rftrstrts.com Open in urlscan Pro
207.120.36.204  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Page URL
2. https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ rftrstrts.com/dofadd/	31 KB 13 KB	332ms 265ms	Document text/html	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Full URL https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Wed, 23 Mar 2022 10:17:31 GMT content-type text/html; charset=UTF-8 cache-control no-cache, no-store, must-revalidate pragma no-cache expires 0 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-encoding gzip vary Accept-Encoding x-varnish 20867894 age 0 via 1.1 varnish (Varnish/6.3) section-io-cache Miss accept-ranges bytes section-io-id 66fba14d1dbac3d1903e2278d3ad6bbe
GET H2	200	Primary Request / Show response rftrstrts.com/dofadd/	42 KB 17 KB	436ms 436ms	Document text/html	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Full URL https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash ef26ee0a8e4d4cedaa5707155bd3f9ec67a93d4a965997dc39334ce090ab97ee Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Response headers date Wed, 23 Mar 2022 10:17:31 GMT content-type text/html; charset=UTF-8 cache-control no-cache, no-store, must-revalidate pragma no-cache expires 0 p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-encoding gzip vary Accept-Encoding x-varnish 20867897 age 0 via 1.1 varnish (Varnish/6.3) section-io-cache Miss accept-ranges bytes section-io-id ffae0c4c207d286af1b8a9d6e3704efb
GET H2	200	/ Show response geoip.esignonsecure.com/	400 B 441 B	469ms 226ms	Script application/javascript	207.120.36.205 LEVEL3
General Check archive.org Show headers Download Go to Full URL https://geoip.esignonsecure.com/?v=1 Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.205 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash c3365ae2177ff723446d648b15737009884b95b37fbe91daf7b5b2244c6b975b Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers pragma no-cache date Wed, 23 Mar 2022 10:17:32 GMT via 1.1 varnish (Varnish/6.3) content-type application/javascript age 0 vary Accept-Encoding x-varnish 22611172 content-encoding gzip cache-control no-cache, no-store, must-revalidate section-io-id bc1ad8167a506758b0dacda16dd91518 section-io-cache Miss expires 0
GET H2	200	cleanstep.css rftrstrts.com/common_tpls/compact/css/	178 KB 34 KB	46ms 45ms	Stylesheet text/css	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Full URL https://rftrstrts.com/common_tpls/compact/css/cleanstep.css Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash a737a566540fe1ddce0e3dc53778bcb29de07b8672f473d839409e699f9828b1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT content-encoding gzip section-io-cache-id cb210508ec2fb9bd674b4ed5b1e637c1 last-modified Tue, 16 Jun 2020 16:45:05 GMT age 19831 etag W/"5ee8f711-2c8c4" vary Accept-Encoding content-type text/css via 1.1 varnish (Varnish/6.3) x-varnish 22030425 21191895 content-length 34480 accept-ranges bytes section-io-id f126ba9c4ac4d27b6b9868417c01b90f section-io-cache Hit
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.4.1/	86 KB 31 KB	37ms 12ms	Script text/javascript	2a00:1450:4001:801::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://rftrstrts.com/ Origin https://rftrstrts.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 14:36:07 GMT content-encoding gzip x-content-type-options nosniff age 416484 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30774 x-xss-protection 0 last-modified Mon, 13 May 2019 14:37:17 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sat, 18 Mar 2023 14:36:07 GMT
GET H2	200	bootstrap.min.js Show response ajax.aspnetcdn.com/ajax/bootstrap/3.3.2/	35 KB 9 KB	49ms 13ms	Script application/javascript	152.199.19.160 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.2/bootstrap.min.js Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.19.160 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8FEA) / Resource Hash c8eeec83fe8bf655eeeda291466d268770436dde4e3e40416a85d05d3893e892 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://rftrstrts.com/ Origin https://rftrstrts.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT content-encoding gzip x-content-type-options nosniff age 21548604 x-cache HIT content-length 9409 x-xss-protection 1; mode=block last-modified Mon, 31 Oct 2016 23:09:58 GMT server ECAcc (frc/8FEA) etag "02729e6cb33d21:0" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public,max-age=31536000 accept-ranges bytes timing-allow-origin *
