urlscan.io logo urlscan.io
SecurityTrails logo

offtherecord.com Open in urlscan Pro
99.86.4.19  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://offtherecord.com/
Effective URL: https://offtherecord.com/
Submission: On May 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 44 IPs in 5 countries across 30 domains to perform 174 HTTP transactions. The main IP is 99.86.4.19, located in United States and belongs to AMAZON-02, US. The main domain is offtherecord.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 16th 2023. Valid for: a year.
This is the only time offtherecord.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
52 99.86.4.19 16509 (AMAZON-02)
4 216.58.206.68 15169 (GOOGLE)
16 2606:4700:440... 13335 (CLOUDFLAR...)
2 2a04:4e42:200... 54113 (FASTLY)
2 151.101.128.176 54113 (FASTLY)
1 7 54.84.112.40 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
7 34.96.102.137 396982 (GOOGLE-CL...)
3 2a00:1450:400... 15169 (GOOGLE)
2 52.222.236.6 16509 (AMAZON-02)
10 100.25.50.51 14618 (AMAZON-AES)
6 54.156.207.182 14618 (AMAZON-AES)
2 2a03:2880:f08... 32934 (FACEBOOK)
6 52.55.33.190 14618 (AMAZON-AES)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a04:4e42:400... 54113 (FASTLY)
3 2a01:111:202c... 8068 (MICROSOFT...)
3 2001:4860:480... 15169 (GOOGLE)
1 216.58.206.66 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 157.240.252.13 32934 (FACEBOOK)
1 216.58.206.67 15169 (GOOGLE)
1 142.250.181.232 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 142.250.186.35 15169 (GOOGLE)
1 151.101.193.140 54113 (FASTLY)
2 18.173.205.60 16509 (AMAZON-02)
1 2a03:2880:f17... 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.66.112.5 16509 (AMAZON-02)
1 34.102.211.197 396982 (GOOGLE-CL...)
1 104.18.80.204 13335 (CLOUDFLAR...)
1 35.201.112.186 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.222.214.55 16509 (AMAZON-02)
1 18.245.60.11 16509 (AMAZON-02)
174 44
52    99.86.4.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-19.fra6.r.cloudfront.net
offtherecord.com
4    216.58.206.68 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f4.1e100.net
www.google.com
16    2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
ka-p.fontawesome.com
2    2a04:4e42:200::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
2    151.101.128.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
7    54.84.112.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-112-40.compute-1.amazonaws.com
relay.offtherecord.com
2    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
1    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
4    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
7    34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com
dev.visualwebsiteoptimizer.com
3    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    52.222.236.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-6.fra56.r.cloudfront.net
js.stripe.com
10    100.25.50.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-50-51.compute-1.amazonaws.com
otr-backend-service-us-prod.offtherecord.com
6    54.156.207.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-207-182.compute-1.amazonaws.com
relay.offtherecord.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
6    52.55.33.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-55-33-190.compute-1.amazonaws.com
wchat.freshchat.com
4    2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2a01:111:202c::237 (United Kingdom)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
3    2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f2.1e100.net
www.googleadservices.com
1    2606:4700::6810:8bd1 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    2a02:26f0:3500:11::215:14d5 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com
2    157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net
connect.facebook.net
1    216.58.206.67 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f3.1e100.net
fonts.gstatic.com
1    142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net
www.googletagmanager.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c1d::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
www.google.de
1    151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
alb.reddit.com
2    18.173.205.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-60.fra56.r.cloudfront.net
wa.onelink.me
1    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6810:6dfe (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
2    2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hubspot.com
cta-service-cms2.hubspot.com
1    2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    18.66.112.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-5.fra56.r.cloudfront.net
wa.appsflyer.com
1    34.102.211.197 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 197.211.102.34.bc.googleusercontent.com
anhkgav0.apicdn.sanity.io
1    104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)
perf-na1.hsforms.com
1    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
1    2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
1    52.222.214.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-55.fra56.r.cloudfront.net
snippets.freshchat.com
1    18.245.60.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-11.fra60.r.cloudfront.net
httpsofftherecordcom.webpush.freshchat.com
Apex Domain
Subdomains		 Transfer
75 offtherecord.com
offtherecord.com
relay.offtherecord.com
otr-backend-service-us-prod.offtherecord.com
1 MB
16 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1866
ka-p.fontawesome.com — Cisco Umbrella Rank: 3346
334 KB
8 freshchat.com
wchat.freshchat.com — Cisco Umbrella Rank: 12143
snippets.freshchat.com — Cisco Umbrella Rank: 71685
httpsofftherecordcom.webpush.freshchat.com
35 KB
7 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2757
55 KB
7 google.com
www.google.com — Cisco Umbrella Rank: 2
apis.google.com — Cisco Umbrella Rank: 139
region1.analytics.google.com — Cisco Umbrella Rank: 3095
117 KB
6 gstatic.com
www.gstatic.com
fonts.gstatic.com
302 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
160 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
355 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
4 KB
4 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1088
188 KB
3 hubspot.com
js.hubspot.com — Cisco Umbrella Rank: 4098
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4060
track.hubspot.com — Cisco Umbrella Rank: 2393
27 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
22 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 345
14 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4572
forms.hscollectedforms.net — Cisco Umbrella Rank: 4722
26 KB
2 onelink.me
wa.onelink.me — Cisco Umbrella Rank: 11060
873 B
2 google.de
www.google.de — Cisco Umbrella Rank: 7810
126 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
407 B
2 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 4578
wa.appsflyer.com — Cisco Umbrella Rank: 7184
10 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1160
13 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4448
22 KB
1 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2197
12 KB
1 hsforms.com
perf-na1.hsforms.com — Cisco Umbrella Rank: 4386
929 B
1 sanity.io
anhkgav0.apicdn.sanity.io
3 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2189
23 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2225
21 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
275 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1376
638 B
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2460
1 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 126
18 KB
0 amazonaws.com Failed
off-the-record-service.s3.us-west-2.amazonaws.com Failed
174 30
Domain Requested by
52 offtherecord.com offtherecord.com
browser.sentry-cdn.com
15 ka-p.fontawesome.com kit.fontawesome.com
offtherecord.com
13 relay.offtherecord.com 1 redirects offtherecord.com
browser.sentry-cdn.com
relay.offtherecord.com
10 otr-backend-service-us-prod.offtherecord.com browser.sentry-cdn.com
7 dev.visualwebsiteoptimizer.com relay.offtherecord.com
offtherecord.com
dev.visualwebsiteoptimizer.com
6 wchat.freshchat.com offtherecord.com
wchat.freshchat.com
5 fonts.gstatic.com fonts.googleapis.com
4 connect.facebook.net offtherecord.com
connect.facebook.net
4 www.googletagmanager.com offtherecord.com
www.googletagmanager.com
4 fonts.googleapis.com offtherecord.com
4 js.stripe.com offtherecord.com
js.stripe.com
4 www.google.com offtherecord.com
www.gstatic.com
3 www.google-analytics.com offtherecord.com
www.google-analytics.com
browser.sentry-cdn.com
3 bat.bing.com offtherecord.com
bat.bing.com
2 wa.onelink.me browser.sentry-cdn.com
2 www.google.de offtherecord.com
2 stats.g.doubleclick.net www.googletagmanager.com
browser.sentry-cdn.com
2 www.redditstatic.com www.googletagmanager.com
browser.sentry-cdn.com
2 apis.google.com offtherecord.com
apis.google.com
2 browser.sentry-cdn.com offtherecord.com
1 httpsofftherecordcom.webpush.freshchat.com wchat.freshchat.com
1 snippets.freshchat.com offtherecord.com
1 track.hubspot.com
1 edge.fullstory.com offtherecord.com
1 perf-na1.hsforms.com offtherecord.com
1 cta-service-cms2.hubspot.com browser.sentry-cdn.com
1 forms.hscollectedforms.net browser.sentry-cdn.com
1 anhkgav0.apicdn.sanity.io browser.sentry-cdn.com
1 wa.appsflyer.com browser.sentry-cdn.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hubspot.com js.hs-scripts.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 www.facebook.com offtherecord.com
1 alb.reddit.com offtherecord.com
1 region1.analytics.google.com www.googletagmanager.com
1 websdk.appsflyer.com offtherecord.com
1 js.hs-scripts.com www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 www.gstatic.com www.google.com
1 kit.fontawesome.com offtherecord.com
0 off-the-record-service.s3.us-west-2.amazonaws.com Failed offtherecord.com
174 42
Subject Issuer Validity Valid
*.offtherecord.com
Amazon RSA 2048 M02		 2023-11-16 -
2024-12-14		 a year crt.sh
*.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-04 -
2025-01-03		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-08-01 -
2024-09-01		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-27 -
2024-06-27		 3 months crt.sh
*.apis.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.gstatic.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2023-07-06 -
2024-07-06		 a year crt.sh
*.google-analytics.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-23 -
2024-05-23		 3 months crt.sh
*.freshchat.com
Amazon RSA 2048 M02		 2024-01-22 -
2025-02-18		 a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-08 -
2024-07-06		 6 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02		 2024-05-01 -
2024-06-27		 2 months crt.sh
*.googleadservices.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
hs-scripts.com
E1		 2024-04-01 -
2024-06-30		 3 months crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-27 -
2024-07-27		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google.de
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-15 -
2024-07-13		 6 months crt.sh
*.onelink.me
Amazon RSA 2048 M02		 2024-05-05 -
2025-06-02		 a year crt.sh
hs-analytics.net
GTS CA 1P5		 2024-04-13 -
2024-07-12		 3 months crt.sh
hscollectedforms.net
E1		 2024-03-29 -
2024-06-27		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2024-01-06 -
2024-12-31		 a year crt.sh
hs-banner.com
E1		 2024-04-01 -
2024-06-30		 3 months crt.sh
*.apicdn.sanity.io
Sectigo RSA Domain Validation Secure Server CA		 2023-10-10 -
2024-09-30		 a year crt.sh
hsforms.com
GTS CA 1P5		 2024-04-17 -
2024-07-16		 3 months crt.sh
freshchat.com
Amazon RSA 2048 M02		 2023-06-26 -
2024-07-23		 a year crt.sh
*.wchat.webpush.myfreshworks.com
Amazon RSA 2048 M01		 2023-06-21 -
2024-07-18		 a year crt.sh

