quote.ramtracking.com Open in urlscan Pro
35.198.149.115  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response quote.ramtracking.com/	450 KB 115 KB	95ms 77ms	Document text/html	35.198.149.115 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://quote.ramtracking.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 35.198.149.115 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 115.149.198.35.bc.googleusercontent.com Software nginx/1.15.10 / Express Resource Hash f178bc5d0ebf99d5b292b051fc3fa1cc6d3ac2d28f1499539596a0c022342c1c Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html date Tue, 14 Jun 2022 08:35:31 GMT server nginx/1.15.10 strict-transport-security max-age=15724800; includeSubDomains vary Accept-Encoding x-powered-by Express
GET H2	200	icon fonts.heyflow.cloud/	571 B 928 B	239ms 184ms	Stylesheet text/css	2606:4700:20::681a:1f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.heyflow.cloud/icon?family=Material+Icons Requested by Host: quote.ramtracking.com URL: https://quote.ramtracking.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 667102af4d5aed972e55a42353b464f8eb0317ae4a8393e163ef5721f0e68f04 Request headers accept-language de-DE,de;q=0.9 Referer https://quote.ramtracking.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 08:35:32 GMT content-encoding br cf-cache-status MISS last-modified Tue, 14 Jun 2022 08:35:32 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2zXAIHgK%2B9Y%2FLJyvYt3a8V%2BuMcG2PpF7qxAEHwaCTBNjyRw25es0FZ%2BdWj26opDX1595NG4CNOiXutOtgY1gghKyOGQWmQW6sH6nbvZypuDdP5I7y7O02SjnkBDovkFMy4X84ilPMa3YkHPaut%2Fw4g%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * x-cloud-trace-context ee1d9676bc8b9a15275d9eaf31ddca05;o=1 cache-control private, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 71b1bbad2aa08397-MXP
GET H2	200	css fonts.heyflow.cloud/	17 KB 1 KB	295ms 241ms	Stylesheet text/css	2606:4700:20::681a:1f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800&display=swap Requested by Host: quote.ramtracking.com URL: https://quote.ramtracking.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash d5f93568908dd89b288a4cb76fdf593ba2f28ba93ed3f9a324aa6722db6c9089 Request headers accept-language de-DE,de;q=0.9 Referer https://quote.ramtracking.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 08:35:32 GMT content-encoding br cf-cache-status MISS last-modified Tue, 14 Jun 2022 08:35:32 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2B58ElCHmwTmS5HfzzlmeawncLmRRVcko6U6raUEe0HPKHjH%2FNUwctxgGmYYaxOpd0NI5sL%2FLmKMaQH3E3bcu1DAPf2EpDQbjLNKa62858LSw9OsD73vaqBpdpxnP7YGDZ32Q2HCq%2FgVNDtPyDGQ5Wo%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * x-cloud-trace-context 430476c6177774d8f9c6acb62f2d0415 cache-control private, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 71b1bbad2aac8397-MXP
GET H2	200	3b8958cb-6b39-4fc6-8643-b29e2a614e92 storage.googleapis.com/builder.zenflow.de/uk-ppc-instant-quote/www/assets/	57 KB 55 KB	64ms 28ms	Image image/png	2a00:1450:4001:82f::2010 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/builder.zenflow.de/uk-ppc-instant-quote/www/assets/3b8958cb-6b39-4fc6-8643-b29e2a614e92 Requested by Host: quote.ramtracking.com URL: https://quote.ramtracking.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash 9e1435d3a0fd5609b63485b341259c9edaf401371456156b416d5fcfb476fa93 Request headers accept-language de-DE,de;q=0.9 Referer https://quote.ramtracking.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 08:35:32 GMT content-encoding gzip age 0 x-guploader-uploadid ADPycdsQKEp2yqjkARCz2I-bSak2dCa-9Dc43ocIw5aY_nghH70FQweI7LpZzhTk6YQJhvG8AY7KLYIUOzmkxbKoscbJOA x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 3 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 55197 last-modified Sun, 05 Jun 2022 20:08:18 GMT server UploadServer etag "6bffbbaae0ba9e2bb5c4fa0ba1ec020d" vary Accept-Encoding x-goog-hash crc32c=SyHFCw==, md5=a/+7quC6niu1xPoLoewCDQ== x-goog-generation 1654459698599895 access-control-allow-origin * access-control-expose-headers Content-Type cache-control public, max-age=3600 x-goog-stored-content-length 55197 accept-ranges bytes content-type false expires Tue, 14 Jun 2022 09:35:32 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	205 KB 70 KB	47ms 24ms	Script application/javascript	2a00:1450:4001:802::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-TLC9LV6 Requested by Host: quote.ramtracking.com URL: https://quote.ramtracking.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2faaf963754f514cb2c3fdab3f1b81d9aaad3057df9a476bd04c766424ca5594 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://quote.ramtracking.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 08:35:32 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 71493 x-xss-protection 0 last-modified Tue, 14 Jun 2022 06:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 14 Jun 2022 08:35:32 GMT
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.heyflow.cloud/s/opensans/v29/	44 KB 44 KB	138ms 97ms	Font font/woff2	2606:4700:20::681a:1f0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fonts.heyflow.cloud/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.heyflow.cloud URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0 Request headers Referer https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800&display=swap Origin https://quote.ramtracking.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 08:35:32 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 152232 x-powered-by Express content-length 44800 last-modified Sun, 12 Jun 2022 14:18:20 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RhK9HFKYiVCtyxdjPYiu4LcvpZMwiRhFtnYEL2HjFJNgdU5Q8OruBropeBoKlBEuOvuWcGgyBeqe4%2BUSDV2K%2BnenhkX8F4p7%2BERC14pOyseYSKjM9WdXahYs6VtKV24fdQrBtuPdnKrZmVm1qWuLQPI%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 access-control-allow-origin * x-cloud-trace-context a68dc44dcf034f9c89386e869f8e5af1 cache-control public, max-age=604800 accept-ranges bytes cf-ray 71b1bbaf3fc05a13-MXP
OPTIONS H2	204	onEvent europe-west1-niro-tracking.cloudfunctions.net/	0 0	80ms 37ms	Preflight text/html	2001:4860:4802:36::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://europe-west1-niro-tracking.cloudfunctions.net/onEvent Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://quote.ramtracking.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin https://quote.ramtracking.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 content-type text/html date Tue, 14 Jun 2022 08:35:32 GMT function-execution-id zl2lkfs579u5 server Google Frontend vary Origin, Access-Control-Request-Headers x-cloud-trace-context ae860cc87a65886c6bcaa026e3b310ee x-powered-by Express
POST H2	200	onEvent Show response europe-west1-niro-tracking.cloudfunctions.net/	2 B 190 B	75ms 74ms	XHR text/plain	2001:4860:4802:36::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://europe-west1-niro-tracking.cloudfunctions.net/onEvent Requested by Host: quote.ramtracking.com URL: https://quote.ramtracking.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Accept application/json, text/plain, */* Referer https://quote.ramtracking.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Tue, 14 Jun 2022 08:35:32 GMT content-encoding gzip server Google Frontend x-powered-by Express etag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" vary Origin content-type text/plain; charset=utf-8 access-control-allow-origin https://quote.ramtracking.com x-cloud-trace-context 5694f1ff17f422296e4f3d8335088cd2 cache-control private function-execution-id zl2lw1o1itfd alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 22
POST H2	200	onEvent Show response europe-west1-niro-tracking.cloudfunctions.net/	2 B 123 B	155ms 155ms	XHR text/plain	2001:4860:4802:36::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://europe-west1-niro-tracking.cloudfunctions.net/onEvent Requested by Host: quote.ramtracking.com URL: https://quote.ramtracking.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Accept application/json, text/plain, */* Referer https://quote.ramtracking.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Content-Type application/json;charset=UTF-8 Response headers date Tue, 14 Jun 2022 08:35:32 GMT content-encoding gzip server Google Frontend x-powered-by Express etag W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" vary Origin content-type text/plain; charset=utf-8 access-control-allow-origin https://quote.ramtracking.com x-cloud-trace-context e7a31439b680e70f4ff86fe2dd1a22ba cache-control private function-execution-id w6pn0cndp0lc alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 22
OPTIONS H2	204	onEvent europe-west1-niro-tracking.cloudfunctions.net/	0 0	81ms 42ms	Preflight text/html	2001:4860:4802:36::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://europe-west1-niro-tracking.cloudfunctions.net/onEvent Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Express Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://quote.ramtracking.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin https://quote.ramtracking.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 content-type text/html date Tue, 14 Jun 2022 08:35:32 GMT function-execution-id h6xqcb8586uo server Google Frontend vary Origin, Access-Control-Request-Headers x-cloud-trace-context 2752a53ce5e4ab21eca485be104b6e40 x-powered-by Express