GET H2	200	form_support.js Show response rftrstrts.com/common_tpls/js/	977 B 816 B	38ms 37ms	Script application/javascript	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Full URL https://rftrstrts.com/common_tpls/js/form_support.js?v=1516308712 Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash f2648f83e8bb78db15ffc5d01dcbc53fb6b8c585dcfabbb88bd0471b8399ca00 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT via 1.1 varnish (Varnish/6.3) section-io-cache-id ccd4a3585c1cf9060921782967c0d201 content-type application/javascript last-modified Tue, 19 Jan 2021 00:12:19 GMT age 12943 etag W/"600623e3-3d1" vary Accept-Encoding x-varnish 22249801 21988480 section-io-id 144131b32b9e8b7a43553f939166413a content-encoding gzip section-io-cache Hit
GET H2	200	validate_form_v2.js Show response rftrstrts.com/common_tpls/js/	22 KB 6 KB	41ms 41ms	Script application/javascript	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Full URL https://rftrstrts.com/common_tpls/js/validate_form_v2.js?jsv=22 Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash ebd62f36555102098bf52dcb8155e7eb1891775e4a30d700ffb22617ccee06be Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT via 1.1 varnish (Varnish/6.3) section-io-cache-id 29c9a8bf270602076f87fc4cfc93995d content-type application/javascript last-modified Wed, 09 Feb 2022 18:42:42 GMT age 12943 etag W/"62040b22-5970" vary Accept-Encoding x-varnish 21515718 21733128 section-io-id c0b324b484b00c82786d86ff31c7137b content-encoding gzip section-io-cache Hit
GET H2	200	ajax-loader.gif rftrstrts.com/common_tpls/images/	3 KB 3 KB	36ms 35ms	Image image/gif	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Show image Full URL https://rftrstrts.com/common_tpls/images/ajax-loader.gif Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT via 1.1 varnish (Varnish/6.3) section-io-cache-id 9a56f0895dbbb643e02a37744944adc9 content-type image/gif last-modified Tue, 16 Jun 2020 16:45:10 GMT age 13023 etag "5ee8f716-c88" x-varnish 22030426 20859662 accept-ranges bytes section-io-id cd0f50d5eeea1153f9b5797692324811 section-io-cache Hit content-length 3208
GET H2	200	j1-line-3@2x.png rftrstrts.com/common_tpls/compact/img/cleanstep/	156 B 423 B	34ms 34ms	Image image/png	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Show image Full URL https://rftrstrts.com/common_tpls/compact/img/cleanstep/j1-line-3@2x.png Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash 1302fb6dfb8906ee779abaf947b3100d4b102551b9f16abf5cc4d8f0fcdc473a Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT via 1.1 varnish (Varnish/6.3) section-io-cache-id 6dbc91c308d1d799da3022da8c2c00c0 content-type image/png last-modified Thu, 25 Apr 2019 00:49:07 GMT age 517 etag "5cc10403-9c" x-varnish 20867900 21841432 accept-ranges bytes section-io-id 29a21ca7f21c9d68e89c15dac4c0b7c6 section-io-cache Hit content-length 156
GET H2	200	j1-line-2@2x.png rftrstrts.com/common_tpls/compact/img/cleanstep/	177 B 447 B	35ms 34ms	Image image/png	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Show image Full URL https://rftrstrts.com/common_tpls/compact/img/cleanstep/j1-line-2@2x.png Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash 61d3d1af48dc7b4ab9b54fe266b6527adce310f6ec03ea4424d0673b079cbc9c Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT via 1.1 varnish (Varnish/6.3) section-io-cache-id cac80ac60364cce76b1961bbb0287cb6 content-type image/png last-modified Tue, 16 Jun 2020 16:45:06 GMT age 517 etag "5ee8f712-b1" x-varnish 21343751 22546092 accept-ranges bytes section-io-id 82fa82bbc50180bbda30e77b86c87dfb section-io-cache Hit content-length 177
GET H2	200	j1-profile@2x.png rftrstrts.com/common_tpls/compact/img/cleanstep/	4 KB 5 KB	212ms 212ms	Image image/png	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Show image Full URL https://rftrstrts.com/common_tpls/compact/img/cleanstep/j1-profile@2x.png Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash 16777add811e11a9033f75085192576c334df315c52f938ab8cc39d2ecef230d Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:32 GMT via 1.1 varnish (Varnish/6.3) content-type image/png last-modified Tue, 16 Jun 2020 16:45:06 GMT age 0 etag "5ee8f712-1185" x-varnish 20566889 accept-ranges bytes section-io-id f1b8c0ebcc227de85d0a86ce8360c636 section-io-cache Miss content-length 4485
