA
Content-Length: 24

Verdicts & Comments Add Verdict or Comment

305 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

68 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.workingadvantage.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: pu4q3ero0r84no9rp3tiprqaqn
www.workingadvantage.com/	1969-12-31 23:59:59	Name: WORKINGADVANTAGE Value: !IC1hEZHxBh6JEJ7TyRfNZ4y0D2cw9pNTUXJTv5wgA8FO5gOYwxEAedbNaJ+IuaDndE8xq3H4qd3Ang==
www.workingadvantage.com/	1969-12-31 23:59:59	Name: __rsu Value: 1
.workingadvantage.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 02:56:38	Name: demdex Value: 55657467707516065170684355911014020782
.workingadvantage.com/	1970-01-20 16:08:38	Name: _ga Value: GA1.2.1089567603.1636646549
.workingadvantage.com/	1970-01-19 22:38:52	Name: _gid Value: GA1.2.1914361460.1636646549
.workingadvantage.com/	1970-01-19 22:37:26	Name: _gat Value: 1
.workingadvantage.com/	1969-12-31 23:59:59	Name: mf_913a7fd6-dc0a-49da-96d8-8f73cb55b75c Value: \|.6931915432.1636646549356\|1636646549356\|\|0\|\|\|0\|0\|53.06848
.workingadvantage.com/	1969-12-31 23:59:59	Name: AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg Value: 1
.workingadvantage.com/	1970-01-20 00:47:02	Name: _gcl_au Value: 1.1.1490200210.1636646549
.workingadvantage.com/	1970-01-20 16:08:38	Name: _mkto_trk Value: id:409-BCN-480&token:_mch-workingadvantage.com-1636646549419-56701
.rezync.com/	1970-01-20 02:56:09	Name: zync-uuid Value: ed4fd974-7a3a-41bc-99c9-cad153a3760a:1636646549.34
.workingadvantage.com/	1970-01-20 16:08:38	Name: s_ecid Value: MCMID%7C55623312877831268580681044055305096977
.everesttech.net/	1970-01-20 07:23:02	Name: everest_g_v2 Value: g_surferid~YY0_lQAAAIHq3AQp
.workingadvantage.com/	1970-01-20 07:23:02	Name: btIdentify Value: b0f567cb-ab6c-4c47-8f0b-46050d55000d
.workingadvantage.com/	1970-01-19 22:37:30	Name: _bts Value: d067c52d-5aca-4d70-aa30-576585e9db7b
.workingadvantage.com/	1970-01-20 16:11:31	Name: mbox Value: session#2b2c11a2d5f549a680c9a5f03d5912a1#1636648410\|PC#2b2c11a2d5f549a680c9a5f03d5912a1.37_0#1699891350
.dpm.demdex.net/	1970-01-20 02:56:38	Name: dpm Value: 55657467707516065170684355911014020782
.workingadvantage.com/	1970-01-20 16:08:38	Name: AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg Value: -2121179033%7CMCIDTS%7C18943%7CMCMID%7C55623312877831268580681044055305096977%7CMCAAMLH-1637251349%7C6%7CMCAAMB-1637251349%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1636653749s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18950%7CvVersion%7C5.3.0
.workingadvantage.com/	1970-01-19 22:37:28	Name: __rutmb Value: 152007103
.workingadvantage.com/	1970-01-21 00:54:14	Name: __rutma Value: 152007103-wj-e7-4x-1p-ugo77qa7jd02gn2efelg-1636646549611.1636646549611.1636646549611.1.1.1
.workingadvantage.com/	1970-01-21 00:54:14	Name: __ruid Value: 152007103-wj-e7-4x-1p-ugo77qa7jd02gn2efelg-1636646549611
