secure.futurefuel.io Open in urlscan Pro
75.2.14.218 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure.futurefuel.io/
Submission: On October 13 via automatic, source certstream-suspicious (October 13th 2021, 12:47:14 am UTC) — Scanned from DE

Summary HTTP 70 Redirects Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 17 domains to perform 70 HTTP transactions. The main IP is 75.2.14.218, located in United States and belongs to AMAZON-02, US. The main domain is secure.futurefuel.io.
TLS certificate: Issued by Amazon on November 12th 2020. Valid for: a year.

This is the only time secure.futurefuel.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	75.2.14.218 75.2.14.218	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	13.35.253.36 13.35.253.36	16509 (AMAZON-02) (AMAZON-02)
1	143.204.209.8 143.204.209.8	16509 (AMAZON-02) (AMAZON-02)
2	65.9.66.30 65.9.66.30	16509 (AMAZON-02) (AMAZON-02)
1	13.32.29.61 13.32.29.61	16509 (AMAZON-02) (AMAZON-02)
2	34.107.143.101 34.107.143.101	15169 (GOOGLE) (GOOGLE)
1	65.9.66.34 65.9.66.34	16509 (AMAZON-02) (AMAZON-02)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	13.32.29.87 13.32.29.87	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
3	143.204.209.41 143.204.209.41	16509 (AMAZON-02) (AMAZON-02)
2	34.102.161.46 34.102.161.46	15169 (GOOGLE) (GOOGLE)
2	52.218.177.33 52.218.177.33	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	143.204.209.47 143.204.209.47	16509 (AMAZON-02) (AMAZON-02)
2	52.16.211.92 52.16.211.92	16509 (AMAZON-02) (AMAZON-02)
4	13.32.23.12 13.32.23.12	16509 (AMAZON-02) (AMAZON-02)
1	52.212.240.37 52.212.240.37	16509 (AMAZON-02) (AMAZON-02)
1	50.112.172.132 50.112.172.132	16509 (AMAZON-02) (AMAZON-02)
2	13.32.29.8 13.32.29.8	16509 (AMAZON-02) (AMAZON-02)
2	54.212.23.110 54.212.23.110	16509 (AMAZON-02) (AMAZON-02)
70	24

19 75.2.14.218 (United States)

ASN16509 (AMAZON-02, US)
PTR: a80d8795874baa161.awsglobalaccelerator.com

secure.futurefuel.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.futurefuel.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-36.fra6.r.cloudfront.net

try.abtasty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.209.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-209-8.fra53.r.cloudfront.net

js.iterable.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.66.30 (United States)

ASN16509 (AMAZON-02, US)

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.29.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-61.fra56.r.cloudfront.net

payitoff-cdn.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.143.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.143.107.34.bc.googleusercontent.com

dcinfos-cache.abtasty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.34 (United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.29.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-87.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.209.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-209-41.fra53.r.cloudfront.net

beacon-v2.helpscout.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.102.161.46 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 46.161.102.34.bc.googleusercontent.com

ariane.abtasty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.218.177.33 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

ff-cookie-test.s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.209.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-209-47.fra53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.211.92 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-211-92.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.23.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-23-12.fra56.r.cloudfront.net

d3hb14vkzrxvla.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.240.37 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-240-37.eu-west-1.compute.amazonaws.com

ws3.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.112.172.132 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-50-112-172-132.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.29.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-8.fra56.r.cloudfront.net

ufb6827o24.execute-api.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.212.23.110 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-212-23-110.us-west-2.compute.amazonaws.com

e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	futurefuel.io secure.futurefuel.io api.futurefuel.io	586 KB
6	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com ws3.hotjar.com	64 KB
5	abtasty.com try.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com	71 KB
4	cloudfront.net d3hb14vkzrxvla.cloudfront.net	10 KB
4	googleapis.com maps.googleapis.com	169 KB
4	amazonaws.com ff-cookie-test.s3-us-west-2.amazonaws.com ufb6827o24.execute-api.us-west-2.amazonaws.com	2 KB
4	google.com www.google.com	893 B
4	doubleclick.net googleads.g.doubleclick.net	5 KB
3	helpscout.net beacon-v2.helpscout.net	264 KB
3	googletagmanager.com www.googletagmanager.com	115 KB
2	es.io e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io	40 B
2	plaid.com cdn.plaid.com	69 KB
1	amplitude.com api.amplitude.com	168 B
1	googleadservices.com www.googleadservices.com	15 KB
1	payitoff-cdn.io payitoff-cdn.io	10 KB
1	iterable.com js.iterable.com	3 KB
0	google.de Failed www.google.de Failed
70	17

	Domain	Requested by
11	secure.futurefuel.io	secure.futurefuel.io
8	api.futurefuel.io	secure.futurefuel.io
4	d3hb14vkzrxvla.cloudfront.net	secure.futurefuel.io
4	maps.googleapis.com	secure.futurefuel.io maps.googleapis.com
4	www.google.com	secure.futurefuel.io
4	googleads.g.doubleclick.net	www.googleadservices.com
3	beacon-v2.helpscout.net	secure.futurefuel.io beacon-v2.helpscout.net
3	www.googletagmanager.com	secure.futurefuel.io www.googletagmanager.com
2	e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io	secure.futurefuel.io
2	ufb6827o24.execute-api.us-west-2.amazonaws.com	secure.futurefuel.io
2	in.hotjar.com	secure.futurefuel.io
2	ff-cookie-test.s3-us-west-2.amazonaws.com	secure.futurefuel.io ff-cookie-test.s3-us-west-2.amazonaws.com
2	ariane.abtasty.com	secure.futurefuel.io
2	dcinfos-cache.abtasty.com	try.abtasty.com
2	cdn.plaid.com	secure.futurefuel.io cdn.plaid.com
1	api.amplitude.com	secure.futurefuel.io
1	ws3.hotjar.com	secure.futurefuel.io
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	www.googleadservices.com	www.googletagmanager.com
1	static.hotjar.com	secure.futurefuel.io
1	payitoff-cdn.io	secure.futurefuel.io
1	js.iterable.com	secure.futurefuel.io
1	try.abtasty.com	secure.futurefuel.io
0	www.google.de Failed	secure.futurefuel.io
70	25

This site contains no links.

Subject Issuer	Validity	Valid
*.secure.futurefuel.io Amazon	`2020-11-12` - `2021-12-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
try.abtasty.com Amazon	`2021-07-27` - `2022-08-25`	a year	crt.sh
iterable.com Amazon	`2021-06-22` - `2022-07-21`	a year	crt.sh
secure.plaid.com DigiCert SHA2 Extended Validation Server CA	`2020-04-17` - `2022-04-22`	2 years	crt.sh
payitoff-cdn.io Amazon	`2021-09-23` - `2022-10-21`	a year	crt.sh
dcinfos-cache.abtasty.com R3	`2021-08-31` - `2021-11-29`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.helpscout.net Amazon	`2021-04-25` - `2022-05-24`	a year	crt.sh
ariane.abtasty.com R3	`2021-08-29` - `2021-11-27`	3 months	crt.sh
*.s3-us-west-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2020-02-18` - `2022-02-13`	2 years	crt.sh
*.execute-api.us-west-2.amazonaws.com Amazon	`2021-06-03` - `2022-07-02`	a year	crt.sh
*.aws.elastic-cloud.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-05` - `2021-11-09`	6 months	crt.sh

This page contains 3 frames:

Primary Page: https://secure.futurefuel.io/
Frame ID: 57FF74C262BFF33A7142D6B42BE9DF88
Requests: 59 HTTP requests in this frame

Frame: https://ff-cookie-test.s3-us-west-2.amazonaws.com/read-cookie.html
Frame ID: CFAF68C4FB906E7D91AD6917B6697E93
Requests: 2 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Frame ID: 2C6371BDE361B92A3C9D994266A52C50
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FutureFuel.ioFutureFuel.io

