urlscan.io logo urlscan.io
SecurityTrails logo

ui.nor1upgrades.com Open in urlscan Pro
23.36.163.231  Public Scan

Go To Rescan Add Verdict Report
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Submission: On January 16 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 7 domains to perform 20 HTTP transactions. The main IP is 23.36.163.231, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is ui.nor1upgrades.com. The Cisco Umbrella rank of the primary domain is 387045.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on October 17th 2022. Valid for: a year.
This is the only time ui.nor1upgrades.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 23.36.163.231 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:206... 16509 (AMAZON-02)
1 18.66.97.49 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
11 2600:9000:205... 16509 (AMAZON-02)
1 13.32.27.21 16509 (AMAZON-02)
1 143.204.215.65 16509 (AMAZON-02)
1 18.66.112.15 16509 (AMAZON-02)
20 11
1    23.36.163.231 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-231.deploy.static.akamaitechnologies.com
ui.nor1upgrades.com
1    2a00:1450:400d:803::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
1    2600:9000:206f:5e00:8:5754:ca40:21 (United States)

ASN16509 (AMAZON-02, US)
d2jwpcf7edgug9.cloudfront.net
1    18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net
static.hotjar.com
1    2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
11    2600:9000:2057:8000:f:12d6:1580:21 (United States)

ASN16509 (AMAZON-02, US)
d18oouk2cqxys6.cloudfront.net
1    13.32.27.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net
script.hotjar.com
1    143.204.215.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-65.fra53.r.cloudfront.net
vars.hotjar.com
1    18.66.112.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-15.fra56.r.cloudfront.net
vc.hotjar.io
Apex Domain
Subdomains		 Transfer
12 cloudfront.net
d2jwpcf7edgug9.cloudfront.net
d18oouk2cqxys6.cloudfront.net
1 MB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 606
script.hotjar.com — Cisco Umbrella Rank: 725
vars.hotjar.com — Cisco Umbrella Rank: 866
73 KB
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2093
258 B
1 gstatic.com
fonts.gstatic.com
24 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2342
22 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
858 B
1 nor1upgrades.com
ui.nor1upgrades.com — Cisco Umbrella Rank: 387045
87 KB
20 7
Domain Requested by
11 d18oouk2cqxys6.cloudfront.net ui.nor1upgrades.com
1 vc.hotjar.io script.hotjar.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 fonts.gstatic.com fonts.googleapis.com
1 static.hotjar.com ui.nor1upgrades.com
1 d2jwpcf7edgug9.cloudfront.net ui.nor1upgrades.com
1 stackpath.bootstrapcdn.com ui.nor1upgrades.com
1 fonts.googleapis.com ui.nor1upgrades.com
1 ui.nor1upgrades.com
20 10

This site contains links to these domains. Also see Links.

Domain
www.nor1.com
www.nor1upgrades.com
Subject Issuer Validity Valid
nor1upgrades.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-17 -
2023-10-19		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
*.hotjar.com
Amazon		 2022-10-25 -
2023-11-23		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
*.hotjar.io
Amazon		 2022-07-18 -
2023-08-16		 a year crt.sh

This page contains 2 frames:

Primary Page: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Frame ID: D0BBDD2D438DC0DE26A368062CF0F4CA
Requests: 20 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
Frame ID: A9C7B83927DED9713BC5AFFB6396597B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Great Wolf Lodge - Charlotte-Concord