.workingadvantage.com/	1970-01-20 00:03:50	Name: __rcmp Value: 0!bj1fZ2MsZj1nYyxzPTEsYz0yOTg5LHRyPTkwLHJuPTU2Mix0cz0yMDIxMTExMS4xNjAyLGQ9cGMsc3U9MTtuPXNiMSxmPXNiLHM9MSxjPTIwMTEsdD0yMDE4MTIwNi4wMDU0O249cncxLGY9cncscz0xLGM9Mjc3Nyx0PTIwMjEwNTA3LjA3NDc~
.workingadvantage.com/	1970-01-19 22:37:28	Name: __rpckx Value: 0!eyJ0NyI6eyIxIjoxNjM2NjQ2NTQ5NjExfSwidDd2Ijp7IjEiOjE2MzY2NDY1NDk2MTF9LCJpdGltZSI6IjIwMjExMTExLjE2MDIifQ~~
.workingadvantage.com/	1970-01-19 22:37:28	Name: __rpck Value: 0!eyJwcm8iOiJkaXJlY3QiLCJidCI6eyIwIjp0cnVlLCIxIjowLCIyIjpudWxsLCIzIjoxfSwiQyI6e30sIk4iOnt9fQ~~
.workingadvantage.com/	1970-01-20 16:08:38	Name: prev_url_v2 Value: https%253A%252F%252Fwww.workingadvantage.com%252Faccount.php%253Futm_campaign%253Dthe-elf-on-the-shelf%2526utm_source%253Demail%2526utm_medium%253Dnovember-11-2021-mme%2526sub%253Denroll
.doubleclick.net/	1970-01-20 07:59:02	Name: IDE Value: AHWqTUkJ6GT1rke4n5VkYpuzBLCpCGUV-7rZPQNFDXWw1NQndA-U6F0-Jsq5n-s_
.workingadvantage.com/	1970-01-19 22:37:28	Name: gpv_v5 Value: account%3A%20enroll
.workingadvantage.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.workingadvantage.com/	1970-01-19 22:37:28	Name: __cf_bm Value: .91j3r2m_SfB4wKTm.Oicfc3t7Pg3pZWytZWhmXO2rY-1636646549-0-AVKrcSlwXJ0286AoNJ3RYuaHhV3g7LTqGCicN8QFgxV9+VGtCafjzT9PWvFHG0s5WQaZL8bBXDfDf8CaIhme/v2c3OR5oUCaSy1kAvFnIkMLpJEEVX1BZ7lMlDHZu34GxAIt1HdB38ih2HzOBmjj7m1MvhayfQwbGj9zdfSfVESZ
.rfihub.com/	1970-01-20 07:59:02	Name: rud Value: H4sIAAAAAAAAAOMSsjSzNDc1NDM3M7OwMDE0NjcxFuIz1C3xNfGyNCh2dncvjZLiNTQzNjMzMTM1sTS3NAIA-34xZDMAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSsjSzNDc1NDM3M7OwMDE0NjcxFuIz1C3xNfGyNCh2dncvjQIA1cV-SiQAAAA
.adnxs.com/	1970-01-20 00:47:02	Name: uuid2 Value: 3099390223513557428
.quantserve.com/	1970-01-20 08:07:40	Name: mc Value: 618d3e96-08584-dd8b5-60356
.workingadvantage.com/	1970-01-20 07:23:02	Name: _bti Value: %7B%22app_id%22%3A%22ebg-wa%22%2C%22bsin%22%3A%22TsA5zy5UBHZSDzLHVUTAo3KhIDX3Bdk9ZHN9Fnb8aUjuSxF8Oa9bmmbcM9joy%2B77nSIfXegpabrOMbqbPra9HA%3D%3D%22%7D
.workingadvantage.com/	1970-01-20 08:01:55	Name: __qca Value: P0-295690296-1636646550018
.adnxs.com/	1970-01-20 00:47:02	Name: anj Value: dTM7k!M4/YDYRWSF']wIg2GVQkC8%t!]tb[8i_i]PTm@+UbW(6Z:IW!VGWeVOs^E[_.8cwcuPoaLMxN`!_6-zQEVk`!)$39ik=DN
www.workingadvantage.com/	1970-01-19 23:20:38	Name: gdpr_pp Value: 1
.casalemedia.com/	1970-01-20 07:23:02	Name: CMID Value: YY0.llrA-dhITAJE0JMVUAAA
.casalemedia.com/	1970-01-20 00:47:02	Name: CMPS Value: 5207
.casalemedia.com/	1970-01-20 00:47:02	Name: CMPRO Value: 1205
.casalemedia.com/	1970-01-19 22:38:52	Name: CMST Value: YY0+lmGNPpYA
.casalemedia.com/	1970-01-20 07:23:02	Name: CMRUM3 Value: 39618d3e962760969751676688413743
.rlcdn.com/	1970-01-20 07:23:02	Name: rlas3 Value: RbafFzM5xZlTH7MBWEmCKDCgVzTs+UpNP5GDevI26lg=
.media.net/	1970-01-20 07:23:02	Name: visitor-id Value: 2796481507766781000V10
.media.net/	1970-01-20 07:21:36	Name: data-rk Value: 969751676688413743~~3