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Page Statistics

70
Requests

91 %
HTTPS

17 %
IPv6

17
Domains

25
Subdomains

24
IPs

3
Countries

1382 kB
Transfer

4075 kB
Size

13
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

70 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
secure.futurefuel.io/ 4 KB
4 KB 585ms
161ms Document
text/html 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

d07cb6ea6a3df858656a435de40e39312629223512cb7810c2556fb2b6e3541e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: secure.futurefuel.io
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 13 Oct 2021 00:47:06 GMT
content-type: text/html
server: nginx/1.21.1
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
vary: Accept-Encoding
etag: W/"6160eb82-f2b"
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-transform
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
content-encoding: gzip

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 53ms
31ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-125630340-1

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f26baaedb108be5a29f68a3e0292c2c00b793408be27fb8f8bd3d9c6a28a9cc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38639
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 13 Oct 2021 00:47:06 GMT

GET
H2 200 602fd603da3814434da62f347bd77e5d.js Show response
try.abtasty.com/ 260 KB
70 KB 218ms
181ms Script
application/javascript 13.35.253.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://try.abtasty.com/602fd603da3814434da62f347bd77e5d.js
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-36.fra6.r.cloudfront.net
Software: CloudFront /
Resource Hash: b3bea434cd53762dfc0bf85eecc6392dffe8b4254cf5d11447dbae4739d79839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
last-modified: Fri, 08 Oct 2021 15:59:13 GMT
server: CloudFront
x-amz-cf-pop: FRA6-C1
etag: W/"7aa3c4f5b594618d0892e3999b045aba"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
cache-control: s-maxage=86400,max-age=30
x-amz-cf-id: 3xZh6vzTzZTi-vvYq1iNz1rArfFmo-dCC5N4_BLUMvqD2dx5eRhLVA==

GET
H/1.1 200
OK analytics.js Show response
js.iterable.com/ 2 KB
3 KB 58ms
8ms Script
application/x-javascript 143.204.209.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.iterable.com/analytics.js
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-8.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b07ff9cb3ee66f1f0e4c708320ea5d9d6487d1b15e022416d914e214df163aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 15:14:45 GMT
Via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
Last-Modified: Fri, 18 Dec 2015 02:22:54 GMT
Server: AmazonS3
Age: 34342
ETag: "92ec746618875057f06112a34d2770a9"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Accept-Ranges: bytes
Content-Length: 2281
X-Amz-Cf-Id: 8H6DybV8wQbo_5USOre9YKa9pnbOcJ5gLri_IH3tBlX64MjoHFfOfA==

GET
H2 200 179.dcf3939c6094924d7763.js Show response
secure.futurefuel.io/ 1 MB
321 KB 164ms
164ms Script
application/javascript 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

25556eda6bf125bbf6c0f01008467a9c736576601cdc9804eba4f2f20c11a3cc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /179.dcf3939c6094924d7763.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-11c022"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 85 KB
29 KB 190ms
142ms Script
application/javascript 65.9.66.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e34e19c0d41b60e032cda00eb1c759eed68c04bfbd1b1b4e857f5d5fbdbd1a47

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: ESAaz9xfSTtuZeg7F0jYtppSXcMJv1bR
content-encoding: gzip
etag: W/"04ba5b3c86b17a33077b3b649a8cfe0e"
x-amz-request-id: QFPP7R1YEPFQE0T1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-id-2: 3hZPRVT6FcYFiIIuYGfByDqaQUke/2211ngetdRvIjRfdz2SFfG8FUJL16hfUIhPZ4juabObRWI=
last-modified: Sat, 09 Oct 2021 14:33:28 GMT
server: AmazonS3
date: Tue, 12 Oct 2021 15:16:43 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
cache-control: no-cache,must-revalidate,max-age=0
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: Cn2fMFWNqNX8IV_xupkwUr_anJcbBy7egVYdHn-x6GjJw2oDYRXgFA==

GET
H2 200 v1 Show response
payitoff-cdn.io/nexus/js/ 9 KB
10 KB 592ms
432ms Script
application/javascript 13.32.29.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payitoff-cdn.io/nexus/js/v1
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-61.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 044c3cba31d41339e4c7d140903f9791a1a12f3389db637ee247bcf0f25eb305

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
via: 1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
last-modified: Tue, 17 Aug 2021 14:08:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "3334faa46183f66e0f60bba25b6f44e3"
x-cache: Miss from cloudfront
content-type: application/javascript; charset=utf-8
accept-ranges: bytes
content-length: 9523
x-amz-cf-id: Wz7u61-Ww_Oms1kR4i44Ud_r7IyupIuSDaT6sxJ2xU924nB5CSRdEg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-925700628&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-125630340-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

76f65143d547b29511d902d9b7cb238563864bdf6cffc6ba7b6589b5f58124f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39122
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 13 Oct 2021 00:47:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 39ms
38ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-475656849&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-125630340-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e79f8a82347848cf360a61aaddb97abacde63aeb9a57e78a2254ba265eeb4fa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39109
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 13 Oct 2021 00:47:07 GMT

POST
H2 200 geoip Show response
dcinfos-cache.abtasty.com/v1/ 559 B
420 B 51ms
21ms Fetch
application/json 34.107.143.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dcinfos-cache.abtasty.com/v1/geoip

Requested by

Host: try.abtasty.com
URL: https://try.abtasty.com/602fd603da3814434da62f347bd77e5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.143.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.143.107.34.bc.googleusercontent.com

Software

Resource Hash

aa3ee7e9f1bb7babe1919d54d01956589bf01025e82cdaaa3ed0d0719c851a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
age: 0
x-cache: miss uncacheable
x-retry: 0
grpc-metadata-content-type: application/grpc
alt-svc: clear
content-length: 298
grpc-metadata-grpc-accept-encoding: gzip
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 google
cache-control: private
accept-ranges: bytes

POST
H2 200 ua-parser Show response
dcinfos-cache.abtasty.com/v1/ 118 B
362 B 46ms
16ms Fetch
application/json 34.107.143.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dcinfos-cache.abtasty.com/v1/ua-parser

Requested by

Host: try.abtasty.com
URL: https://try.abtasty.com/602fd603da3814434da62f347bd77e5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.143.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.143.107.34.bc.googleusercontent.com

Software

Resource Hash

89e8c7062fe9ea6578c0854ded9bd9914046cc6bbf7ae76ae67d001484630440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 13 Oct 2021 00:43:10 GMT
content-encoding: gzip
age: 236
x-cache: hit cached
x-retry: 0
grpc-metadata-content-type: application/grpc
alt-svc: clear
content-length: 111
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 google
cache-control: max-age=120, public
accept-ranges: bytes
expires: Wed, 13 Oct 2021 00:45:10 GMT

GET
H2 200 hotjar-1438401.js Show response
static.hotjar.com/c/ 5 KB
2 KB 61ms
41ms Script
application/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1438401.js?sv=6

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

08220cbe6aa520222b1df7297a664016328c7a74bc9b1e150830e744f39d4cc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-C1
etag: W/0213ac05104d4e896cb6561128569fc6
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 2006
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
x-amz-cf-id: OBwR3X7ipeQ-GyX1CfIaozDqtibZy0VtPseHaExPPZC2gOpa6XJD_g==

GET
H2 200 link-dynamic-loader.js
cdn.plaid.com/link/2.0.1168/ 0
41 KB 10ms
9ms Other
application/javascript 65.9.66.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/2.0.1168/link-dynamic-loader.js
Requested by: Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: rQw1VFIZs3jfbpFQxf8c4v.OlXqDGpG8
content-encoding: gzip
etag: W/"a202f74e8359f4b0e171b605615185ae"
age: 82203
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sat, 09 Oct 2021 14:33:28 GMT
server: AmazonS3
date: Tue, 12 Oct 2021 01:57:07 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
cache-control: max-age=10800
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: SxIoe8TcQns0aarICC5f8q9Q9dkELekpnldYDXJ7XP6I8DOWNCdUcg==