This page contains 7 frames:

Primary Page: https://offtherecord.com/
Frame ID: 4C69655268FC9D92AF7D7AFA756AC332
Requests: 173 HTTP requests in this frame

Frame: https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fofftherecord.com&stripe_xdm_c=default559123&stripe_xdm_p=1
Frame ID: 6B61FF429F959F4D687A308B338312DB
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: F8FCC5D324EF2C82A0810C1C80DDF43C
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3&co=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29tOjQ0Mw..&hl=de&v=8k85QBI-qzxmenDv318AZH30&size=invisible&cb=bd1gvd4p3cy
Frame ID: BCBFDE01493013F3DF9B417848F18A66
Requests: 1 HTTP requests in this frame

Frame: https://wchat.freshchat.com/widget/config_iframe.html?host=https://wchat.freshchat.com&token=c36ed4b1-ac05-4052-a91f-83203339cd7c&origin=https://offtherecord.com
Frame ID: 7960E836EECF03323FE6C4A5289DAD8B
Requests: 1 HTTP requests in this frame

Frame: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t&eagerLoad=true
Frame ID: BB7F060A4BE7CD50CBF1C92DB98C3709
Requests: 1 HTTP requests in this frame

Frame: https://httpsofftherecordcom.webpush.freshchat.com/index.html?ref=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Frame ID: 88B9239D01F786E6919F289AC6716CD0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fight Your Moving Violation | Traffic Ticket Lawyer Local & Online

Page URL History Show full URLs

  1. http://offtherecord.com/ HTTP 307
    https://offtherecord.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
  • \bangular.{0,32}\.js
Overall confidence: 100%
Detected patterns
  • wchat\.freshchat\.com/js/widget\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

174
Requests

95 %
HTTPS

49 %
IPv6

30
Domains

42
Subdomains

44
IPs

5
Countries

2881 kB
Transfer

9394 kB
Size

38
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://offtherecord.com/ HTTP 307
    https://offtherecord.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 168
  • https://relay.offtherecord.com/datalayer/v4/latest.js HTTP 302
  • https://edge.fullstory.com/datalayer/v4/latest.js

174 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
offtherecord.com/
Redirect Chain
  • http://offtherecord.com/
  • https://offtherecord.com/
15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
f304f3fd3d8bb15da7a2bafcf83f90bb40bff5bbe00bc0671ebca41e0128d903

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control
no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 16 May 2024 13:46:25 GMT
etag
W/"3bb6-18f304cd220"
expires
0
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
vary
Accept-Encoding
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-id
RZh1Gsx-5eTzV5dgbQAyl8gRgTViqQ9sw0wH710e8ZEgOMfrhT8-Zw==
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-powered-by
Express

Redirect headers

Location
https://offtherecord.com/
Non-Authoritative-Reason
HttpsUpgrades
api.js
www.google.com/recaptcha/ 		1 KB
973 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f4.1e100.net
Software
GSE /
Resource Hash
a660a82226cc76c6674f060a12de2c7eb6b5aa98ee9e725d296fa7b5934d0f20
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 16 May 2024 13:46:25 GMT
api.js
www.google.com/recaptcha/ 		1 KB
947 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f4.1e100.net
Software
GSE /
Resource Hash
53355e92ca37f077ef5fb7dbcc40b579ab0fa9178e19121d54ce99ece2f39aeb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 16 May 2024 13:46:25 GMT
af20baf93e.js
kit.fontawesome.com/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/af20baf93e.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55e9a08cde71ec47754aef6c72a216b2900fecfe5015d035cc04a0935cdd4e42