com-workadv.netmng.com/	1970-01-20 03:00:57	Name: evo5_WORKINGADVANTAGE Value: ytke4rlv3tljt%7CO%7CY1VoU04yRkJRM2x0T0VGTVMxazRhbEpqU1V4Nk9YSjNjM05YYzBGcGRWUlRWbEUxTUVSNFVTODVlRTVvWm1rMGRqTmljMGhMUVU5cmIyNVZUakZqVlZsV1EyeHpPR05UWmxoU2RrZHphVkJVYTFKeFlsWmtVR1Z5VVc5bmNtUXZTMUZuZUVwdmJ6QjJRa0pCYTFka2EwNXBRVmwwT0V3eWMwTTNjM1JPUjBsS2JFaGhjbGcwUTNKRlprSnplQ3RRTm1rM2NHeG1OMHB0WVhJNVFVSXZTMWd3VHl0a1RFeDBVbVZ3T0U4dmFVNXRjMDlEZDNCTmFIcDNTVmh4YmpodTpTR1h6d05QS085c3c1ZDFQNDNQSnpRPT0%3D
.spotxchange.com/	1970-01-20 07:23:06	Name: audience Value: c604b26d-4308-11ec-91b9-11372f1a0406
live.rezync.com/	1970-01-20 02:56:38	Name: sd-session-id Value: .eJwVyk0LgjAYAOC_Eu_Zg06dH9AltEO0xciQeRGrQXNp4eblFf97dnzgWaD9qmnoRjU6yN00Kw8eb73JQr6A1TgoAzlkNEvigCaUpmkUhEkUwuqBVdbqz9jq5z_v7ltsauE3g4g5CsdJifLq-6w-9efKxBKNk-RoWHVDWbGQ94fXpS8JQ0l4IQNemJmh2MO6_gB_XTBk.FG7QFg.fKxS8N2Wh0QBnU1e0CqzZ7QnDNU
.krxd.net/	1970-01-20 02:56:38	Name: _kuid_ Value: OecVJd-q
.bidswitch.net/	1970-01-20 07:23:02	Name: tuuid Value: b2756439-d403-46c4-82f1-04147ec15109
.bidswitch.net/	1970-01-20 07:23:02	Name: c Value: 1636646550
.bidswitch.net/	1970-01-20 07:23:02	Name: tuuid_lu Value: 1636646550
.workingadvantage.com/	1969-12-31 23:59:59	Name: s_ptc Value: 1.31%5E%5E0.00%5E%5E0.00%5E%5E0.00%5E%5E0.51%5E%5E0.03%5E%5E1.35%5E%5E0.00%5E%5E3.18
.eyeota.net/	1970-01-20 07:23:02	Name: mako_uid Value: 17d0fbc7c05-26160000010f4bb0
.eyeota.net/	1970-01-19 22:37:27	Name: SERVERID Value: 19376~DM
www.workingadvantage.com/	1969-12-31 23:59:59	Name: QSI_HistorySession Value: https%3A%2F%2Fwww.workingadvantage.com%2Faccount.php%3Futm_campaign%3Dthe-elf-on-the-shelf%26utm_source%3Demail%26utm_medium%3DNovember-11-2021-MME%26sub%3Denroll~1636646550560
.rlcdn.com/	1970-01-20 00:03:50	Name: pxrc Value: CJb9tIwGEgYIuuoBEAA=
.rfihub.com/	1970-01-20 07:59:02	Name: smd Value: H4sIAAAAAAAAADPiNTQzNjMzMTM1NTAzsgAA40NATg8AAAA
.rfihub.com/	1970-01-20 07:59:02	Name: eud Value: H4sIAAAAAAAAAJvFyGtoZmxmZmJmamJpbmm2Co1_Co3_Co3_C40_iQmVPwuNvwiNvwqNvwmNvwtdPQsq_xYafxGrQGSkQXxOoKOjo6dHobFjYMEqVrgSUwMzI_NNrGhWcKN5CY2_SBiV_wiNDwAr5x2RQwEAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAFvFKBAZaRCfE-jo6OjpUWjsGFgAAFWG6dQTAAAA
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 1a89811777a5a379
.steelhousemedia.com/	1970-01-20 16:09:20	Name: guid Value: c7421a67-4308-11ec-b448-e9a08f6fa8a7
.px.steelhousemedia.com/	1970-01-20 16:09:20	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzI2MDCNN7IwtlCyMtBRQuYamhmbmZmYmZoamxpZ6CiVKVkZ6SBpMbc0BmqpBQBq5Om6RgAAAA=="
.steelhousemedia.com/	1970-01-20 16:09:20	Name: rt Value: "MjMwMDU6MTYzNjY0NjU1Mw=="
.adsrvr.org/	1970-01-20 07:23:02	Name: TDID Value: 768a7ee1-9343-4d46-a214-9ba7156aaeb8
.adsrvr.org/	1970-01-20 07:23:02	Name: TDCPM Value: CAEYBSABKAIyCwjU0aL27M2SOhAFOAE.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9THHDH(Line 39) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9THHDH(Line 39) Message: Unrecognized feature: 'conversion-measurement'.