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 53ms
29ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-925700628&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

8e170827cf6b2dfdb810cef652d70f9cbd9ff58f4242cb735622833b5ff69bd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14427
x-xss-protection: 0
server: cafe
etag: 14346040707932117602
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 13 Oct 2021 00:47:07 GMT

GET
H2 200 modules.e95f6e2deb67f1b24d8e.js Show response
script.hotjar.com/ 221 KB
59 KB 32ms
12ms Script
application/javascript 13.32.29.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e95f6e2deb67f1b24d8e.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1438401.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.29.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-29-87.fra56.r.cloudfront.net

Software

Resource Hash

3e4dcf5d937c6cd9bd580358e83d9bff9769f73cc2364ed9af22c88571959adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 08:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1268402
x-amz-server-side-encryption: AES256
x-edge-origin-shield-skipped: 0
x-cache: Hit from cloudfront
content-length: 59787
access-control-allow-origin: *
last-modified: Tue, 28 Sep 2021 08:26:22 GMT
etag: "4c2c45df8457d0c2a07b3285a23cd7a4"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a7631312afe99e40229aa0da70662113.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: OyR3eUAp96KNSvELXfmsy-tlolzC0PgZvNvKDW0F-xHH0Ak_Di8WMQ==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/ 2 KB
2 KB 42ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/?random=1634086027287&cv=9&fst=1634086027287&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93e53967af90a2fa3bfe467ea5b778f8777cdbf9b1244ebe0adff1ac34eb649b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1024
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/925700628/ 2 KB
1 KB 41ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/925700628/?random=1634086027291&cv=9&fst=1634086027291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2de84e44eef667c8a18d22033bb27528442eedd326dc39798b7246de7030c4ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1023
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/475656849/ 42 B
569 B 43ms
19ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/475656849/?random=1634086027287&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=2675419540&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/475656849/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/925700628/ 42 B
108 B 43ms
20ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/925700628/?random=1634086027291&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=3681826076&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/925700628/ 0
0

GET
H2 200 / Show response
beacon-v2.helpscout.net/ 293 B
620 B 50ms
9ms Script
application/javascript 143.204.209.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-41.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fcf99672d28b88ce163161f7d554331e71f9690e4af2d013406655167a941216

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 20:55:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
etag: "fca8ab40440bd9d950690e931e71d3b1"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
cache-control: max-age=120, s-maxage=120, public
accept-ranges: bytes
content-length: 242
x-amz-cf-id: JHUxv4RzC-xhj4sHwvAMqA8zUO54-0AoYTq-g5M507oCsJpnMV9Itg==

POST
H2 200 / Show response
ariane.abtasty.com/ 43 B
340 B 37ms
16ms Fetch
image/gif 34.102.161.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ariane.abtasty.com/

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.161.46 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

46.161.102.34.bc.googleusercontent.com

Software

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
access-control-allow-headers: Content-Type,Origin,Accept,Set-Cookie,X-ABTasty-CrossDomain
date: Wed, 13 Oct 2021 00:47:07 GMT
access-control-allow-methods: GET,HEAD,POST
content-type: image/gif
access-control-allow-origin: https://secure.futurefuel.io
cache-control: must-revalidate, no-cache, private
access-control-allow-credentials: true
alt-svc: clear
content-length: 43

GET
H/1.1 200
OK index.html Show response
ff-cookie-test.s3-us-west-2.amazonaws.com/ Frame CFAF 228 B
622 B 695ms
182ms Document
text/html 52.218.177.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ff-cookie-test.s3-us-west-2.amazonaws.com/index.html
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.177.33 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: c4a3c56f2f22c43979a18d1dd5e65bbfd03386032f065da061f64b960623e2f3

Request headers

Host: ff-cookie-test.s3-us-west-2.amazonaws.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://secure.futurefuel.io/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/

Response headers

x-amz-id-2: PcCCdvDmsF+3y8RoIqXGsixH05CMJZU4PLHqzocG6HDENyxWg/w6LZv8WopZ32xC1odlM9hKPKc=
x-amz-request-id: 373A73MVEC2D1K1F
Date: Wed, 13 Oct 2021 00:47:09 GMT
Last-Modified: Thu, 20 May 2021 18:07:13 GMT
ETag: "ef96867e019f01c714861cf7a45f2e7b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 228

OPTIONS
H2 200 resolve-url
api.futurefuel.io/api/1/auth/config/ Frame 0
0 596ms
176ms Preflight
text/html 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/config/resolve-url?url=https://secure.futurefuel.io

Protocol

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.21.1
vary: Accept-Encoding Origin
access-control-allow-origin: https://secure.futurefuel.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private no-transform
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
content-encoding: gzip

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 147 KB
48 KB 60ms
37ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&libraries=places&callback=__jp0

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

4b9e657bafb4c50dc17d85058a552dfd61cc3cbe60d91ceec22558275d6d2faa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=23
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48709
x-xss-protection: 0
expires: Wed, 13 Oct 2021 01:17:07 GMT

GET
H2 200 resolve-url Show response
api.futurefuel.io/api/1/auth/config/ 21 B
2 KB 209ms
208ms XHR
application/json 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/config/resolve-url?url=https://secure.futurefuel.io

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

cbbf676d76b4d711a2d6b3e4527548615d4a7d6b29db15a8b3922d04cbe1a8b9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-ratelimit-limit: 200
strict-transport-security: max-age=31536000; includeSubdomains
vary: Accept-Encoding, Origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.21.1
x-ratelimit-remaining: 193
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
content-type: application/json
access-control-allow-origin: https://secure.futurefuel.io
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private, no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType

GET
H2 200 states Show response
api.futurefuel.io/api/1/auth/ 768 B
2 KB 203ms
203ms XHR
application/json 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/states

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

d6b8fa88d0581fdfb111d9f05b08ee3299ed45c9e0feec2e31724a9736ea5f2b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-ratelimit-limit: 200
strict-transport-security: max-age=31536000; includeSubdomains
vary: Accept-Encoding, Origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.21.1
x-ratelimit-remaining: 193
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
content-type: application/json
access-control-allow-origin: https://secure.futurefuel.io
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private, no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType

OPTIONS
H2 200 states
api.futurefuel.io/api/1/auth/ Frame 0
0 601ms
183ms Preflight
text/html 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/states

Protocol

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.21.1
vary: Accept-Encoding Origin
access-control-allow-origin: https://secure.futurefuel.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private no-transform
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
content-encoding: gzip

GET
H2 200 box-dfc01efbdc94bb0936d9a35a502b0b64.html Show response
vars.hotjar.com/ Frame 2C63 2 KB
1 KB 33ms
13ms Document
text/html 143.204.209.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1438401.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-47.fra53.r.cloudfront.net
Software: /
Resource Hash: 88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-dfc01efbdc94bb0936d9a35a502b0b64.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.futurefuel.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/

Response headers

content-type: text/html
content-length: 1044
date: Tue, 20 Jul 2021 13:05:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "10714b84569172431728622d7c8098e4"
last-modified: Tue, 20 Jul 2021 13:04:43 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 61adf71a363fe0f836dc69dbb43de824.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: xygTHtpFBoLTn9dUairdwEu-FPq0pUVqdFXUBV2z3Kvvy4T4cKP77g==
age: 7299722

GET
H2 200 vendor.ad96f0fc.js Show response
beacon-v2.helpscout.net/static/js/ 813 KB
199 KB 10ms
10ms Script
application/javascript 143.204.209.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/static/js/vendor.ad96f0fc.js
Requested by: Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-41.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7d195f32994f953f141f160921ba015fcbd9129860cb251a0102bba9bf727083