GET H2	200	iframeResizer.contentWindow.min.js Show response rftrstrts.com/common_tpls/js/	13 KB 5 KB	36ms 35ms	Script application/javascript	207.120.36.204 LEVEL3
General Check archive.org Show headers Download Go to Full URL https://rftrstrts.com/common_tpls/js/iframeResizer.contentWindow.min.js Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 207.120.36.204 , United States, ASN3356 (LEVEL3, US), Reverse DNS Software / Resource Hash 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:31 GMT via 1.1 varnish (Varnish/6.3) section-io-cache-id 366c8fad7fc7dbd54960b1b4274b823f content-type application/javascript last-modified Thu, 04 Feb 2016 15:05:04 GMT age 13011 etag W/"56b368a0-3445" vary Accept-Encoding x-varnish 22249802 21860359 section-io-id bbb04b14645c10e2e3dd8084694a6ecd content-encoding gzip section-io-cache Hit
GET H2	200	js Show response www.googletagmanager.com/gtag/	93 KB 37 KB	74ms 27ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-208203304-1 Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 1d1319d2dbd1da47b0959c6cb1c02039d23e0724fbe50c66d3671085d69c2dca Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:32 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37004 x-xss-protection 0 last-modified Wed, 23 Mar 2022 09:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 23 Mar 2022 10:17:32 GMT
GET H2	200	css fonts.googleapis.com/	5 KB 1 KB	65ms 21ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400,800 Requested by Host: rftrstrts.com URL: https://rftrstrts.com/common_tpls/compact/css/cleanstep.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 9e87ec204277846f7a33c563f38ed331196c0d5265e161c0853e3c0d0de8d4a5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 23 Mar 2022 08:35:11 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 23 Mar 2022 10:17:32 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 23 Mar 2022 10:17:32 GMT
GET H2	200	css fonts.googleapis.com/	5 KB 645 B	66ms 22ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Raleway:400,700,900 Requested by Host: rftrstrts.com URL: https://rftrstrts.com/common_tpls/compact/css/cleanstep.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 867b96a122b7c56dc08163aebea78aa3bf43aa9fcc24e3f0bb4bb83cbbd3af16 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 23 Mar 2022 09:01:17 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 23 Mar 2022 10:17:32 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 23 Mar 2022 10:17:32 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 633 B	80ms 37ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto+Condensed Requested by Host: rftrstrts.com URL: https://rftrstrts.com/common_tpls/compact/css/cleanstep.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e1ea27fdcd7685662aafddcb85508914ec4dbeecfb6525a81e1e7976f385419b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 23 Mar 2022 09:14:10 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 23 Mar 2022 10:17:32 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 23 Mar 2022 10:17:32 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 610 B	65ms 22ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto Requested by Host: rftrstrts.com URL: https://rftrstrts.com/common_tpls/compact/css/cleanstep.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 7888a75eac5f8b9dc4c448f10e8dc9030fcae612cb236f1a9e9700d56ae6ef34 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 23 Mar 2022 08:36:50 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 23 Mar 2022 10:17:32 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 23 Mar 2022 10:17:32 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	75 KB 30 KB	23ms 23ms	Script application/javascript	2a00:1450:4001:82f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-WRR93BC Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d408f36718afde492cde74ddb2f11c88d8cbd6aa213379c96c5a3248de6d9923 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 10:17:32 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30322 x-xss-protection 0 last-modified Wed, 23 Mar 2022 09:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 23 Mar 2022 10:17:32 GMT