other	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9THHDH(Line 39) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-W9THHDH(Line 39) Message: Unrecognized feature: 'conversion-measurement'.
other	warning	URL: https://cdnapisec.kaltura.com/p/1093992/sp/109399200/embedIframeJs/uiconf_id/23289491/partner_id/1093992?ebgcbv=116(Line 30) Message: Allow attribute will take precedence over 'allowfullscreen'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; media-src blob:; style-src * 'unsafe-inline';
Strict-Transport-Security	max-age=5184000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20835101p.rfihub.com
409-bcn-480.mktoresp.com
6479484.fls.doubleclick.net
9767737.fls.doubleclick.net
a.rfihub.com
aa.agkn.com
adservice.google.com
adservice.google.de
alweb.rfk.workingadvantage.com
analytics.kaltura.com
assets.adobedtm.com
bam-cell.nr-data.net
beacon.krxd.net
bpi.rtactivate.com
bs.serving-sys.com
c1.rfihub.net
cdn.boomtrain.com
cdn.mouseflow.com
cdnapisec.kaltura.com
cfvod.kaltura.com
cm.everesttech.net
cm.g.doubleclick.net
com-workadv.netmng.com
contextual.media.net
d26opx5dl8t69i.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
dx.steelhousemedia.com
e.email.workingadvantage.com
ebgcc.brightpattern.com
entertainmentbenefitsgroupllc.demdex.net
events.api.boomtrain.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
initjs.rfk.workingadvantage.com
insight.adsrvr.org
js-agent.newrelic.com
live.rezync.com
match.adsrvr.org
munchkin.marketo.net
p.rfihub.com
partners.tremorhub.com
people.api.boomtrain.com
pixel.quantserve.com
pixel.rubiconproject.com
ps.eyeota.net
px.steelhousemedia.com
rules.quantcount.com
seal.godaddy.com
secure.adnxs.com
secure.quantserve.com
siteintercept.qualtrics.com
smetrics.workingadvantage.com
stags.bluekai.com
starget.workingadvantage.com
stats.g.doubleclick.net
stats.kaltura.com
sync-tm.everesttech.net
sync.search.spotxchange.com
ww.steelhousemedia.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.workingadvantage.com
x.bidswitch.net
x.dlx.addthis.com
zn5bxs0kfcxmozrm9-ebg.siteintercept.qualtrics.com
104.111.215.191
104.111.234.67
104.17.208.240
104.17.209.240
104.18.20.78
142.250.185.194
142.250.186.34
142.250.186.38
143.204.101.87
143.204.98.63
143.204.98.95
15.236.176.210
151.101.2.49
151.101.66.137
162.247.243.147
173.201.201.4
18.169.90.17
185.33.220.243
185.33.221.53
185.94.180.126
192.28.147.68
199.101.26.126
199.38.167.128
199.38.167.35
2.18.234.21
2.18.235.93
23.111.9.38
23.20.220.17
2600:1f18:612b:4264:c62f:533:271f:3e7e
2600:9000:2156:400:6:44e3:f8c0:93a1
2600:9000:2156:8a00:1:76cf:fe80:93a1
2600:9000:2156:c00:19:597a:e108:c5a1
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:80e::2003
2a00:1450:4001:810::2004
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2008
2a00:1450:400c:c00::9d
2a02:26f0:6c00:28a::1e80
2a02:26f0:6c00:2ba::10fe
3.122.214.165
3.127.120.47
34.230.174.180
34.250.124.91
35.165.115.120
35.244.174.68
35.71.131.137
44.236.162.197
44.237.157.168
44.238.216.23
52.17.218.77
52.223.40.198
52.57.82.36
52.73.93.37