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 23:26:21 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 20:55:22 GMT
server: AmazonS3
age: 4847
etag: "1327d6f8aec7958f4e7a24c2ec6870a3"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
cache-control: max-age=315360000, s-maxage=7200, public
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 203299
x-amz-cf-id: rGSPOJsZOESyQLnqbkxfL4bWa2J9guVt5CCtw7-E-48623kDf93mPA==

GET
H2 200 main.10ae4c94.js Show response
beacon-v2.helpscout.net/static/js/ 256 KB
64 KB 34ms
33ms Script
application/javascript 143.204.209.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/static/js/main.10ae4c94.js
Requested by: Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-41.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 598aa9e340e9203d13e52c015dd235e44dc8d717347374607e0be953f44cd94e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:37:58 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 20:55:22 GMT
server: AmazonS3
age: 549
etag: "a79f912feb3b61708430961342e5d4b0"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
cache-control: max-age=315360000, s-maxage=7200, public
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 65296
x-amz-cf-id: nw2dmjNXBvMuqapz3D0ecRGTjhYfLO_AxiwahnZuuOG6JAtNFI2mmA==

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1438401/ 146 B
323 B 98ms
34ms XHR
application/json 52.16.211.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1438401/visit-data?sv=6
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.211.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-211-92.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ab95872c4726727a3b09b1f8c28490c70b7e407e97fd93bbfb75a2ecc5faac36

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/925700628/ 2 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/925700628/?random=1634086027797&cv=9&fst=1634086027797&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7989fa33f15fd8e52eff685b08a5f870992200fa89629eed02b6176e25961ae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1024
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/ 0
0

GET
H2 200 074ec096-ea05-419b-9307-540064f01ab6 Show response
d3hb14vkzrxvla.cloudfront.net/v1/ 8 KB
9 KB 112ms
111ms XHR
application/json 13.32.23.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/074ec096-ea05-419b-9307-540064f01ab6

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.23.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-23-12.fra56.r.cloudfront.net

Software

Resource Hash

99b2b0c33fcc979541033b2add146cc05030335e1ab3f9d991b1a33859dbf5b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

correlationId: cf749468-1349-4d2c-a11f-8c229585775b
Helpscout-Release: 2.1.94
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://secure.futurefuel.io/
Beacon-Device-ID: 8c14d556-2beb-4ad0-9d58-0330818c69a2
Helpscout-Origin: Beacon-Embed

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
via: 1.1 9928105291571d6cae52bcb916c898d9.cloudfront.net (CloudFront)
x-edge-origin-shield-skipped: 0
x-ratelimit-remaining-general-minute: 150
x-cache: Miss from cloudfront
x-ratelimit-remaining-identify-hour: 50
x-ratelimit-limit-general-minute: 150
x-ratelimit-remaining-conversations-hour: 25
x-ratelimit-limit-identify-hour: 50
x-ratelimit-remaining-chat-tokens-hour: 50
x-ratelimit-limit-conversations-hour: 25
vary: Origin,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour: 25
access-control-allow-origin: https://secure.futurefuel.io
access-control-expose-headers: Resource-ID
cache-control: max-age=300
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C2
content-type: application/json
x-amz-cf-id: woEDqCzHdV_nmXbOEFO0Dv1c3yCX8W6wzFDRR3CGiGsDdtLLBclWIQ==
x-ratelimit-limit-attachments-hour: 25
x-ratelimit-limit-chat-tokens-hour: 50

OPTIONS
H2 200 074ec096-ea05-419b-9307-540064f01ab6
d3hb14vkzrxvla.cloudfront.net/v1/ Frame 0
0 140ms
111ms Preflight 13.32.23.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/074ec096-ea05-419b-9307-540064f01ab6

Protocol

Server

13.32.23.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-23-12.fra56.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: beacon-device-id,correlationid,helpscout-origin,helpscout-release
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 13 Oct 2021 00:47:07 GMT
access-control-allow-origin: https://secure.futurefuel.io
access-control-allow-methods: GET
access-control-allow-headers: beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-allow-credentials: true
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-ratelimit-limit-conversations-hour: 25
x-ratelimit-remaining-conversations-hour: 25
x-ratelimit-limit-identify-hour: 50
x-ratelimit-remaining-identify-hour: 50
x-ratelimit-limit-chat-tokens-hour: 50
x-ratelimit-remaining-chat-tokens-hour: 50
x-ratelimit-limit-general-minute: 150
x-ratelimit-remaining-general-minute: 150
x-ratelimit-limit-attachments-hour: 25
x-ratelimit-remaining-attachments-hour: 25
strict-transport-security: max-age=31536000; includeSubDomains
x-edge-origin-shield-skipped: 0
vary: Origin,Access-Control-Request-Method
x-cache: Miss from cloudfront
via: 1.1 9928105291571d6cae52bcb916c898d9.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: grDCPjO0H31rvlolCaZTkybZ1CnZPUEilhAhlUHSHs0X0pEkv6AbbA==

GET
H2 200 /
www.google.com/pagead/1p-user-list/925700628/ 42 B
108 B 19ms
18ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/925700628/?random=1634086027797&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=1286805596&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/925700628/ 0
0

POST
H/1.1 200
OK content Show response
ws3.hotjar.com/api/v2/sites/1438401/recordings/ 66 B
394 B 114ms
41ms XHR
application/json 52.212.240.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws3.hotjar.com/api/v2/sites/1438401/recordings/content
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.240.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-240-37.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 65bc28c0a2212fb6041e0e263973232af15d586e9778d6ba0bc02cad4446f6fd

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Wed, 13 Oct 2021 00:47:07 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

OPTIONS
H2 200 agents
d3hb14vkzrxvla.cloudfront.net/v1/074ec096-ea05-419b-9307-540064f01ab6/ Frame 0
0 109ms
109ms Preflight 13.32.23.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/074ec096-ea05-419b-9307-540064f01ab6/agents

Protocol

Server

13.32.23.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-23-12.fra56.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: beacon-device-id,correlationid,helpscout-origin,helpscout-release
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-length: 0
date: Wed, 13 Oct 2021 00:47:08 GMT
access-control-allow-origin: https://secure.futurefuel.io
access-control-allow-methods: GET
access-control-allow-headers: beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-expose-headers: Resource-ID
access-control-allow-credentials: true
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-ratelimit-limit-conversations-hour: 25
x-ratelimit-remaining-conversations-hour: 25
x-ratelimit-limit-identify-hour: 50
x-ratelimit-remaining-identify-hour: 50
x-ratelimit-limit-chat-tokens-hour: 50
x-ratelimit-remaining-chat-tokens-hour: 50
x-ratelimit-limit-general-minute: 150
x-ratelimit-remaining-general-minute: 150
x-ratelimit-limit-attachments-hour: 25
x-ratelimit-remaining-attachments-hour: 25
strict-transport-security: max-age=31536000; includeSubDomains
x-edge-origin-shield-skipped: 0
vary: Origin,Access-Control-Request-Method
x-cache: Miss from cloudfront
via: 1.1 9928105291571d6cae52bcb916c898d9.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: VyOnQYpfIv0A_lU95h3tZfHEIjLmD20nWmDSl73tNFJSSpyPuE7Ghg==

GET
H2 200 agents Show response
d3hb14vkzrxvla.cloudfront.net/v1/074ec096-ea05-419b-9307-540064f01ab6/ 101 B
847 B 112ms
112ms XHR
application/json 13.32.23.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/074ec096-ea05-419b-9307-540064f01ab6/agents

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.23.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-23-12.fra56.r.cloudfront.net

Software

Resource Hash

5db812a555023df0b19e2b44dfa55f4d56fcf952310ec4ef720376c00e4aac89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

correlationId: 962fe4d9-00be-4d0a-9ee0-2a4939bcb428
Helpscout-Release: 2.1.94
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://secure.futurefuel.io/
Beacon-Device-ID: 8c14d556-2beb-4ad0-9d58-0330818c69a2
Helpscout-Origin: Beacon-Embed