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

20
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

10
Subdomains

11
IPs

3
Countries

1411 kB
Transfer

1747 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ui.nor1upgrades.com/ 		86 KB
87 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.36.163.231 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-36-163-231.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2969f4f9b7875fb4ed08dc26882cfcf93a01f644277301757d762220801cc451
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.orbitz.com *.duncllc.com:* *.dev.orbitz.net:7443 *.dev.orbitz.net *.dev.orbitz.net:* dev.orbitz.net *.orbztest.com *.ctixtest.com *.cheaptickets.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive Transfer-Encoding
Content-Security-Policy
frame-ancestors *.orbitz.com *.duncllc.com:* *.dev.orbitz.net:7443 *.dev.orbitz.net *.dev.orbitz.net:* dev.orbitz.net *.orbztest.com *.ctixtest.com *.cheaptickets.com
Content-Type
text/html; charset=utf-8
Date
Mon, 16 Jan 2023 16:00:41 GMT
Referrer-Policy
no-referrer-when-downgrade
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		664 B
858 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 16 Jan 2023 16:00:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 16 Jan 2023 14:35:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 16 Jan 2023 16:00:41 GMT
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 		138 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Origin
https://ui.nor1upgrades.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 16:00:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
617, 617
age
1075356
cdn-cachedat
2021-04-13 03:58:25
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
d5659133a6c81b705f0e55f57f4ae281
timing-allow-origin
*
cdn-requestcountrycode
US
cf-ray
78a810c18fa22c2e-FRA
cdn-requestpullsuccess
True
bundle.js
d2jwpcf7edgug9.cloudfront.net/n1cs-master-f6b697a3/react-ui/dist/js/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2jwpcf7edgug9.cloudfront.net/n1cs-master-f6b697a3/react-ui/dist/js/bundle.js
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:5e00:8:5754:ca40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9d06d0ea35a4bbc21320b9a6adf682132092bd4ac1af2605e8b466df9ced5d80

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 00:09:22 GMT
via
1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
last-modified
Tue, 09 Aug 2022 16:55:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
age
59871
etag
"7201972f9a1de790ae9231627e9be916"
x-cache
Hit from cloudfront
content-type
application/octet-stream
accept-ranges
bytes
content-length
1102424
x-amz-cf-id
O8hx2g85MxndhArOoiAGAxtfJRaprsLedFeCNKGqdBWMJK9MZ7eOJw==
hotjar-341114.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-341114.js?sv=5
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-49.fra56.r.cloudfront.net
Software
/
Resource Hash
cf0f152514bea1cd39540bd771a7fbb50e0e1f8b6dd125486e112095a0419fec
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Mon, 16 Jan 2023 16:00:41 GMT
via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/1d8460068d42e6a0edb648184a3df88d
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
UH_EUIZ0LqeMaiJ0-uydIEfGmsfIRe_EF9bBxjYsEHo7Ex1DhRkrYA==
truncated
/ 		25 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3fb32c341d6235fae0e7ab5c79ed370259cdbdcd7c235c39161b1dd64d8cc83f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ui.nor1upgrades.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 15:21:12 GMT
x-content-type-options
nosniff
age
520769
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:48:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Jan 2024 15:21:12 GMT
header.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/header.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
603c7d32d7462b41d6613086dbcc74d15c0c506a9d7fd9b17eab9920dcc6bddb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 16:00:41 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Thu, 19 May 2022 19:52:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
849
etag
"d6e6880fe372f490d660d2789ca0655d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
5181
x-amz-cf-id
g_1f_Fc3esNOHtMJGuOQkrtcaHVMmbk4Nb0UOtQXrU6hQJW3BkalKA==
00029894.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00029894.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a7eb546d9ea5607ae2956e483224b868eaec6f84cf9a627a4f467354c7d3d22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:33 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Mon, 24 May 2021 17:29:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
849
etag
"e25e307b56215fc067645319ab399e50"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
10350
x-amz-cf-id
mdj-w1GSUDKcSDxNG_y1YzBKBQjdfVpRAcfFSdIRxnvJn_kWzI9FJA==
00029947.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00029947.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dd7091350c911652224e0cdb02720e42acf5c6ca3124a3493fcad2f1542188e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:33 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Mon, 24 May 2021 17:29:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
849
etag
"5a9a5dff604ac460788a4f3079fcec3c"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
12222
x-amz-cf-id
8pYY51i3cEIesj79R3v6HhbUTdwHMUSWmExH9GiDxhmNCdxzajbKfw==
00141134.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00141134.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3359b42d2a0f5b78765f42c30c49bed1ea0861fb20e57af9624d43a1087a1773

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:33 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Wed, 04 Aug 2021 22:54:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
849
etag
"a2a82ee73977dd4426b408741e143532"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
12192
x-amz-cf-id
vl6KyF0wxWJpA9YfDFy6RxQSGUu7R2tAu44akaMQjmEDIt_CUTFoyA==
00141135.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00141135.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3359b42d2a0f5b78765f42c30c49bed1ea0861fb20e57af9624d43a1087a1773