54.154.165.122
54.171.163.246
54.236.154.122
54.236.99.14
54.244.189.41
63.32.159.255
8.39.36.141
96.47.20.26
02e1c4508320ee6bc6b884c4de9a0d73e541b6735fa139cbd957a27f42c72140
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
062550863ac201e15f06acde2a881de70f1873b624b6e5e8c6cb6204a3e95cce
06708edc30f6877320af98a385a4350ad9769c1aca9d44f8a262acf0c6dfefbd
068dd32c638718b56c231035622c9684605299229b279ffc99ef3157bc0b2ae5
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0f39a213e3bc78eb8cc14a68214e32cd7a5f6492980db3f9b7bc7140d7b3832d
12a707e11e2dc4d9b49d1a98cf484363b1549a6914a387a9c96d27679d285849
13240b3ce0f2614422012708fc83e706dd9ed31973bf724d4c2d9007eb203b04
1449346947ba3d2266f702cc5488e1a0fb75ef67cdb105d5dbe178eff0af14b2
15bd54ace92a04738adb0e5f33c21472369b9ce4a69fdee95f477f7231d0008c
176bfb0e73f4480f870fdf93e5f45624e7fc171b7d4adbc10d6475a382efd604
1b5f1cf2147c10f37ac1e6a14635b8fcda9a5569e2492152a08ed6fe781d6db2
1d24d4a11bd569cd44e25a8c36341f9669fa448d55bbad6c993ac3362e852711
1d2edf6bcea702bd9c3df09ecdc7fc9c7559ff143c4e7c051ed386db71fa463b
1eae87c50589775a5471dcc9fee06fb6d545e5c758f5fbb6ab1d97fcd846c76e
1f7d6357a349f9b2e41547131f5dd5d1098529d07473a2b59220201c1602c8aa
24ea2cc85ad332f5aee31825ffae0928417a46ee60c2e70627bcd9457912f698
2547640cd989b80083eb3ade2a4993c1776a1229cfffd41adeb0fef3e86eaf2b
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2731279a7d1a73e9f9337cb97c35568e9a86ccb378050fbaa06824b991642bd6
2b4c3f4c48f128e247706a610fd46ac8164ca7bed2a6d6e3b0564b253348ed5f
2e27ed0586477a2724e3f1c61203f05504cbd696b7b76c6a2e28e8ccff860ab5
2e41da27e9d30c228f36a70b8586fcd0e2703992b033817fe25156eb2dcb1425
2eec22fcd09b2b38293ffa6f773ffbe507618a06c2f422c077ae565b15f9e6a5
32287886b3a7ef7c746b99c63f4ab7de572079f36181e014784b5d76c6db9847
3398ac1d4e6993bff6f885284cb8dcc1ce4c83fd0cdb50d48c6aa15c6d0949c6
33cb692469df42cfecaf7569e66269c79f04411746fa5a2ea33fe0ae8f001bfa
37a013e390c9cefbded3a14025a985b268d2445f9bfbac9dc06ff54c084d8661
3ff90e45faf4f1517337648274a38902d62cb6e0ee6dc5961a41383d348608fa
40073d8997c3dd31bc10edfd8601660cad988a7601170e17b19f4331eaf5c6e9
415eb502436bc46c52fb7c201fb0d0c9631b6e1cc61557074a53bc865565ea28
42ec2b6b24321ff62530ffbd0ea49a49bcb3fc1ea8dbdeec8da73fcd222ed1e5
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4471d3760ad27b466ca99f4e9ac126ee8d9eb24d7d9989561b12e40ca118dcf0
448e99a570408c6cf2eda6133ec9ea7b86b8494120fc2ab35f7fbab75fefa5e8
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bcb0f820377a5dc80f3f43d991c950d5442ad601328305c0b52785c984bce48
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4e44d42d92186898bf5ef70ec41e22b3f1c9ee6d3235c8d0101dd2630ea75eb8
50b62a48ee47ece097e7f07a8c1c44f08a27fd808d2df523b4a2e05a4749d954
5251c6ea010dfdff4e5e2caeb33e68f81338bbf76436ff79074b10fb10edcfe6
537d4fed9f1381b8d19b83550252fa2cac347ab0f2a638d45deb81ac9e88ab31
539877722caad874241ab2ec930b7b4aaa5327a34984b64ad813f8a2998bb862