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v28/	44 KB 44 KB	38ms 10ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:400,800 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://rftrstrts.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 22 Mar 2022 22:45:30 GMT x-content-type-options nosniff age 41522 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44656 x-xss-protection 0 last-modified Tue, 01 Mar 2022 22:03:03 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 22 Mar 2023 22:45:30 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	38ms 11ms	Script text/javascript	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 766 date Wed, 23 Mar 2022 10:04:46 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Wed, 23 Mar 2022 12:04:46 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v29/	15 KB 15 KB	28ms 24ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://rftrstrts.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 22 Mar 2022 18:59:49 GMT x-content-type-options nosniff age 55063 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15688 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:19 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 22 Mar 2023 18:59:49 GMT
GET H2	200	1Ptug8zYS_SKggPNyC0ITw.woff2 fonts.gstatic.com/s/raleway/v26/	46 KB 46 KB	33ms 29ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v26/1Ptug8zYS_SKggPNyC0ITw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Raleway:400,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://rftrstrts.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 22 Mar 2022 18:48:55 GMT x-content-type-options nosniff age 55717 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 47312 x-xss-protection 0 last-modified Thu, 03 Feb 2022 00:15:33 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 22 Mar 2023 18:48:55 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	1 B 21 B	32ms 15ms	XHR text/plain	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2029426148&t=pageview&_s=1&dl=https%3A%2F%2Frftrstrts.com%2Fdofadd%2F%3FSID%3D2a6e97e675f68a669215ddebb2d40a2d&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=335766721&gjid=1235592522&cid=145715692.1648030652&tid=UA-208203304-1&_gid=49170033.1648030652&_r=1&gtm=2ou3e0&z=1782292969 Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://rftrstrts.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 23 Mar 2022 10:17:32 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://rftrstrts.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	nr-spa-1215.min.js Show response js-agent.newrelic.com/	47 KB 18 KB	35ms 8ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa-1215.min.js Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66 Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-amz-version-id zcmP9QP8YWQtiPZETZozJGQXbXQvWuWT content-encoding gzip etag "7e1862f7a390ed9fc02c299216395547" x-amz-request-id E3807YWQHPQZ8YJZ x-cache HIT cross-origin-resource-policy cross-origin content-length 17465 x-amz-id-2 5tcVSTKzkfPEZbNMMs+Dplhb/d0xmPHl6ly9DhZlkXi7DMq5iwlmuwUDWB4WFuI4jhXJxdstiws= x-served-by cache-hhn4032-HHN last-modified Mon, 24 Jan 2022 22:13:54 GMT server AmazonS3 x-timer S1648030652.431781,VS0,VE0 date Wed, 23 Mar 2022 10:17:32 GMT vary Accept-Encoding content-type application/javascript via 1.1 varnish cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 6810
GET H/1.1	200 OK	NRJS-53a3e8e5a523894a2ee Show response bam.nr-data.net/1/	57 B 322 B	428ms 104ms	Script text/javascript	162.247.242.21 NEWRELIC-AS-1
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1215.1253ab8&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=1172&ck=1&ref=https://rftrstrts.com/dofadd/&ap=60&be=470&fe=1130&dc=1046&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1648030651270,%22n%22:0,%22u%22:439,%22ue%22:439,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22ce%22:0,%22rq%22:1,%22rp%22:437,%22rpe%22:469,%22dl%22:439,%22di%22:1045,%22ds%22:1045,%22de%22:1046,%22dc%22:1129,%22l%22:1129,%22le%22:1131%7D,%22navigation%22:%7B%7D%7D&fp=1070&fcp=1070&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.247.242.21 , United States, ASN23467 (NEWRELIC-AS-1, US), Reverse DNS bam-9.nr-data.net Software / Resource Hash 5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d Request headers Accept-Language de-DE,de;q=0.9 Referer https://rftrstrts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Cross-Origin-Resource-Policy cross-origin Content-Type text/javascript;charset=iso-8859-1 Content-Length 57 Expires Thu, 01 Jan 1970 00:00:00 GMT