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
58
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
content-type
text/javascript
cache-control
max-age=60, public, stale-while-revalidate=30
cf-ray
884bd0577f533656-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
F89xcRHrgyOB76W_k2cB
bundle.min.js
browser.sentry-cdn.com/6.19.7/ 		65 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 26 Apr 2022 13:11:05 GMT
server
Fastly
age
5642513
etag
"4dc87c1e025f84ef0d14fe9187946dfd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
20887
expires
Wed, 17 Jul 2024 08:51:23 GMT
angular.min.js
browser.sentry-cdn.com/6.19.7/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/6.19.7/angular.min.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 26 Apr 2022 13:11:05 GMT
server
Fastly
age
2525120
etag
"14f18525c8f97317f08d5cc6f80a1953"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
882
expires
Thu, 19 Sep 2024 13:29:39 GMT
/
js.stripe.com/v2/ 		62 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Thu, 16 May 2024 13:46:25 GMT
via
1.1 varnish
age
30
x-cache
HIT
content-length
21836
x-request-id
045c93c8-0925-4dc5-b547-271eedba354d
x-served-by
cache-fra-etou8220147-FRA
last-modified
Thu, 03 Feb 2022 12:42:55 GMT
server
Fastly
etag
"4e0e5080f8f45588fcc33b82ee08fa3c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=300
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2
/
js.stripe.com/v3/ 		604 KB
167 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
703c6538c7c240f05fa39933fe7625588a50071d6d402250da0075de638c7b81
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Thu, 16 May 2024 13:46:25 GMT
via
1.1 varnish
age
39
x-cache
HIT
content-length
170294
x-request-id
c4570e7c-f92b-4cdf-9003-ab1cfcd9caba
x-served-by
cache-fra-etou8220147-FRA
last-modified
Wed, 15 May 2024 20:41:03 GMT
server
Fastly
etag
"470acd355ab36612885d09fe7907ab94"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
12
177.06b438bd9abf459b0af4.js
offtherecord.com/ 		3 MB
558 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/177.06b438bd9abf459b0af4.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
770ab091f87c39b70a00d92d2479d6564064e4a89859285c6cdc08a502e8aa52

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 15:18:03 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
340103
x-powered-by
Express
etag
W/"2a4abc-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
uSZhC_Ijjd3ts37-HIVgc0OwMhXOqLM6cew1TM1uZ7RP6urvWw3OqQ==
main.23e6b8d8263921a9720d.js
offtherecord.com/ 		458 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/main.23e6b8d8263921a9720d.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
3ef96cf8ace7331eac86b1109658ad523a208e1f2d4cffb715964b5c3611930f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:08 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377298
x-powered-by
Express
etag
W/"72832-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
0Qs0KWSjPeB5PDeT8056zG84Cs5ZYelSoL97ytZg6peSN2hGek61kA==
main.38e6b04a9facc3b0a6c9.css
offtherecord.com/ 		361 KB
62 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/main.38e6b04a9facc3b0a6c9.css
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
3bf4e07601b268d1d7e49c3d59f63db2263c9e69868e27d9f5cf87e6ddd74c84

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:08 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377297
x-powered-by
Express
etag
W/"5a57d-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
I0i8uL49YnW3dOOFYNzkIUw4YZHNXwI-akLlNor0-EBzH-2FC7MlUw==
j.php
relay.offtherecord.com/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:447/j.php?a=660553&u=https%3A%2F%2Fofftherecord.com%2F&vn=2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.84.112.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-112-40.compute-1.amazonaws.com
Software
gnv1 /
Resource Hash
1f5b000935bd4d56e6b3d6407a69da5d934d247c94a833d845b2476d3a3b8f22

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
gzip
via
1.1 google
server
gnv1
etag
W/"1715779664"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
inline-scripts.js
offtherecord.com/app/common/preprocessor/ 		320 B
701 B 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/app/common/preprocessor/inline-scripts.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
28503820ff423a3e61dcab001567d362860dfed3863e3143f5046316a2f262f2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:08 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377298
x-powered-by
Express
etag
W/"140-18f304cd220"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
320
x-amz-cf-id
-r91mJQCnQmmepDL46RpsVarindvOh4ETMlPjcDRC6P6pLJM7E0dMA==
client.js
apis.google.com/js/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/client.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
abe72c7981d3e55e05f111caebead10a7e80cf20b3b60776600724f251c4790d
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 16 May 2024 13:46:26 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5900
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"41280b644365012e"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 May 2024 13:46:26 GMT
autotrack.js
offtherecord.com/node_modules/autotrack/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/node_modules/autotrack/autotrack.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
bceb73993d094c4c821c7571921103bdc8c05e9082c4fc513d244358d53593db

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 11:17:33 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Wed, 01 May 2024 17:29:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
95333
x-powered-by
Express
etag
W/"60d8-18f35340521"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
1JGvNi_rAfiBXALNhTfKPtzejUX3gFKDnhIC-6YwIkmym8vBe_QotQ==
recaptcha__de.js
www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/ 		519 KB
207 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e92f0b552deffbf207cee5389713056c7c3d27e4b9b9edaf29338d01a83c5962
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 01:02:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
218617
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
210834
x-xss-protection
0
last-modified
Mon, 13 May 2024 17:44:43 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 May 2025 01:02:49 GMT
pro.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		672 KB
118 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01a3066991f4af85d35aaa0068aa00054f9762f39c263853f49518d5f9784c4b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:26 GMT
server
cloudflare
age
3785688
etag
"660c23a2-1d791"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd057f8653656-FRA
content-length
120721
pro-v4-shims.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		27 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro-v4-shims.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f3387f11826be4923a2d3a8c1542780abd6d4c66ce13f2de770f2e386989593

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:24 GMT
server
cloudflare
age
3785688
etag
"660c23a0-10e7"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd057f8693656-FRA
content-length
4327
pro-v5-font-face.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		50 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro-v5-font-face.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1580a6a19cb081a84215f13b42f765469beb87d7401f16349760cd067fc4da71

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:24 GMT
server
cloudflare
age
3785688
etag
"660c23a0-1c3b"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd057f8663656-FRA
content-length
7227
pro-v4-font-face.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		7 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro-v4-font-face.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
516640faeb856df6599d165f26ee51ce8cbaaf34f7c09d818509e75f6a48ae13

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:24 GMT
server
cloudflare
age
3785688
etag
"660c23a0-6ca"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd057f86c3656-FRA
content-length
1738
custom-icons.css
ka-p.fontawesome.com/assets/af20baf93e/109913681/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/assets/af20baf93e/109913681/custom-icons.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7b242b6fc836be7b2e892946b2c7293d65da02a12ba9cb368e3ce404ad33819

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:25 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 14 May 2024 19:25:06 GMT
server
cloudflare
age
152466
etag
W/"30d71755cd19cfbab359506a397b8df0"
x-cache-status
MISS
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-ray
884bd057f86a3656-FRA
fs.js
relay.offtherecord.com/s/ 		272 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/s/fs.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.84.112.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-112-40.compute-1.amazonaws.com
Software
UploadServer /
Resource Hash
101dd9d7bb974d92c5a782371369855b10b7c21985affc76696f03f968cc5278