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
via: 1.1 9928105291571d6cae52bcb916c898d9.cloudfront.net (CloudFront)
x-edge-origin-shield-skipped: 0
x-ratelimit-remaining-general-minute: 150
x-cache: Miss from cloudfront
x-ratelimit-remaining-identify-hour: 50
x-ratelimit-limit-general-minute: 150
x-ratelimit-remaining-conversations-hour: 25
x-ratelimit-limit-identify-hour: 50
x-ratelimit-remaining-chat-tokens-hour: 50
x-ratelimit-limit-conversations-hour: 25
vary: Origin,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour: 25
access-control-allow-origin: https://secure.futurefuel.io
access-control-expose-headers: Resource-ID
cache-control: max-age=600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C2
content-type: application/json
x-amz-cf-id: 3f85k5SdywJs3W83NnNlJgzazTloMxfoQGq1_6KQeVf_KpvXfUm9Uw==
x-ratelimit-limit-attachments-hour: 25
x-ratelimit-limit-chat-tokens-hour: 50

GET
H/1.1 200
OK read-cookie.html Show response
ff-cookie-test.s3-us-west-2.amazonaws.com/ Frame CFAF 306 B
700 B 173ms
173ms Document
text/html 52.218.177.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ff-cookie-test.s3-us-west-2.amazonaws.com/read-cookie.html
Requested by: Host: ff-cookie-test.s3-us-west-2.amazonaws.com
URL: https://ff-cookie-test.s3-us-west-2.amazonaws.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.177.33 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: c4ab94381a68d2eb9962003194fbbb5aa2736068a400dc3419caa76ae5e39e58

Request headers

Host: ff-cookie-test.s3-us-west-2.amazonaws.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ff-cookie-test.s3-us-west-2.amazonaws.com/index.html
Accept-Encoding: gzip, deflate, br
Cookie: s=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ff-cookie-test.s3-us-west-2.amazonaws.com/index.html

Response headers

x-amz-id-2: FV2MMtsvul0aoL//k7XHROMDe6muwAzcdqv7kniWW/QF0H8Iw/V8ay8XuXy4ro40docrGo/BqnI=
x-amz-request-id: 3739KE5KFGDFW5RD
Date: Wed, 13 Oct 2021 00:47:09 GMT
Last-Modified: Thu, 20 May 2021 18:07:12 GMT
ETag: "d40a7ad3122f45d9f050ad1540d0f5ac"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 306

OPTIONS
H2 200 check
api.futurefuel.io/api/1/auth/ Frame 0
0 172ms
172ms Preflight
text/html 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/check

Protocol

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.21.1
vary: Accept-Encoding Origin
access-control-allow-origin: https://secure.futurefuel.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private no-transform
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
content-encoding: gzip

GET
H2 401 check Show response
api.futurefuel.io/api/1/auth/ 26 B
2 KB 207ms
207ms XHR
application/json 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/check

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

7439e0ca1a61e9d085faed07623b44d3db192435d25a5eb59477147ccdf07216

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 13 Oct 2021 00:47:08 GMT
x-content-type-options: nosniff
x-ratelimit-limit: 200
strict-transport-security: max-age=31536000; includeSubdomains
vary: Origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.21.1
x-ratelimit-remaining: 192
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
content-type: application/json
access-control-allow-origin: https://secure.futurefuel.io
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private, no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType

POST
H2 200 / Show response
api.amplitude.com/ 7 B
168 B 514ms
181ms XHR
text/html 50.112.172.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.112.172.132 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-50-112-172-132.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 13 Oct 2021 00:47:09 GMT
content-length: 7
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

POST
H2 204 prod Show response
ufb6827o24.execute-api.us-west-2.amazonaws.com/ 0
356 B 489ms
489ms XHR
text/plain 13.32.29.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-8.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

x-client-timestamp: 2021-10-13T00:47:08.624Z
traceparent: 00-0a767f73e6d0f8cee0926ce977b7b9f1-04d8c304c5afbfe0-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json
Accept: application/json, text/plain, */*
Referer: https://secure.futurefuel.io/
x-api-key: qma2P4cJCE7BgGmv0jiXf54jBB8ZUqk70zX7aTY0

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
via: 1.1 dca6db3c8f31f3cd48bb06d78a8be625.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-apigw-id: HHvmIElpPHcFsOA=
x-amzn-requestid: 04351e68-009e-420b-b34c-58d407f34c8c
x-cache: Miss from cloudfront
access-control-allow-origin: *
x-amzn-trace-id: Root=1-61662c8d-4d9f52373768563e4543e7f6;Sampled=0
access-control-allow-headers: *
x-amz-cf-id: joEKKl4hzV4vE14Ovwzegy2aMMHTUABtRAEL0B2DCSKgoPqzLd7NMA==

OPTIONS
H2 200 prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ Frame 0
0 477ms
445ms Preflight
application/json 13.32.29.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Protocol: H2
Server: 13.32.29.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-8.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,traceparent,x-api-key,x-client-timestamp
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: application/json
content-length: 0
date: Wed, 13 Oct 2021 00:47:09 GMT
x-amzn-requestid: 30526304-c298-4d58-96c7-48f990fc883d
access-control-allow-origin: *
access-control-allow-headers: *
x-amz-apigw-id: HHvmEHQMvHcF0SA=
access-control-allow-methods: OPTIONS,POST
x-cache: Miss from cloudfront
via: 1.1 dca6db3c8f31f3cd48bb06d78a8be625.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: dGwFA6SC5hfGYau4t_QTbJ3TjrLaTDa7G2jng7YDqWRnP3-Y455l9Q==

GET
H2 200 2200.c798ec4d3869cd713888.js Show response
secure.futurefuel.io/ 14 KB
6 KB 159ms
159ms Script
application/javascript 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/2200.c798ec4d3869cd713888.js

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

0c1dd3a023f3ac6612894c1dc8434ab40b343ff4271eee225ea9a038a255158a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /2200.c798ec4d3869cd713888.js
pragma: no-cache
cookie: ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=1&pvis=1&th=; ABTastySession=mrasn=&sen=0&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-37e1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

GET
H2 401 check Show response
api.futurefuel.io/api/1/auth/ 26 B
2 KB 198ms
197ms XHR
application/json 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/check

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

7439e0ca1a61e9d085faed07623b44d3db192435d25a5eb59477147ccdf07216

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
x-content-type-options: nosniff
x-ratelimit-limit: 200
strict-transport-security: max-age=31536000; includeSubdomains
vary: Origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.21.1
x-ratelimit-remaining: 191
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
content-type: application/json
access-control-allow-origin: https://secure.futurefuel.io
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private, no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType

OPTIONS
H2 200 check
api.futurefuel.io/api/1/auth/ Frame 0
0 170ms
169ms Preflight
text/html 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.futurefuel.io/api/1/auth/check

Protocol

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.21.1
vary: Accept-Encoding Origin
access-control-allow-origin: https://secure.futurefuel.io
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType
access-control-expose-headers: Content-Disposition, Authorization
cache-control: no-cache, private no-transform
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
content-encoding: gzip

GET
H2 200 43.0788abcb6986ae288a5f.js Show response
secure.futurefuel.io/ 14 KB
6 KB 160ms
159ms Script
application/javascript 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/43.0788abcb6986ae288a5f.js

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

f304083b34fcd37b7094e36fb6c2a89b6e254eab8de988cd09f7f6fce1cac05c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /43.0788abcb6986ae288a5f.js
pragma: no-cache
cookie: ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=1&pvis=1&th=; ABTastySession=mrasn=&sen=0&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-3698"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

GET
H2 200 5693.8a12165d7ec9d9154d5d.js Show response
secure.futurefuel.io/ 21 KB
6 KB 161ms
160ms Script
application/javascript 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/5693.8a12165d7ec9d9154d5d.js