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5670f561e329e2da068fa4ca6100f1fd8d7064b46fe24791f97a366b48c3537b
56ed1ccd023395fd2603c2f8829779a907bda62b69ff68ad15c585c1900f10aa
58f60bb9964c615bbb12602b6563c6d459dbd15ea6787c455293375842774784
5a4cb3e40e997262cdaca83b631a64058872bbc368dd5f0af88cbd10cad927b5
61fe729593f83befae01a317be0201eda3bad26eec85298e2ff12cc4a1a9e1d2
627e571d76a1633f6ac725b3d619d3ca2add0737c75fe167db775a237e40b1f2
668aeb0f18d6cfd195670546ba5cc3d33de3fc6abfa5fc11364901fe2a6ad468
6ba84c5184c13f11bdafdd5e4a6b7f1799dee6458e527b2bf41a33df40a34c70
6dcf743efbf47f310fd9243d9aa78f4c3f6ee8ea260ad2f3d17a4fdda2479ab7
6ec5f85cfcd3367b000155cc6cd3009c75b087b65512ffb70f5562f9cf122451
71966c141628e8fb90d63a4359f4277705604060cb605b82d6eab9ab8561345c
731ee3bbaa9f2fd92879f9087c9fbbf7438d3a52595c6c8a8020bb2a69b7afd6
7342a08b82a2fbc6abfc2845dbe59c85c979350bda0904d9d68e6217f2b8c1a6
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
77afc215f4e8ab8f24d8f33319564fd49e6e5ed996c647e69a2d8962c4d677ae
790368acf998c4e913735f6ad69be0d2f644439f80a49cbe5bb316a1081d47ef
791fd110609c55ba57308b2b152520619e48cda3ef61de34ba7b4ed7b4d87b98
79f49b23898091340108b17215fba34524545affcf88e0a07820b18466bebc6e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c8b033cc69116a4670f6828ace15adda22d4d3ed1bb17e31daea73abbdfbede
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
7e86ebaabaa7bfc75d8972d7446fd9cd23b28f5891fbfa0839ae6d1701af0e08
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
7f6ca2ce4df95696aa0bfcbc4b77a7e5b69f248fa3d4ff6789d479800a863ec4
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
83a921154ba4d9cbb1666930210a10ea9757a344dd7774385ffa5af2ff2aabd4
84c80fdde78a0015bc6f67da67054688cc36b39ac219c58e16b3feac6b1d1375
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8563a7e5543cf346f564f0c21f1bfab0a96b9cfda172bb1df091b5e546d86e14
8620213452b7d6c72d828a0f23894a324345cfbfa46759a54b357274c519606e
86b18276c88083ba14a48f2816d98f13603e6155f0a6d2323ae60c30cd7af9ce
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ee63a750f57ce65ec067b31f90944bc96b3401d74ca1eb6a3e59cd593e9e7f7
959f258fa004f31508253dba2d6dfd28a8ca400c8cf281fe6aafdb5ef0f08bcb
95e2976580ffd853ecf923bd973fbc89955dbc61fd286428a0fa3d2640444c27
962f868106ea626a1e0a64e7269fc0a017a46e8fbf995a9580caed4e29f58520
964e5261c97c0738b33b25b67eae7298dcff320d92c852f6cfac0548df19bf6c
986f98a85b06434e6056e98cdc951fd412644371a4cb2406ba4cf4b14819f37a
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9c6ff2453e82bbbe81b215b46fa26be3e4b0265fa18f28f44908504f4abe4123
9cd60e08308ac0d8d91d3cc2b6c4162607c6217b9e350e01854fbdbb70164747
9f9c44faecc50e0a4481d95801cf059a5b05d0ea70a096b204b9550ec9ce347a
9faebf61199974ed2b71794fed6e38e037b079aa84be128ef8224eaa11a2bf1d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0fd47cbb9eb97c56ea50c860db6359d34448da5bbeb28fedad3e81d03cd39a5
a176b44662d7eb55562527b7df840e6eb620d9f326989674a16f0765dc94f360
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a4071d8dd8df954a09136ddea2d3ee4fb20514e64f34afd206c9da33b5bb7250