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
age
3374
x-guploader-uploadid
ABPtcPp-uJfwOJv5w22fvFQNbF-k8cf9j5sKYdh1vZ_Hy3938jrqvkywbd4OwjSDIyu6AuCK6p-JtFPQVw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75117
last-modified
Tue, 14 May 2024 15:47:32 GMT
server
UploadServer
etag
"d1de905f71259669026578e74a6421e7"
vary
Accept-Encoding
x-goog-generation
1715701652313169
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=ZJKNnw==, md5=0d6QX3EllmkCZXjnSmQh5w==
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
75117
accept-ranges
bytes
expires
Thu, 16 May 2024 13:50:12 GMT
css2
fonts.googleapis.com/ 		7 KB
815 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 May 2024 13:38:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 May 2024 13:46:26 GMT
css
fonts.googleapis.com/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 May 2024 13:39:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 May 2024 13:46:26 GMT
css
fonts.googleapis.com/ 		12 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito:200,300,400,600,700,800,900&display=swap
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7b7ca9dee8acbf03925b43a2cb76e364ba514c30a18de9f1523d0b156093c7d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 May 2024 13:46:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 May 2024 13:46:26 GMT
css2
fonts.googleapis.com/ 		6 KB
769 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@400;600;700&display=swap
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7b5edcbf4a04dec3e1381046ccfe8e7135eaca4cc47973ccfd4ec6384b39b8bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 May 2024 12:22:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 May 2024 13:46:26 GMT
tag-f27920e8127c636f988deb777d3577e5.js
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 		185 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-f27920e8127c636f988deb777d3577e5.js
Requested by
Host: relay.offtherecord.com
URL: https://relay.offtherecord.com:447/j.php?a=660553&u=https%3A%2F%2Fofftherecord.com%2F&vn=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
3d8e3be54a20aef89dda975f8e468db27fc034065c3b10e3780bd0812056c2fa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 15 May 2024 13:24:37 GMT
server
gfra1
etag
"6644b795-ce52"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52818
v.gif
dev.visualwebsiteoptimizer.com/ 		35 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=660553&d=offtherecord.com&u=D3EA9D517E62A1B345EC64DEFA83C95E2&h=9a6e00dea6d12b4dc7684865c80c36df&t=false
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=43200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
gtm.js
www.googletagmanager.com/ 		273 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4c4f3badf00f087b073e0402909bff2d823fe8ad9536b026ae5a3469646ad572
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95327
x-xss-protection
0
last-modified
Thu, 16 May 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 May 2024 13:46:26 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Dsoa_Wdo28w.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_vT9SKJEh9EgzMdmSuOtg3sj0vqg/ 		318 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Dsoa_Wdo28w.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_vT9SKJEh9EgzMdmSuOtg3sj0vqg/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
67a8b91c7b7e19e80feb9b82d946c3eb063d7ef3c3b4f58eb8d60a3dacebaf2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 14:12:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
171265
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111053
x-xss-protection
0
last-modified
Mon, 15 Apr 2024 18:15:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 May 2025 14:12:01 GMT
channel.html
js.stripe.com/v2/ Frame 6B61 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fofftherecord.com&stripe_xdm_c=default559123&stripe_xdm_p=1
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-6.fra56.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
age
56
cache-control
public, max-age=300
content-encoding
gzip
content-security-policy
report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
default-src 'self'; connect-src https://api.stripe.com; base-uri 'none'; form-action 'none'; img-src 'self' https://q.stripe.com; script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 16 May 2024 13:45:34 GMT
etag
W/"19af0c6cc7a0bca20a355b3362dc64a0"
last-modified
Tue, 05 Oct 2021 15:24:12 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 30e954298424aa69c035e25834574742.cloudfront.net (CloudFront)
x-amz-cf-id
a3FVLHqPpoZBIVwprK7TO3U7yt7T3YAtqypknfJJ_fQXzIX8STG3Lw==
x-amz-cf-pop
FRA56-P4
x-cache
Hit from cloudfront
x-content-type-options
nosniff
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame F8FC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-6.fra56.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1175
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 16 May 2024 13:27:39 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 10 May 2024 20:57:19 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 30e954298424aa69c035e25834574742.cloudfront.net (CloudFront)
x-amz-cf-id
NkvY2nnxIq2isq-X-EltN9Cz6hKG6XGMDhfTaIblilXI6bjLOl4Aag==
x-amz-cf-pop
FRA56-P4
x-cache
Hit from cloudfront
x-content-type-options
nosniff
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=4iti65ie2rp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Thu, 16 May 2024 13:46:26 GMT
server
nginx/1.22.1
_r
relay.offtherecord.com/app-link/ 		91 B
633 B 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/app-link/_r?sdk=web2.74.0&branch_key=key_live_oik1hC6SvaFGaQl6L4f5chghyqkDbk9G&callback=branch_callback__0
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/177.06b438bd9abf459b0af4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.156.207.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-207-182.compute-1.amazonaws.com
Software
openresty /
Resource Hash
814c8a6926d53ce3bb4926b0110b62517e530a4c557c23adf7907672c5c852ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d1dad7d3c339d87d553c26a84c9ca5d2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
server
openresty
x-amz-cf-pop
IAD55-P4
etag
W/"5b-XSGtPkgsQ6QBxp2t1IgAzK9ogUs"
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
content-length
91
x-amz-cf-id
ZuyUDIJMdidRQWNvcuqEcjMmOsIMgiguVWhc0oRI12C2XvxIOD-7GQ==
sdk.js
connect.facebook.net/en_US/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.23e6b8d8263921a9720d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f5dbb505669739738cf8a5549be5dd78dd7915ce8a33127632d428efb795f089
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 16 May 2024 13:46:26 GMT
content-md5
3qn77NjElZnyzoytF+AEwQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1687
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1294, tbw=2772, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug
MHV6Tu22m8ORDG0hgb1coXpbuIOiAPf21VoLKqXnfa/NJt6LPnPtAS+GxJAbvPNVgCSwSfESAhlFVXdqyvhf3Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
861e106b39b156bc2a93bd9205a11f59
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"86a1994493530bd7206b58943d21f761"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
expires
Thu, 16 May 2024 13:58:09 GMT
widget.js
wchat.freshchat.com/js/ 		67 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wchat.freshchat.com/js/widget.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.23e6b8d8263921a9720d.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.33.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-33-190.compute-1.amazonaws.com
Software
fwe /
Resource Hash
87d1d3eff67f2586e9039d705d502f782613f87dac4850653e10973940ffb7c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-trace-id
00-a3fedf94009c38b63e935353b376ccb8-2ecdcbb1ef3979d1-00
date
Thu, 16 May 2024 13:46:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
last-modified
Wed, 08 May 2024 05:23:06 GMT
server
fwe
nel
{ "report_to": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true}
report-to
{ "group": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
content-type
application/javascript
x-fw-ratelimiting-managed
false
cache-control
max-age=900, must-revalidate
x-server
sksnl
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
x-request-id
cda71d34-d11d-427c-a779-6a770962d759
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		163 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=4iti65ie2rp
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
anchor
www.google.com/recaptcha/api2/ Frame BCBF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3&co=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29tOjQ0Mw..&hl=de&v=8k85QBI-qzxmenDv318AZH30&size=invisible&cb=bd1gvd4p3cy
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/8k85QBI-qzxmenDv318AZH30/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Uje1cpX4TzB14v4dlIYi0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Uje1cpX4TzB14v4dlIYi0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 May 2024 13:46:26 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
l.gif
dev.visualwebsiteoptimizer.com/ 		35 B
99 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=50&account_id=660553&cu=https%3A%2F%2Fofftherecord.com%2F&combination=3&s=1&sId=1715867186&u=D3EA9D517E62A1B345EC64DEFA83C95E2&ed=%7B%22tz%22%3A%22Europe%2FBerlin%22%2C%22tO%22%3A%22-2%22%2C%22lt%22%3A%221715867186508%22%2C%22r%22%3A%22%22%2C%22ul%22%3A%22de-de%22%2C%22de%22%3A%22UTF-8%22%2C%22sc%22%3A%2224%22%2C%22sr%22%3A%221600x1200%22%7D&vn=7.0.351&vns=undefined&vno=undefined&eTime=1715867186514&random=0.7560814502161435
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-f27920e8127c636f988deb777d3577e5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:26 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
l.gif
dev.visualwebsiteoptimizer.com/ 		35 B
99 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=46&account_id=660553&cu=https%3A%2F%2Fofftherecord.com%2F&combination=2&s=1&u=D3EA9D517E62A1B345EC64DEFA83C95E2&vn=7.0.351&vns=undefined&vno=undefined&eTime=1715867186518&random=0.868140789242297
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-f27920e8127c636f988deb777d3577e5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:26 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
l.gif
dev.visualwebsiteoptimizer.com/ 		35 B
177 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=28&account_id=660553&cu=https%3A%2F%2Fofftherecord.com%2F&combination=2&s=1&u=D3EA9D517E62A1B345EC64DEFA83C95E2&vn=7.0.351&vns=undefined&vno=undefined&eTime=1715867186520&random=0.033929002009937426
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-f27920e8127c636f988deb777d3577e5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:26 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 11 May 2024 13:46:45 GMT
x-content-type-options
nosniff
age
431981
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 11 May 2025 13:46:45 GMT
default-template.8ffdc728dbde00888df0.html
offtherecord.com/templates/ 		732 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/default-template.8ffdc728dbde00888df0.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
bd90f865472fe70f7acafca83b79b17cea7a2687024d4842309ad97e7bc04f7c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:09 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377297
x-powered-by
Express
etag
W/"2dc-18f304cd220"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
732
x-amz-cf-id
ba7kbe71FsWf4zVnh9kXQF3q0-KovWziLmRzH6xitVrXN4xuk-5r6A==
home.component.210dcaefd5226e739222.html
offtherecord.com/templates/ 		32 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/home.component.210dcaefd5226e739222.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
32a55c673dfbcccd608dfa96cd2aa9b34d0b503ba32de13ace9f5b81c05e0386