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

3118684802feda5efd967486c0bdf615205c639a54de7acb76f091ff6da260a0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /5693.8a12165d7ec9d9154d5d.js
pragma: no-cache
cookie: ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=1&pvis=1&th=; ABTastySession=mrasn=&sen=0&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-53f6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

GET
H2 200 1417.6b3f182725599ccd7556.js Show response
secure.futurefuel.io/ 14 KB
7 KB 161ms
160ms Script
application/javascript 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/1417.6b3f182725599ccd7556.js

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

177f3135b801224b19eb1f52779787519eb6221be5faff715e0116148901ad1f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /1417.6b3f182725599ccd7556.js
pragma: no-cache
cookie: ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=1&pvis=1&th=; ABTastySession=mrasn=&sen=0&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-36fc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

GET
H2 200 6556.86c3d198c31da111290c.js Show response
secure.futurefuel.io/ 10 KB
6 KB 162ms
161ms Script
application/javascript 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/6556.86c3d198c31da111290c.js

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

b62bd6b7eb32ff813e213da653a967e6ecb61805a25e1d9f70bee334227513a6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /6556.86c3d198c31da111290c.js
pragma: no-cache
cookie: ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=1&pvis=1&th=; ABTastySession=mrasn=&sen=0&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-29c4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

GET
H2 200 2863.ec9b5c30719a49b94cf4.js Show response
secure.futurefuel.io/ 90 KB
24 KB 163ms
163ms Script
application/javascript 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/2863.ec9b5c30719a49b94cf4.js

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

6073cadb462189cce912ffd55a41f65830d7c598a7ed8a80b86b578fa6e9342b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /2863.ec9b5c30719a49b94cf4.js
pragma: no-cache
cookie: ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=1&pvis=1&th=; ABTastySession=mrasn=&sen=0&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-16628"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1438401/ 146 B
322 B 36ms
35ms XHR
application/json 52.16.211.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1438401/visit-data?sv=6
Requested by: Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.211.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-211-92.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ab95872c4726727a3b09b1f8c28490c70b7e407e97fd93bbfb75a2ecc5faac36

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/925700628/ 2 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/925700628/?random=1634086029606&cv=9&fst=1634086029606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2Flogin&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07767d5e1cb836c31c71fa58a7e5cd1630ca957766172e1bcae27f64e04ae693

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1029
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/925700628/ 42 B
108 B 21ms
21ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/925700628/?random=1634086029606&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2Flogin&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=538066020&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/925700628/ 0
0

GET
H2 200 login-bg-alt.ae17bc4565f3db15b7b88c10f3f05eeb.svg
secure.futurefuel.io/assets/images/ 72 KB
13 KB 162ms
162ms Image
image/svg+xml 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.futurefuel.io/assets/images/login-bg-alt.ae17bc4565f3db15b7b88c10f3f05eeb.svg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

738f310af8e6e589f9da05f517b39e0005afd68be3a33b04f64cf347ed6dbd04

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /assets/images/login-bg-alt.ae17bc4565f3db15b7b88c10f3f05eeb.svg
pragma: no-cache
cookie: _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1; ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=2&pvis=2&th=; ABTastySession=mrasn=&sen=1&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _hjCachedUserAttributes=eyJhdHRyaWJ1dGVzIjp7IkhhcyBHaXZlYmFjayBpbnN0YWxsZWQiOmZhbHNlfSwidXNlcklkIjpudWxsfQ==; _hjUserAttributesHash=cb20c21359bb0078bb6a0ef21e9d1712
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/login
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: W/"6160eb82-121dd"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com

GET
H2 200 NunitoSans-Bold.ttf
secure.futurefuel.io/assets/fonts/ 91 KB
93 KB 160ms
160ms Font
application/octet-stream 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/assets/fonts/NunitoSans-Bold.ttf

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

c571ae34f387c9b81381036896ea4f6c438f76282846bd3f0ebe159bb510018d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://secure.futurefuel.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1; ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=2&pvis=2&th=; ABTastySession=mrasn=&sen=1&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _hjCachedUserAttributes=eyJhdHRyaWJ1dGVzIjp7IkhhcyBHaXZlYmFjayBpbnN0YWxsZWQiOmZhbHNlfSwidXNlcklkIjpudWxsfQ==; _hjUserAttributesHash=cb20c21359bb0078bb6a0ef21e9d1712
:path: /assets/fonts/NunitoSans-Bold.ttf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://secure.futurefuel.io/
Origin: https://secure.futurefuel.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
x-content-type-options: nosniff
content-length: 93000
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: "6160eb82-16b48"
strict-transport-security: max-age=31536000; includeSubdomains
content-type: application/octet-stream
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
accept-ranges: bytes

GET
H2 200 NunitoSans-Regular.ttf
secure.futurefuel.io/assets/fonts/ 89 KB
91 KB 163ms
163ms Font
application/octet-stream 75.2.14.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.futurefuel.io/assets/fonts/NunitoSans-Regular.ttf

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.14.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a80d8795874baa161.awsglobalaccelerator.com

Software

nginx/1.21.1 /

Resource Hash

13ad641781e6dd5f2134fcfc9b1589e3c66902b69ccbb68b74d3bd139c1e324e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://secure.futurefuel.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: _gcl_au=1.1.198865760.1634086027; _hjid=ba0b265f-1d5b-46ce-8c93-0096496c5573; _hjFirstSeen=1; _hjIncludedInPageviewSample=1; _hjAbsoluteSessionInProgress=0; _hjIncludedInSessionSample=1; amp_aa4c50=txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1; ABTasty=uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=2&pvis=2&th=; ABTastySession=mrasn=&sen=1&lp=https%253A%252F%252Fsecure.futurefuel.io%252F; _hjCachedUserAttributes=eyJhdHRyaWJ1dGVzIjp7IkhhcyBHaXZlYmFjayBpbnN0YWxsZWQiOmZhbHNlfSwidXNlcklkIjpudWxsfQ==; _hjUserAttributesHash=cb20c21359bb0078bb6a0ef21e9d1712
:path: /assets/fonts/NunitoSans-Regular.ttf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: secure.futurefuel.io
referer: https://secure.futurefuel.io/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://secure.futurefuel.io/
Origin: https://secure.futurefuel.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 00:47:09 GMT
x-content-type-options: nosniff
content-length: 91460
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 09 Oct 2021 01:08:18 GMT
server: nginx/1.21.1
etag: "6160eb82-16544"
strict-transport-security: max-age=31536000; includeSubdomains
content-type: application/octet-stream
cache-control: no-transform
feature-policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
permissions-policy: geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
content-security-policy: frame-ancestors dev.futurefuel.io secure.futurefuel.io *.futurefuel.io; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.futurefuel.io *.google.pt *.google.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.futurefuel.io *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com; media-src 'self' *.vimeo.com *.akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.dev.futurefuel.io *.amazonaws.com *.doubleclick.net *.futurefuel.io *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com; prefetch-src *.plaid.com
accept-ranges: bytes

POST
H2 200 / Show response
ariane.abtasty.com/ 43 B
106 B 15ms
15ms Fetch
image/gif 34.102.161.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ariane.abtasty.com/

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.161.46 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

46.161.102.34.bc.googleusercontent.com

Software

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
access-control-allow-headers: Content-Type,Origin,Accept,Set-Cookie,X-ABTasty-CrossDomain
date: Wed, 13 Oct 2021 00:47:10 GMT
access-control-allow-methods: GET,HEAD,POST
content-type: image/gif
access-control-allow-origin: https://secure.futurefuel.io
cache-control: must-revalidate, no-cache, private
access-control-allow-credentials: true
alt-svc: clear
content-length: 43

POST
H2 202 events Show response
e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io/intake/v2/rum/ 0
40 B 188ms
187ms XHR
text/plain 54.212.23.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io/intake/v2/rum/events