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation string| GA_TRACKING_ID object| dataLayer string| API_ENDPOINT string| RESPONSE_API string| FIRESTORE_URL string| ENV boolean| HAS_BADGE boolean| PASS_QS string| PASS_QS_RX boolean| PUSH_DL boolean| ENFORCE_SINGLE_SUBMIT string| ID string| TITLE object| styles function| Cleave function| Awesomplete object| regeneratorRuntime function| onLessReady object| flowHistory object| heyflow object| niroflow object| Client number| initTs string| sessionId object| currentScreen object| google_tag_manager

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

europe-west1-niro-tracking.cloudfunctions.net
fonts.heyflow.cloud
quote.ramtracking.com
storage.googleapis.com
www.googletagmanager.com
2001:4860:4802:36::36
2606:4700:20::681a:1f0
2a00:1450:4001:802::2008
2a00:1450:4001:82f::2010
35.198.149.115
2faaf963754f514cb2c3fdab3f1b81d9aaad3057df9a476bd04c766424ca5594
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
667102af4d5aed972e55a42353b464f8eb0317ae4a8393e163ef5721f0e68f04
9e1435d3a0fd5609b63485b341259c9edaf401371456156b416d5fcfb476fa93
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
d5f93568908dd89b288a4cb76fdf593ba2f28ba93ed3f9a324aa6722db6c9089
f178bc5d0ebf99d5b292b051fc3fa1cc6d3ac2d28f1499539596a0c022342c1c