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:09 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377297
x-powered-by
Express
etag
W/"7eff-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
XuZjav5vkG1Q67AOlG8_ZlbvCBQ6a7yd5FfKUSp1WCyvebifSjra9A==
login.6cfe931c8bfbec9ed705.html
offtherecord.com/templates/ 		24 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/login.6cfe931c8bfbec9ed705.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
cad08c9782cbde27b90104ded5f58eddcf7fcf469f6a7f61ee8c489a8f377e2e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 15:18:05 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
340101
x-powered-by
Express
etag
W/"5eb6-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
DSGb9hNNCoxQhq6SlKitoZlbksYgoQePTmA8EsMg75luAsg4uVZaNA==
state-selection.82c570e66814fe0590fd.html
offtherecord.com/templates/ 		1 KB
937 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/state-selection.82c570e66814fe0590fd.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
f01d3fe2a8106b2ac0fe9ed20c7c3548c198cb1402e5fba6ac150841ea4bd65f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 15:18:04 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
340101
x-powered-by
Express
etag
W/"572-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
tCvsUIud2-_Z-IMB36A-7y3BCRgyMmGlNir-IqdESfMzwg76hKfjVA==
main-header.partial.b3df9044de97598fd08b.html
offtherecord.com/templates/ 		12 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/main-header.partial.b3df9044de97598fd08b.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
489d06131e031d27a033f924daba197f6b483b9bc8602b0dddaea8ebe90f60d8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 12:53:54 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1471952
x-powered-by
Express
etag
W/"3005-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
wYsLI6L0DoTHFl4rzI2VYTJpGw-Hcfe8ile4b_7WJDOoblNG21Oa8A==
footer.partial.faad4b1502206a050e24.html
offtherecord.com/templates/ 		11 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/footer.partial.faad4b1502206a050e24.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
46deed2d373abe70cb9a8271dd451b2d3c1e4959f88a21613ee3141689a1a8cb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:09 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377297
x-powered-by
Express
etag
W/"2a07-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
84ZELmEaGY6S0F_6lh3FrRFCUcFRWBk80OXOdhhpuu35gPsx-GgBqw==
featured-on.partial.e808beb00cc7948f5691.html
offtherecord.com/templates/ 		1 KB
790 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/featured-on.partial.e808beb00cc7948f5691.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
5d904be0b7b81df09b9197c0b09baac3340e08a583a17f64b75e1c0b467dd07f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:11 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320795
x-powered-by
Express
etag
W/"593-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
2WxnfwqPURBDqeW7imD2TjA-_5ZJZQ3eqEZlRR-wp2oEl338fMPTGg==
settings.js
dev.visualwebsiteoptimizer.com/ 		10 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/settings.js?a=660553&settings_type=1&vn=7.0&exc=28|46|50
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-f27920e8127c636f988deb777d3577e5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
72ff5f072ff8347ad899bd99947a0d5267d932023e4698611da3e36b9d7d7899

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
etag
W/"1715779498"
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
s.gif
dev.visualwebsiteoptimizer.com/ 		35 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/s.gif?account_id=660553&u=D3EA9D517E62A1B345EC64DEFA83C95E2&s=1715867186&p=1&tags={%22si%22:{%2250%22:%223%22,%2246%22:%222%22,%2228%22:%222%22}}&update=1&cq=0&vn=7.0.351&vns=undefined&vno=undefined&_cu=https%3A%2F%2Fofftherecord.com%2F&eTime=1715867186540&random=0.011374338767340397
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:26 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
js
www.googletagmanager.com/gtag/ 		320 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-TMGSMNG8YY&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fff6dfa0ddf00aaa98c8e94c031182b05d9d7b1bd9a758db03633d6daf97e411
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
107238
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 16 May 2024 13:46:26 GMT
pixel.js
www.redditstatic.com/ads/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
5ccd2a2d0cfc8f7b36c238c935a36c751eb306a4f23788a0c6c33eec1a5a2071