Requested by

Host: secure.futurefuel.io
URL: https://secure.futurefuel.io/179.dcf3939c6094924d7763.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.212.23.110 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-212-23-110.us-west-2.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Content-Encoding: gzip
Referer: https://secure.futurefuel.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-ndjson

Response headers

access-control-allow-origin: https://secure.futurefuel.io
date: Wed, 13 Oct 2021 00:47:10 GMT
x-cloud-request-id: tZtg-4ZlRM2qWj1GTwT4Yw
x-found-handling-instance: instance-0000000011
x-found-handling-cluster: e3ea27d67ee14f3b8f8d1faae986c06c
content-length: 0
x-content-type-options: nosniff

OPTIONS
H2 200 events
e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io/intake/v2/rum/ Frame 0
0 566ms
181ms Preflight 54.212.23.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io/intake/v2/rum/events

Protocol

Server

54.212.23.110 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-212-23-110.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-encoding,content-type
Origin: https://secure.futurefuel.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Content-Type, Content-Encoding, Accept
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: https://secure.futurefuel.io
access-control-expose-headers: Etag
access-control-max-age: 3600
date: Wed, 13 Oct 2021 00:47:10 GMT
vary: Origin
x-cloud-request-id: E3how418Qd2wR8j3RHvmPw
x-content-type-options: nosniff
x-found-handling-cluster: e3ea27d67ee14f3b8f8d1faae986c06c
x-found-handling-instance: instance-0000000011
content-length: 0

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/46/8/intl/de_ALL/ 82 KB
30 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/de_ALL/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&libraries=places&callback=__jp0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e95932318a296da1260151c02ff39f88d0985b298633594fc15f83376463255

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 18:01:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30752
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 21:43:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="maps-api-js"
expires: Thu, 06 Oct 2022 18:01:07 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/46/8/intl/de_ALL/ 294 KB
90 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/de_ALL/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&libraries=places&callback=__jp0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab2f5f1dc0478d383f50f1dfddf898e2d3952e964dbdc6cda64e017f32b0a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 18:01:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92123
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 21:43:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="maps-api-js"
expires: Thu, 06 Oct 2022 18:01:07 GMT

GET
H2 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ 62 B
208 B 58ms
57ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fsecure.futurefuel.io%2Flogin&4sAIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&callback=_xdc_._wkgji8&key=AIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&token=110199

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/de_ALL/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

6fafed8075b6f8d74a87f3bf098b1cf551241b9de2b09b89c8b8977c53453db0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure.futurefuel.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 00:47:12 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment
server-timing: gfet4t7; dur=42
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/475656849/?random=1634086027287&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=2675419540&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/925700628/?random=1634086027291&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=3681826076&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/?random=1634086027797&cv=9&fst=1634086027797&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/925700628/?random=1634086027797&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=1286805596&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/?random=1634086029606&cv=9&fst=1634086029606&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2Flogin&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/925700628/?random=1634086029606&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2Flogin&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=538066020&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.futurefuel.io/	1970-01-20 00:04:22	Name: _gcl_au Value: 1.1.198865760.1634086027
.futurefuel.io/	1970-01-20 06:40:22	Name: _hjid Value: ba0b265f-1d5b-46ce-8c93-0096496c5573
.futurefuel.io/	1970-01-19 21:54:47	Name: _hjFirstSeen Value: 1
secure.futurefuel.io/	1970-01-19 21:54:46	Name: _hjIncludedInPageviewSample Value: 1
.futurefuel.io/	1970-01-19 21:54:47	Name: _hjAbsoluteSessionInProgress Value: 0
secure.futurefuel.io/	1970-01-19 21:54:46	Name: _hjIncludedInSessionSample Value: 1
.doubleclick.net/	1970-01-20 07:16:22	Name: IDE Value: AHWqTUn9saO9z0Z9sKwz4zfAkugfZtp7qtBOZBWdIflviWz0Omse7vbD2H6av8CR
ff-cookie-test.s3-us-west-2.amazonaws.com/	1970-01-19 21:54:46	Name: s Value: 1
.futurefuel.io/	1970-01-20 06:40:22	Name: amp_aa4c50 Value: txdYNPbRLwE12mf_IW7gzk...1fhrhs0e8.1fhrhs1ae.1.0.1
.futurefuel.io/	1970-01-20 07:13:29	Name: ABTasty Value: uid=cw24evc4aar5w10e&fst=1634086027165&pst=-1&cst=1634086027165&ns=1&pvt=2&pvis=2&th=
.futurefuel.io/	1970-01-19 21:54:47	Name: ABTastySession Value: mrasn=&sen=1&lp=https%253A%252F%252Fsecure.futurefuel.io%252F
secure.futurefuel.io/	1969-12-31 23:59:59	Name: _hjCachedUserAttributes Value: eyJhdHRyaWJ1dGVzIjp7IkhhcyBHaXZlYmFjayBpbnN0YWxsZWQiOmZhbHNlfSwidXNlcklkIjpudWxsfQ==
secure.futurefuel.io/	1970-01-19 21:54:46	Name: _hjUserAttributesHash Value: cb20c21359bb0078bb6a0ef21e9d1712