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:33 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Wed, 04 Aug 2021 22:51:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
849
etag
"a2a82ee73977dd4426b408741e143532"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
12192
x-amz-cf-id
aRzClc6EFaWDuvDnpUBWIUkz-ogpqKU9wvQIJLu0CEg2n2jV_8jduQ==
00141136.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00141136.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3359b42d2a0f5b78765f42c30c49bed1ea0861fb20e57af9624d43a1087a1773

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:33 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Wed, 04 Aug 2021 22:51:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
849
etag
"a2a82ee73977dd4426b408741e143532"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
12192
x-amz-cf-id
6rznGX8rx-vCH5kzWF6QtZymMOuC8_K_EM6-ep4vnswQTuRfrj6qEg==
00029899.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00029899.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
16cb09175e15dd3facd20b072038621da2387a69f697ae86df31926385283bb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:34 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Mon, 24 May 2021 17:29:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
848
etag
"c14e93ac0517ccdb05667f2cac7f3a3b"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
11397
x-amz-cf-id
nC4VnGe1UwxHPLSA6SN32J6f3A7ZKnDt1jyy_W02DGaCN-vv2KLk-A==
00029902.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00029902.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
18d68c57015005ac7cb9018453b6377145d14bd4c3bf459354929f3d3c01183f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:34 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Mon, 24 May 2021 17:29:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
848
etag
"4254628ee924129aaa14c3f0e9805b40"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
8780
x-amz-cf-id
s9UWXtNpMozJ5iZFS9rYFtxpTdvBJAfwPbGBC4dNcr8IuehxBVbxWQ==
00029903.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00029903.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
139f3152a46b6542681c2bfdbf133abb155b4e0ec0a556a08b017129b8e2593e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:34 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Mon, 24 May 2021 17:29:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
848
etag
"6415907619867d38c9403a3c46dfa05c"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
9865
x-amz-cf-id
DtZ4Aj3msBKHEF6YF_oNT36xyz7FabOpegbenbsWdhxmNIIJT1yugw==
00130788.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00130788.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2770bc557fd5f05038c432b0f5fc7a6e147aecbf073c0f49916ca9510cd74e95

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:34 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Wed, 18 Aug 2021 20:01:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
848
etag
"2942d1a1b2d0a0ca39b5f571b0ad3448"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
16157
x-amz-cf-id
hqLuNr7Pan25GFOqSe6Lotk9RJEryZG9bXa4HlBF1E6pTxJeFgc9mA==
00052509.jpg
d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d18oouk2cqxys6.cloudfront.net/room-images/h-090/002711/small/00052509.jpg
Requested by
Host: ui.nor1upgrades.com
URL: https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8000:f:12d6:1580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
202a992f644621b5a2eb00c30ba0aabc880be9ffa44e667c06b04e3fec273e75

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 15:46:34 GMT
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 01:22:52 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
848
etag
"3ac919ba84d5c8c9a96a1595ab4f1a70"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
14943
x-amz-cf-id
GTKixBmWJHu4Ya3uyA6G_OkCmVlxBTpjVdftjkZSlv4Wkh5c8MM3PA==
modules.2258f2bad9aa53d2a0c2.js
script.hotjar.com/ 		265 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.2258f2bad9aa53d2a0c2.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-341114.js?sv=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-21.fra56.r.cloudfront.net
Software
/
Resource Hash
dfc60c72ba9b1bca87a2fc94ac291e6e73b2123dcb19f28841a6e723d59fd39f
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 11:14:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 27f780feafa4114cfc67d86fca85d124.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
17195
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
69014
last-modified
Mon, 16 Jan 2023 11:14:05 GMT
etag
"8b2164bedd368c1837c7e4740cf4a11d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
XuPFz2_byLQOxAm4SLENPuJDVPIZjeq6Q_1MPSEMxFb6U1gLC3VhyA==
box-5e66f98b4ee957db209dc6f63e3d59dd.html
vars.hotjar.com/ Frame A9C7 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-341114.js?sv=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-65.fra53.r.cloudfront.net
Software
/
Resource Hash
cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3842319
cache-control
max-age=31536000
content-encoding
br
content-length
1035
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 03 Dec 2022 04:42:02 GMT
etag
"e0652b84b7b3b650769c759fc520c3f8"
last-modified
Thu, 01 Dec 2022 13:36:28 GMT
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
via
1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
x-amz-cf-id
MPbcac7S-dX-aTWFcYq8aLbnwexSEtpBrNVm4PEDyT-EVlfdlSgqAw==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
x-robots-tag
none
341114
vc.hotjar.io/sessions/ 		0
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/341114?s=0.25&r=0.14089372590797278
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.2258f2bad9aa53d2a0c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-15.fra56.r.cloudfront.net
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ui.nor1upgrades.com/?lmisignature=84a75a643aff6574bd9a1685195a2412e5a8362967c5d5db16c1329f535dc2a11999275054
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 16:00:41 GMT
via
1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
server
Python/3.7 aiohttp/3.5.4
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
UjaW48oMvqGlkr4lC6nLmP0H8JyeXUVPmIoEaAKmXyCaq8BXc4lt7A==