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 07 May 2024 17:43:30 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"337f63427080a8d6a60316b759dab390"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
12083
fbevents.js
connect.facebook.net/en_US/ 		218 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 16 May 2024 13:46:26 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=40, rtx=0, c=20, mss=1294, tbw=6605, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
VSLIsHdU8oWbM/1HKZAGuAjDRdUp7jcyDq26xFj+qMudMWodbUJHpyR8yADS6HtNFFR36UdnyAVsBI5ng8qfPA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:111:202c::237 , United Kingdom, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Thu, 16 May 2024 13:46:25 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8F75D1CA9DED455DA5F2A1178E1E8B4A Ref B: VIEEDGE2114 Ref C: 2024-05-16T13:46:26Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 16 May 2024 13:41:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
323
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 16 May 2024 15:41:03 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		49 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f2.1e100.net
Software
cafe /
Resource Hash
84201b5b07ed135255667b4e6b46c729c065e1983f571fb7b0d9eeff075926ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18266
x-xss-protection
0
server
cafe
etag
10047761391735965148
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 16 May 2024 13:46:26 GMT
js
www.googletagmanager.com/gtag/ 		200 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-69140841-1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
55702f227767323ea2a7ccd56b525059bf36257f8dc1c3dd107611290c82b957
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73887
x-xss-protection
0
last-modified
Thu, 16 May 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 May 2024 13:46:26 GMT
24128821.js
js.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/24128821.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3370a96aebff78410e002417215f133482a4b23ea268641d1677781fed9e61fc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c7d1f2c5-73f1-488b-882a-4c08d794c624
x-envoy-upstream-service-time
111
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c7d1f2c5-73f1-488b-882a-4c08d794c624
last-modified
Wed, 15 May 2024 21:02:40 GMT
server
cloudflare
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5d47c8d44f-qnkzx
access-control-allow-credentials
true
cache-control
public, max-age=90
cf-ray
884bd05d1ae16904-FRA
expires
Thu, 16 May 2024 13:47:56 GMT
/
websdk.appsflyer.com/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=pba&
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7ccf80229bbe586853232059978b67c1dbe6ccd7f6b4b8585b34bbcf2d9f195f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 16 May 2024 13:46:26 GMT
Content-Encoding
gzip
x-amz-request-id
TNFWN7JAHP2EBEJM
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
9575
x-amz-id-2
rNwspp0GeeuGCVY8uOjVgWk/J3XTDq5+TTLu3jZaoCKMw4CAD3WOCSz6cVuBQQ9yvpK6HO0IqDY=
Last-Modified
Wed, 14 Jun 2023 06:58:46 GMT
Server
AmazonS3
ETag
"d4e7f1ffd74e53e33a46a668c2e9d67c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=843
Accept-Ranges
bytes
X-DataStream-Cache-Status
1
Expires
Thu, 16 May 2024 14:00:29 GMT
sdk.js
connect.facebook.net/en_US/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=158cb923a8a91fcf46a798639dbed397
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra3.fbcdn.net
Software
/
Resource Hash
381a645c1801dac785327a9452a975461d0a8959eee9edc567430955f3031bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 16 May 2024 13:46:26 GMT
content-md5
1InVzgz9hpJ+3wf8onSpCQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
89046
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=4290, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug
QYqyuOQRr0ie3neGu2oV8VVFHabMKMx8u8NH633teL5MpvFLIj//kQqGWxEKt6Oexaq2m/RWyiYvfSRaxww31A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
ebbe8b770e45f3bd441c4edbca286e94
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"ee96cbb6c8f6467427d87e847275a10f"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Fri, 16 May 2025 11:44:21 GMT
reviews
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/reviews?includeAnonymous=false&includeDeleted=false&limit=24
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Thu, 16 May 2024 13:46:26 GMT
server
nginx/1.22.1
banner-alert.component.8a7c752689bd6dd38776.html
offtherecord.com/templates/ 		2 KB
926 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/banner-alert.component.8a7c752689bd6dd38776.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
0632be9691818d992c04349dc8030b55f18c2fe82ee831a4bf1a49d9198431ab

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 15:18:05 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
340101
x-powered-by
Express
etag
W/"601-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
_MO6r4tUJ2d5p9OfjK7LhkrsN7SZy6WlwOoUB1KpgK6iCqGwn9NxMQ==
side-nav.partial.6838a80488aaaa725f31.html
offtherecord.com/templates/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/side-nav.partial.6838a80488aaaa725f31.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
031f287592b33afc19eee9195f23b5146d5922bc004dc439df3e3d8b0bf54008

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 11:17:33 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
95333
x-powered-by
Express
etag
W/"1153-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
7rrOKa4gb1j99eRV98LPOynHloaGA5XAvH68gS_fAhavSVvt94MXWw==
app-text-reveal.component.ec73460453e9a8290e8b.html
offtherecord.com/templates/ 		304 B
675 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/app-text-reveal.component.ec73460453e9a8290e8b.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
d100a79e9ca4f220f81fd0729136ce2839c361f0850a3ddabb987bb04c99b925

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"130-18f176c4290"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
304
x-amz-cf-id
_Dv-D_PsIkwHhgBUze2QEiuf3ViGw_lGNvc-YElcbfmef4efIE7Fog==
stats-banner.component.1cdbc52a8051d62bdd92.html
offtherecord.com/templates/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/stats-banner.component.1cdbc52a8051d62bdd92.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
9d64ce89336a149d954573c477ff7d9b320f92db397e754626c809b1d1313503

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 11:17:33 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
95333
x-powered-by
Express
etag
W/"ba1-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
U9qV_77L0H-uRMJAUryvgdWxhogmQJ4ko9y1h1S7_OGZYcCtKdVbBg==
reviews
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		26 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/reviews?includeAnonymous=false&includeDeleted=false&limit=24
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
40f8b64d24709b5797b75a6543b44984dd3d4c3d205b5bcb9e181a6570348756
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
faq-dropdown.1f8e8ecca146a162f7ea.html
offtherecord.com/templates/ 		1 KB
788 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/faq-dropdown.1f8e8ecca146a162f7ea.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
99141deb1e06c17d62b664d1b8bacde6c827cd0559a8cd2c2a81b45e0ac3304c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 09 May 2024 19:59:15 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
582431
x-powered-by
Express
etag
W/"42a-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
6CTdh_P6EIdxQ4TYzmwA4r-Qwmb-zDWoiYSKVRCMZ-BuqV34jeW65g==
9b29c8910f036259af20.webp
offtherecord.com/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/9b29c8910f036259af20.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.38e6b04a9facc3b0a6c9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
3f0730cd0abfa61ab736fc7797e8d6ed2ad78d1b1a903a0664bcfb2f67b04adb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/main.38e6b04a9facc3b0a6c9.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"1344-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
4932
x-amz-cf-id
CwGsb65PhBBhgi2IPpVMm5tVCZYCrI7HiGUTjJWuI-WYeQIjl3RUvw==
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 13:57:28 GMT
x-content-type-options
nosniff
age
172138
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 13:57:28 GMT
pro-fa-solid-900-0.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-0.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39f976b287176178a645cb4f743ec4f3dbb7a08c31ca34c3b096e7bba425c322

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
3785688
etag
"660c297a-2ee4"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd05d0f6c3656-FRA
content-length
12004
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 14:40:21 GMT
x-content-type-options
nosniff
age
169565
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 14:40:21 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 11 May 2024 00:32:18 GMT
x-content-type-options
nosniff
age
479648
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18668
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:00:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 11 May 2025 00:32:18 GMT
pro-fa-brands-400-1.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-brands-400-1.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b852e041e35b676cf550d19cf8d15bc58db780a3827626518f4e0dfc5fb3109

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:13 GMT
server
cloudflare
age
3785688
etag
"660c2971-9d0c"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd05d0f6e3656-FRA
content-length
40204
pro-fa-brands-400-0.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-brands-400-0.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
faf47e501cdae61064aed4b03b1129d37c6e004ebde6f6452f1632f835c9f318

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:13 GMT
server
cloudflare
age
3785688
etag
"660c2971-946c"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd05d0f723656-FRA
content-length
37996
otr-main-header-logo.svg
offtherecord.com/assets/img/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/otr-main-header-logo.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
648c698dd41bf291833204226476e7d092b281fd06255a70a4925f45ca8c96c2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:10 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377296
x-powered-by
Express
etag
W/"2495-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
Xnm3eceQfgm-8ZLpNM_MqfJ4Ws50lVHvmRHHl7oKLQV4ZI8E3_QwVQ==
badge_ios.webp
offtherecord.com/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/badge_ios.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
f1e6a0811f0df7be7482db95552fd57017ca33d5a35f07c330859debd46d135c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 23 Apr 2024 19:40:08 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Mon, 22 Apr 2024 18:27:06 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1965978
x-powered-by
Express
etag
W/"6f4-18f070fc890"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
1780
x-amz-cf-id
5kRqe3VOpbAE_kXyffVg5VAZ-fOAyZQwzJRKtoqgB0xbMA9ioYtWYw==
badge_google_play.webp
offtherecord.com/assets/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/badge_google_play.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
6b771d8c7719a4d6187fb47de02b830ba0ccf68e66be12526786ded85cb960b2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 11:17:33 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
95333
x-powered-by
Express
etag
W/"cd2-18f304cd220"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
3282
x-amz-cf-id
opG3SytvWBmEhlixx6uEZ4_ojcbOuzfQIFnu6aacUNEZC3lnw_nOfQ==
hero-img.webp
offtherecord.com/assets/img/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/hero-img.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
c625a259d52303bc63e165e0326e1d78de9bb5b5074423f368df77fca407b7bf