39 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'push'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'self'.
security	warning	Message: Error with Feature-Policy header: Unrecognized origin: 'none'.
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: geolocation, midi, sync-xhr, microphone, camera, magnetometer, gyroscope, fullscreen, payment. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature geolocation. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature midi. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature notifications. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature push. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature sync-xhr. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature microphone. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature camera. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature magnetometer. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature gyroscope. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature speaker. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature vibrate. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature fullscreen. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Invalid allowlist item(none) for feature payment. Allowlist item must be *, self or quoted url.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'push'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vibrate'.
security	error	URL: https://secure.futurefuel.io/ Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/475656849/?random=1634086027287&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=2675419540&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com *.amazonaws.com data:".
security	error	URL: https://secure.futurefuel.io/ Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/925700628/?random=1634086027291&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=3681826076&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com *.amazonaws.com data:".
security	error	URL: https://secure.futurefuel.io/ Message: Refused to load the image 'https://googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/?random=1634086027797&cv=9&fst=1634086027797&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1' because it violates the following Content Security Policy directive: "img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com *.amazonaws.com data:".
security	error	URL: https://secure.futurefuel.io/ Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/925700628/?random=1634086027797&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2F&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=1286805596&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com *.amazonaws.com data:".
network	error	URL: https://api.futurefuel.io/api/1/auth/check Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.futurefuel.io/api/1/auth/check Message: Failed to load resource: the server responded with a status of 401 ()
security	error	URL: https://secure.futurefuel.io/login Message: Refused to load the image 'https://googleads.g.doubleclick.net/pagead/viewthroughconversion/475656849/?random=1634086029606&cv=9&fst=1634086029606&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&ig=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2Flogin&tiba=FutureFuel.io&hn=www.googleadservices.com&async=1' because it violates the following Content Security Policy directive: "img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com *.amazonaws.com data:".
security	error	URL: https://secure.futurefuel.io/login Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/925700628/?random=1634086029606&cv=9&fst=1634083200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaab0&sendb=1&data=event%3Doptimize.callback&frm=0&url=https%3A%2F%2Fsecure.futurefuel.io%2Flogin&tiba=FutureFuel.io&async=1&fmt=3&is_vtc=1&random=538066020&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com *.amazonaws.com data:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors dev.futurefuel.io secure.futurefuel.io .futurefuel.io; default-src 'self' .plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' .futurefuel.io .google.pt .google.com .gstatic.com .plaid.com .gravatar.com .amazonaws.com .helpscout.net .cloudfront.net .impact.com .google-analytics.com .abtasty.com .amazonaws.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .futurefuel.io .abtasty.com .amazonaws.com .google.com .doubleclick.net .zopim.com .iterable.com .credible.com .hotjar.com .quovo.com .plaid.com .google-analytics.com .googleapis.com .googletagmanager.com optimize.google.com .googleadservices.com .helpscout.net payitoff-cdn.io .payitoff-cdn.io payitoff-sandbox.io .payitoff-sandbox.io payitoff.io .payitoff.io; connect-src 'self' wss://payitoff.io wss://.zopim.com wss://.hotjar.com .payitoff.io payitoff.io payitoff-sandbox.io .payitoff-sandbox.io .abtasty.com .amazonaws.com .google.pt .google.com .doubleclick.net .futurefuel.io .iterable.com .mixpanel.com .hotjar.io .hotjar.com .es.io .amplitude.com .cloudfront.net .helpscout.net .google-analytics.com .plaid.com; style-src 'self' 'unsafe-inline' unsafe-inline: .abtasty.com .gstatic.com .googleapis.com 'unsafe-eval' fonts.googleapis.com; font-src 'self' blob: data: fonts.gstatic.com .hotjar.com optimize.google.com .abtasty.com .gstatic.com .googleapis.com; media-src 'self' .vimeo.com .akamaized.net; frame-src 'self' payitoff-sandbox.io payitoff.io .payitoff.io .dev.futurefuel.io .amazonaws.com .doubleclick.net .futurefuel.io .payitoff-sandbox.io payitoff.io .payitoff.io .quovo.com .plaid.com .hotjar.com .vimeo.com optimize.google.com .calendly.com calendly.com; prefetch-src .plaid.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.amplitude.com
api.futurefuel.io
ariane.abtasty.com
beacon-v2.helpscout.net
cdn.plaid.com
d3hb14vkzrxvla.cloudfront.net
dcinfos-cache.abtasty.com
e3ea27d67ee14f3b8f8d1faae986c06c.apm.us-west-2.aws.cloud.es.io
ff-cookie-test.s3-us-west-2.amazonaws.com
googleads.g.doubleclick.net
in.hotjar.com
js.iterable.com
maps.googleapis.com
payitoff-cdn.io
script.hotjar.com
secure.futurefuel.io
static.hotjar.com
try.abtasty.com
ufb6827o24.execute-api.us-west-2.amazonaws.com
vars.hotjar.com
ws3.hotjar.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
googleads.g.doubleclick.net
www.google.de
13.32.23.12
13.32.29.61
13.32.29.8
13.32.29.87
13.35.253.36
142.250.184.194
143.204.209.41
143.204.209.47
143.204.209.8
2a00:1450:4001:813::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:830::200a
34.102.161.46
34.107.143.101
50.112.172.132
52.16.211.92
52.212.240.37
52.218.177.33
54.212.23.110
65.9.66.30
65.9.66.34
75.2.14.218
044c3cba31d41339e4c7d140903f9791a1a12f3389db637ee247bcf0f25eb305
07767d5e1cb836c31c71fa58a7e5cd1630ca957766172e1bcae27f64e04ae693
08220cbe6aa520222b1df7297a664016328c7a74bc9b1e150830e744f39d4cc1
0c1dd3a023f3ac6612894c1dc8434ab40b343ff4271eee225ea9a038a255158a
0e95932318a296da1260151c02ff39f88d0985b298633594fc15f83376463255
13ad641781e6dd5f2134fcfc9b1589e3c66902b69ccbb68b74d3bd139c1e324e
177f3135b801224b19eb1f52779787519eb6221be5faff715e0116148901ad1f
1b07ff9cb3ee66f1f0e4c708320ea5d9d6487d1b15e022416d914e214df163aa
25556eda6bf125bbf6c0f01008467a9c736576601cdc9804eba4f2f20c11a3cc
2de84e44eef667c8a18d22033bb27528442eedd326dc39798b7246de7030c4ac
3118684802feda5efd967486c0bdf615205c639a54de7acb76f091ff6da260a0
3e4dcf5d937c6cd9bd580358e83d9bff9769f73cc2364ed9af22c88571959adb
4b9e657bafb4c50dc17d85058a552dfd61cc3cbe60d91ceec22558275d6d2faa
598aa9e340e9203d13e52c015dd235e44dc8d717347374607e0be953f44cd94e
5db812a555023df0b19e2b44dfa55f4d56fcf952310ec4ef720376c00e4aac89
6073cadb462189cce912ffd55a41f65830d7c598a7ed8a80b86b578fa6e9342b
65bc28c0a2212fb6041e0e263973232af15d586e9778d6ba0bc02cad4446f6fd
6fafed8075b6f8d74a87f3bf098b1cf551241b9de2b09b89c8b8977c53453db0
738f310af8e6e589f9da05f517b39e0005afd68be3a33b04f64cf347ed6dbd04
7439e0ca1a61e9d085faed07623b44d3db192435d25a5eb59477147ccdf07216
76f65143d547b29511d902d9b7cb238563864bdf6cffc6ba7b6589b5f58124f9
7989fa33f15fd8e52eff685b08a5f870992200fa89629eed02b6176e25961ae9
7d195f32994f953f141f160921ba015fcbd9129860cb251a0102bba9bf727083
88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987
89e8c7062fe9ea6578c0854ded9bd9914046cc6bbf7ae76ae67d001484630440
8e170827cf6b2dfdb810cef652d70f9cbd9ff58f4242cb735622833b5ff69bd3
93e53967af90a2fa3bfe467ea5b778f8777cdbf9b1244ebe0adff1ac34eb649b
99b2b0c33fcc979541033b2add146cc05030335e1ab3f9d991b1a33859dbf5b2
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa3ee7e9f1bb7babe1919d54d01956589bf01025e82cdaaa3ed0d0719c851a3c
ab95872c4726727a3b09b1f8c28490c70b7e407e97fd93bbfb75a2ecc5faac36
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b3bea434cd53762dfc0bf85eecc6392dffe8b4254cf5d11447dbae4739d79839
b62bd6b7eb32ff813e213da653a967e6ecb61805a25e1d9f70bee334227513a6
c4a3c56f2f22c43979a18d1dd5e65bbfd03386032f065da061f64b960623e2f3
c4ab94381a68d2eb9962003194fbbb5aa2736068a400dc3419caa76ae5e39e58
c571ae34f387c9b81381036896ea4f6c438f76282846bd3f0ebe159bb510018d
cbbf676d76b4d711a2d6b3e4527548615d4a7d6b29db15a8b3922d04cbe1a8b9
d07cb6ea6a3df858656a435de40e39312629223512cb7810c2556fb2b6e3541e
d6b8fa88d0581fdfb111d9f05b08ee3299ed45c9e0feec2e31724a9736ea5f2b
e34e19c0d41b60e032cda00eb1c759eed68c04bfbd1b1b4e857f5d5fbdbd1a47
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79f8a82347848cf360a61aaddb97abacde63aeb9a57e78a2254ba265eeb4fa9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f26baaedb108be5a29f68a3e0292c2c00b793408be27fb8f8bd3d9c6a28a9cc3
f304083b34fcd37b7094e36fb6c2a89b6e254eab8de988cd09f7f6fce1cac05c
fab2f5f1dc0478d383f50f1dfddf898e2d3952e964dbdc6cda64e017f32b0a16
fcf99672d28b88ce163161f7d554331e71f9690e4af2d013406655167a941216

secure.futurefuel.io Open in urlscan Pro 75.2.14.218 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

70 Requests

91 %HTTPS

17 %IPv6

17 Domains

25 Subdomains

24 IPs

3 Countries

1382 kBTransfer

4075 kBSize

13 Cookies

0 Outgoing links

Redirected requests

70 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

secure.futurefuel.io Open in urlscan Pro
75.2.14.218 Public Scan

Screenshot
Live screenshot

Full Image

70
Requests

91 %
HTTPS

17 %
IPv6

17
Domains

25
Subdomains

24
IPs

3
Countries

1382 kB
Transfer

4075 kB
Size

13
Cookies

70 HTTP transactions
0 data transactions