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontentvisibilityautostatechange string| gaAccountId string| cookieDomain number| currentScrollOffset object| data object| page_data function| hj object| _hjSettings object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill number| __mobxInstanceCount object| __mobxGlobals object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules

5 Cookies

Domain/Path Name / Value
.nor1upgrades.com/ Name: _hjSessionUser_341114
Value: eyJpZCI6IjJjNTcxOWQ0LTY1NzItNWE4Yy04ZDdiLWFiMmE0MDBmNTk5MyIsImNyZWF0ZWQiOjE2NzM4ODQ4NDE1NjUsImV4aXN0aW5nIjpmYWxzZX0=
.nor1upgrades.com/ Name: _hjFirstSeen
Value: 1
ui.nor1upgrades.com/ Name: _hjIncludedInSessionSample
Value: 0
.nor1upgrades.com/ Name: _hjSession_341114
Value: eyJpZCI6IjdhMTAzMTZkLTE2NTMtNGMyNS1iNWEyLWI4ODc4NjkwZTk3NyIsImNyZWF0ZWQiOjE2NzM4ODQ4NDE2MzQsImluU2FtcGxlIjpmYWxzZX0=
.nor1upgrades.com/ Name: _hjAbsoluteSessionInProgress
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors *.orbitz.com *.duncllc.com:* *.dev.orbitz.net:7443 *.dev.orbitz.net *.dev.orbitz.net:* dev.orbitz.net *.orbztest.com *.ctixtest.com *.cheaptickets.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d18oouk2cqxys6.cloudfront.net
d2jwpcf7edgug9.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
script.hotjar.com
stackpath.bootstrapcdn.com
static.hotjar.com
ui.nor1upgrades.com
vars.hotjar.com
vc.hotjar.io
13.32.27.21
143.204.215.65
18.66.112.15
18.66.97.49
23.36.163.231
2600:9000:2057:8000:f:12d6:1580:21
2600:9000:206f:5e00:8:5754:ca40:21
2606:4700::6812:acf
2a00:1450:400d:803::200a
2a00:1450:400d:80a::2003
139f3152a46b6542681c2bfdbf133abb155b4e0ec0a556a08b017129b8e2593e
16cb09175e15dd3facd20b072038621da2387a69f697ae86df31926385283bb8
18d68c57015005ac7cb9018453b6377145d14bd4c3bf459354929f3d3c01183f
202a992f644621b5a2eb00c30ba0aabc880be9ffa44e667c06b04e3fec273e75
2770bc557fd5f05038c432b0f5fc7a6e147aecbf073c0f49916ca9510cd74e95
2969f4f9b7875fb4ed08dc26882cfcf93a01f644277301757d762220801cc451
2a7eb546d9ea5607ae2956e483224b868eaec6f84cf9a627a4f467354c7d3d22
3359b42d2a0f5b78765f42c30c49bed1ea0861fb20e57af9624d43a1087a1773
3fb32c341d6235fae0e7ab5c79ed370259cdbdcd7c235c39161b1dd64d8cc83f
5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86
603c7d32d7462b41d6613086dbcc74d15c0c506a9d7fd9b17eab9920dcc6bddb
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9d06d0ea35a4bbc21320b9a6adf682132092bd4ac1af2605e8b466df9ced5d80
cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc
cf0f152514bea1cd39540bd771a7fbb50e0e1f8b6dd125486e112095a0419fec
dd7091350c911652224e0cdb02720e42acf5c6ca3124a3493fcad2f1542188e7
dfc60c72ba9b1bca87a2fc94ac291e6e73b2123dcb19f28841a6e723d59fd39f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855