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"90b4-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
37044
x-amz-cf-id
676_Y7WRMlMrrCrE9YoMiKaQwdvLYLE99P5qMT-GwQqyNvvYN5hZzA==
facebook--gray.webp
offtherecord.com/assets/img/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/facebook--gray.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
7e3f2e5c9c0f642f19eb5d1488c3257ad89341700795e0e6253400c876c4e06d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 09 May 2024 03:56:17 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
640209
x-powered-by
Express
etag
W/"7fe-18f304cd220"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2046
x-amz-cf-id
TJ3zqLQLNfeWy8jLrqlL61vLfeI_3uTs2d8oVe-D5-6vU8HQGgOafQ==
reviews-io--gray.webp
offtherecord.com/assets/img/logos/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/reviews-io--gray.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
e2eb49ebf978dd7140eacd08fca34dfe6da0db3bebdee08606996d00766d60af

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"c0a-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
3082
x-amz-cf-id
o9RPWXX7Bnb6GLHf8nkSTz_FC8zGj5sreB8-cw1pNHRCtxh2Ql9otA==
google--gray.webp
offtherecord.com/assets/img/logos/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/google--gray.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
d52af8243ca6afe270829cfe2853cb79a486b81650f8b575374a220c311d5411

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"145c-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
5212
x-amz-cf-id
wdFiaqZRdA1nQIhhh8frvoiVBs_4ZRqFLY3EgX1lwlRLoCW1u34mtw==
icon-handfull-stars.svg
offtherecord.com/assets/img/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-handfull-stars.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
c46812c7c91d67dcc84ac30ff32138415af25b3416ea5b6588628cb3e2d1f686

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"11aa-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
FLA989VFOHuwst2KxIC2z_HkW55GCUpL5smNvCmnzxxqL5Kf2p2-yg==
icon-wallet.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-wallet.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
8e742fbd7146cea9dee3a9c4b4474e1da43f62e8864d519c1debe7f10ec6043b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"7cf-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
tkuiufzsHAKTj_1oICDNBN2-AKMC2qUzKOx0edRfnwxDUkn9Y2YgeQ==
icon-briefcase.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-briefcase.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
a8510ffd3e9d2934e0ad67e81a2fc12f36e2b04ac3f3f150bd7e44ad12af3d76

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"79f-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
npKxkx-tQbxHzNeDuiXeM0i7qe4R8WQpYNwn_bIuB5nuZLj_PbnYcg==
icon-refresh.svg
offtherecord.com/assets/img/ 		2 KB
1011 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-refresh.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
a3d2952330aefe690302e90460777d9b5c6fc354861336a919c83e44fe352800

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"6e0-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
LKOJbZ6s1CV9wNCAPeinh0LMa6Y_tX03RppyHi-1aprLTCURcZ1yUw==
how-step-1.webp
offtherecord.com/assets/img/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/how-step-1.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
fac08aba895b0525de1904bc4fb04928ba03ec2cd715d084831f0dd265774bce

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"6680-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
26240
x-amz-cf-id
-8XxEyYngPVObJs5HD1wpA_kHX6f0LlmNDyYn0VJkdd3POuOpiOQQA==
how-step-2.webp
offtherecord.com/assets/img/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/how-step-2.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
38ba6370b8d16de4ee7f82099425ead835ff7317d56bf86fe0f5bd34a1a266ef

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"9112-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
37138
x-amz-cf-id
DuoeRKUCWBb7Lk_K89b3km5A5ctdirKlj9ifNFtog7YOvt6dYgmcyA==
how-step-3.webp
offtherecord.com/assets/img/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/how-step-3.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
099f5764acf448fdd12bdb9f709606093ea481ecf2b55f03f89ed8cbad7849fb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"6d12-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
27922
x-amz-cf-id
vVUq3iwvtL7tXKl1hXupqpFlQ_z-CIBjk8D7yEnhNDQ5hn_m-hx-oA==
icon-tickets.svg
offtherecord.com/assets/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-tickets.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
2d367b9054bc5b92d423f2f9484c18d8b41468a7f4fd9e63829d3dba290a206e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 11 May 2024 12:27:26 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
436740
x-powered-by
Express
etag
W/"d60-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
TcFDxBCqY-Er3KVm9nt1Xw1zBdhbjBe36sjpmxsI7ONVa576PiJ1mw==
icon-window-check.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-window-check.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
0e52361cb2f6af4bb1f5fa4f27c87ddb8c6d4918ccd75655bd1d1bb34d4eeabe

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"6b8-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
hVru7sl8QI79wYSdu7iiPEVyglJh9CvQs_0h-GuMWxs2gg8gdKRb9Q==
icon-directions.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-directions.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
a5d227b5d9c8b9b461d0a35df1c39685463fe0bd375c2aa2aa197dfd2776a7c8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 11:17:33 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
95333
x-powered-by
Express
etag
W/"787-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
IMOsdhuaa07Nk3VCmXtk5FSZBJEfC5DjxoC9_VH3fckPkrtSsFrdvw==
icon-verified.svg
offtherecord.com/assets/img/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-verified.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
909c4adf1c2435d373b6e0d83ee64cc9888881ac24905238ea010b4da3d06b93

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"b51-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
KTNR5kqIMvE2g6XsFfwSgvOffCEcKM-W9vnY6FYQzqeayGEQ9APCLw==
icon-money-back.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-money-back.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
17d2ee6ef525d4a35125c1ce7417ef5b7e1b611c2dc110a3add824bb078adcbf

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"897-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
4Nct9U9_zy_HVXn3s_DQT_NhTKwH5JlRyTsyGFMIZ92duTIUJnZWqg==
icon-courthouse.svg
offtherecord.com/assets/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-courthouse.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
6a432ec996da0b400368eb6cf47f8e056f2b25e32a50b03d9a709fa6c1fecc1a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 09 May 2024 19:59:15 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
582431
x-powered-by
Express
etag
W/"c41-18f304cd220"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
W8NbyyWN7hA0k8C0bclaWFAvrzwOJoStVUv528O-lmVVVlzJWq-5cg==
icon-notification-bell.svg
offtherecord.com/assets/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-notification-bell.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
b07fffef0ae1504dfba7fb4096afb6e097815298973f51a1b211771e05c075b0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"a5c-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
L14JSb_3F6KihFt4HRhDw0XX80B9WkgHrNqNPzMD7_d5gahG2M1uDQ==
cbs-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/cbs-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
98af017c05d0d89d07187e5fea5df961cfe0da03321de1daf05e545b663718a4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"866-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2150
x-amz-cf-id
e54VaXb7WCgBDlrJwInHEQWRtOMpNTfXiM-vqHpeKGUDu4DBOE8CQw==
fox-news-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		650 B
1012 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/fox-news-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
fdcc34060c0c6a0ec771d0a4f1e14f00092e96577e166be28d33b83ba72faa69