POST H/1.1	200 OK	NRJS-53a3e8e5a523894a2ee Show response bam.nr-data.net/events/1/	24 B 180 B	106ms 106ms	XHR image/gif	162.247.242.21 NEWRELIC-AS-1
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/events/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1215.1253ab8&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=1608&ck=1&ref=https://rftrstrts.com/dofadd/ Requested by Host: rftrstrts.com URL: https://rftrstrts.com/dofadd/?SID=2a6e97e675f68a669215ddebb2d40a2d Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.247.242.21 , United States, ASN23467 (NEWRELIC-AS-1, US), Reverse DNS bam-9.nr-data.net Software / Resource Hash 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300 Request headers Referer https://rftrstrts.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 content-type text/plain Response headers Access-Control-Allow-Origin https://rftrstrts.com Access-Control-Allow-Credentials true Content-Length 24 Content-Type image/gif

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored object| NREUM object| newrelic function| __nr_require function| geoip_country_code function| geoip_country_name function| geoip_city function| geoip_region function| geoip_region_name function| geoip_latitude function| geoip_longitude function| geoip_postal_code function| geoip_resolved_ip string| highlight_field function| $ function| jQuery number| datingId function| selectInList function| uncross function| makeError function| validate_highlight function| validate_form function| sprintf function| vsprintf string| acctPath string| commonPath string| language function| FreezeScreen boolean| pop_errors function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga string| emsg boolean| isSubmitting object| gaplugins object| gaGlobal object| gaData

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			rftrstrts.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2a6e97e675f68a669215ddebb2d40a2d
			.rftrstrts.com/	1970-01-20 19:18:22	Name: _ga Value: GA1.2.145715692.1648030652
			.rftrstrts.com/	1970-01-20 01:48:37	Name: _gid Value: GA1.2.49170033.1648030652
			.rftrstrts.com/	1970-01-20 01:47:10	Name: _gat_gtag_UA_208203304_1 Value: 1
			.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: f8f3d8da56b81709

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
ajax.googleapis.com
bam.nr-data.net
fonts.googleapis.com
fonts.gstatic.com
geoip.esignonsecure.com
js-agent.newrelic.com
rftrstrts.com
www.google-analytics.com
www.googletagmanager.com
151.101.130.137
152.199.19.160
162.247.242.21
207.120.36.204
207.120.36.205
2a00:1450:4001:801::200a
2a00:1450:4001:802::200a
2a00:1450:4001:808::200e
2a00:1450:4001:810::2003
2a00:1450:4001:82f::2008
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
1302fb6dfb8906ee779abaf947b3100d4b102551b9f16abf5cc4d8f0fcdc473a
16777add811e11a9033f75085192576c334df315c52f938ab8cc39d2ecef230d
1d1319d2dbd1da47b0959c6cb1c02039d23e0724fbe50c66d3671085d69c2dca
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
61d3d1af48dc7b4ab9b54fe266b6527adce310f6ec03ea4424d0673b079cbc9c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7888a75eac5f8b9dc4c448f10e8dc9030fcae612cb236f1a9e9700d56ae6ef34
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b
867b96a122b7c56dc08163aebea78aa3bf43aa9fcc24e3f0bb4bb83cbbd3af16
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
9e87ec204277846f7a33c563f38ed331196c0d5265e161c0853e3c0d0de8d4a5
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a737a566540fe1ddce0e3dc53778bcb29de07b8672f473d839409e699f9828b1
c3365ae2177ff723446d648b15737009884b95b37fbe91daf7b5b2244c6b975b
c8eeec83fe8bf655eeeda291466d268770436dde4e3e40416a85d05d3893e892
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d408f36718afde492cde74ddb2f11c88d8cbd6aa213379c96c5a3248de6d9923
dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66
e1ea27fdcd7685662aafddcb85508914ec4dbeecfb6525a81e1e7976f385419b
ebd62f36555102098bf52dcb8155e7eb1891775e4a30d700ffb22617ccee06be
ef26ee0a8e4d4cedaa5707155bd3f9ec67a93d4a965997dc39334ce090ab97ee
f2648f83e8bb78db15ffc5d01dcbc53fb6b8c585dcfabbb88bd0471b8399ca00
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355