a44b5727bd453959ba8f2ae37fd2359272b730ada09e80fb2a5bbffd086ef075
a52353c2f4c441c1f50d634fcf160da6abaa62f36ad3a90e6e457b367479a0dc
a573a5c7e757fc9ff9bb66611d63178290d28423fa744badb37f71459e8910bb
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1adacbdcd9a1302ebf82abb4695066528a693b75d7f75a110f1834b18c94cec
b85eb5599c7088890a87ff4b4aa2bf1d9d476f0ed69cb74ce907d7cb4544cde2
bed9883e3afc4f01beb8391653527dc2d5c8cfb3b1869dceebb7334142158fbf
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c3c681a83aa4ab7a79e1b747baad02372b9182c4c28c8227f74a713ab1e48921
c942d9ddbaf0a866c828a904b734915c84ec8b1137b04a698325500b40a2f238
c9c1d54cd634cba994b1fc6060948e0b843354b01aefd178a51dc9c91ce1a8c1
cbb7efa55c925ce495c64155705a2cfd6a7d073ac5bfd5a1f90f7a013e00e7d0
d1c4aa4fc27ca65d42b693b60f19546c4a50c002394c364dbbef45710858df7a
d562166d55f4a91e0051cbaf6f164730b7f3b11f01d1560607c7740eabc067a0
d7d2bed3257f7de22dbe0a2e0871329e06313b930a860a1a559508d7733cb4a4
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
de451150b977bde62d4f17739f9969b72fa6ef56bdb6ec135798b772bf2e6a86
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e24abe72296c21b54ee5617d062f168d11c193edf55f2aa45b98d35a19dc7153
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e27006ed29a6f6eb25ecda4d4b02edd01cb89079333f47a7c527761a5bf664
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e9228e9660ad4173083cb4d622c22d33c09a1e5a99967a8c5dae1ffcc9259782
ebb8b0b73ecae21b1840d76dbf4f67f96ac8e821d437166e74400227766ae75d
ed953262370c9dd1f14474cc6d4c24d6f7ef4a2327f419acb656a02ee26b1ea6
ee97f07e8554de3237390dbaf3262421cb1f4c2f8b1e5992b73afcab1e29f279
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f07a8bec2143aba541175e64caca4da75c723e53f09fa39854d47631bb9453b5
f2f94807597fa1cb903f7e33ba6fe0f09522edc921465a1cc952ed4176403a80
f36ac7ef5717e0cd82cdc61235d73129dd8aa27246e0858f1dd526b23430f821
f45c73c0747a0f7b5e5eec6fbc6250a562a0a009b04012eaf80aa52d4e51a55a
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f69ebbd9d36211cef558cb24f539fb4c6ad866dc603cdc8f588ee3f63dbe3b5d
f736e25921404b6af52d9d645965a6f88db506d6dda0d96125f79a1f46aba2bc
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f92cdb5df80b31919a700c7cdfaab1b4849a138990b9c1140f6160d298ed9ea1
fe56b80ead65e2a7d73f02da98bfd21557555823ac2da75aae27e3966a8429df

www.workingadvantage.com Open in urlscan Pro 104.18.20.78 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

162 Requests

93 %HTTPS

25 %IPv6

46 Domains

72 Subdomains

63 IPs

8 Countries

2377 kBTransfer

6704 kBSize

68 Cookies

16 Outgoing links

Page URL History

Redirected requests

162 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.workingadvantage.com Open in urlscan Pro
104.18.20.78 Public Scan

Screenshot
Live screenshot

Full Image

162
Requests

93 %
HTTPS

25 %
IPv6

46
Domains

72
Subdomains

63
IPs

8
Countries

2377 kB
Transfer

6704 kB
Size

68
Cookies

162 HTTP transactions
1 data transactions