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 11:17:33 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
95333
x-powered-by
Express
etag
W/"28a-18f304cd220"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
650
x-amz-cf-id
cGKBpOVupgrP5KQ4n_l2DZ7HsYDwj6OO-8KBiytDLAQl9KL7PTDNiw==
nbc-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/nbc-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
a6b9e77f842f68bf64b450048c752a189401955f45d149c5430fbc208469ffe0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 11 May 2024 12:27:25 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
436741
x-powered-by
Express
etag
W/"76a-18f304cd220"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
1898
x-amz-cf-id
TKadv4wGrejNW-aLtf8hNu41d4djYAzBmSxzlarmSz7MT5NgZoK7kQ==
geekwire-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/geekwire-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
b1ec55a9e66fe05243e1977a0db2af48f4af4c07bfd0b9cdef32c01ab0f42b9d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"a46-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2630
x-amz-cf-id
Jq28XifJNRAfhkARGznpCTMMeV3CTrk0FV1_ErOzx63YN1huw8GNAQ==
b251b2efc9d8ee4fbafb.gif
offtherecord.com/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/b251b2efc9d8ee4fbafb.gif
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.38e6b04a9facc3b0a6c9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
a05de9f3792048eff0cedc9370691b2a604cc1628f6aa9f70ad07444d2f02bdb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/main.38e6b04a9facc3b0a6c9.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:10 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:11 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377296
x-powered-by
Express
etag
W/"9f2-18f304cce38"
x-cache
Hit from cloudfront
content-type
image/gif
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2546
x-amz-cf-id
FZv_4ML2pI__BqMBRHP68zAvPTM3HRmtKYSW0frT4ltmtMTFYyicZg==
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=zp8nxlmmotl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Thu, 16 May 2024 13:46:26 GMT
server
nginx/1.22.1
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		163 B
586 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=zp8nxlmmotl
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
stats-banner-design.webp
offtherecord.com/assets/img/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/stats-banner-design.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
4c64d183304fcb9316adeceed80e112ae71c6e33484b097896dbb6998d4b9659

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:12 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"353a-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
13626
x-amz-cf-id
878Z7MD0PBlpyJC2ZYNP6ifNIoN-fd9Lo91z-7u0VIQ8vdwGlPi-UQ==
pro-fa-solid-900-12.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-12.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7742bb16ac54dbccd2a9df6edc159ff921e1e738f08dc0d4b4b9f31424ede919

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
3785688
etag
"660c297a-3878"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd05d98273656-FRA
content-length
14456
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f3.1e100.net
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 14:07:33 GMT
x-content-type-options
nosniff
age
171533
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 14:07:33 GMT
pro-fa-solid-900-14.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-14.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7924fd2e6167be712d7efea6b2de21a7331899da86cc273461d4e40b5a522af3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
3785688
etag
"660c297a-34b0"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd05d982b3656-FRA
content-length
13488
pro-fa-solid-900-1.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-1.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2b40eed2a14d541eb0ec80d05d29815fa18fd71c46455fc374a47a81226e9d6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
3785688
etag
"660c297a-36dc"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd05d982c3656-FRA
content-length
14044
185612438538592
connect.facebook.net/signals/config/ 		56 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/185612438538592?v=2.9.156&r=stable&domain=offtherecord.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra3.fbcdn.net
Software
/
Resource Hash
d61c08de21fbc87ef485040ce4ca9a20c09251ae6799d5732af329da1849dfba
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 16 May 2024 13:46:26 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=45, rtx=0, c=23, mss=1232, tbw=4318, tp=9, tpl=0, uplat=81, ullat=0
pragma
public
x-fb-debug
0iOPGHzic1iYIUMMz8lxCsrg3DaZPJ0vHvbkY9hjgDM2/a157+NK/3dq9TV3/LTPvPh6Cb6eKRfRB96JEVA58A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
web
relay.offtherecord.com/s/settings/6DGA5/v1/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/s/settings/6DGA5/v1/web
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.84.112.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-112-40.compute-1.amazonaws.com
Software
/
Resource Hash
45303277878437cb8faafcbaf090aac7fd30089fd26bfe3bb4490641e7cec84f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://offtherecord.com
date
Thu, 16 May 2024 13:46:26 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
application/json; charset=utf-8
js
www.googletagmanager.com/gtag/ 		237 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-937085283&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
b1072a719f94243b211b6fcb7c0a510e242f35b508c048fee84aeaf58e707f86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86166
x-xss-protection
0
last-modified
Thu, 16 May 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 May 2024 13:46:26 GMT
collect
region1.analytics.google.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-TMGSMNG8YY&gtm=45je45f0v9102325189z877772510za200&_p=1715867186225&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=586903730.1715867187&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1715867186&sct=1&seg=0&dl=https%3A%2F%2Fofftherecord.com%2F&dt=Fight%20Your%20Moving%20Violation%20%7C%20Traffic%20Ticket%20Lawyer%20Local%20%26%20Online&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1512
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TMGSMNG8YY&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-TMGSMNG8YY&cid=586903730.1715867187&gtm=45je45f0v9102325189z877772510za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TMGSMNG8YY&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-TMGSMNG8YY&cid=586903730.1715867187&gtm=45je45f0v9102325189z877772510za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1619587668
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecommerce.js
www.google-analytics.com/plugins/ua/ 		1 KB
964 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ecommerce.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:13:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
1952
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
630
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 16 May 2024 14:13:54 GMT
t2_veaca_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
701 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_veaca_telemetry
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/ 		42 B
638 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1715867186920&id=t2_veaca&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=2b7655d5-4e34-4fa1-9c84-2d073f872889&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_a8bbbcc6&dpm=&dpcc=&dprc=
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
onelink
wa.onelink.me/v1/ 		13 B
364 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.onelink.me/v1/onelink
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-60.fra56.r.cloudfront.net
Software
/
Resource Hash
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
via
1.1 3f257ae011e1a2ab12346ea11fad9a18.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P12
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
13
x-amz-cf-id
huZCT8rs-Q27xv0CQB2XAaZmJziFQyaM0b_8aFBCvgUj7tFRCnmLxw==
16001542.js
bat.bing.com/p/action/ 		0
117 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/16001542.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:111:202c::237 , United Kingdom, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Thu, 16 May 2024 13:46:26 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 93D51EF1546B4A3098E682B9352A27F7 Ref B: VIEEDGE2114 Ref C: 2024-05-16T13:46:26Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=16001542&Ver=2&mid=295d49ff-d07a-428d-8179-edb621593775&sid=b11a01e0138a11efa53261f9fd3176ad&vid=b11a4640138a11ef8d92791d5bacba51&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Fight%20Your%20Moving%20Violation%20%7C%20Traffic%20Ticket%20Lawyer%20Local%20%26%20Online&kw=traffic%20ticket%20lawyer,%20traffic%20ticket%20attorney,%20speeding%20ticket%20lawyer,%20fight%20traffic%20ticket,%20fight%20speeding%20ticket,%20contest%20ticket,%20traffic%20ticket,%20traffic%20lawyer,%20traffic%20attorney,%20speeding%20ticket&p=https%3A%2F%2Fofftherecord.com%2F&r=&lt=1002&evt=pageLoad&sv=1&rn=670003
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:111:202c::237 , United Kingdom, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 16 May 2024 13:46:26 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 4CD3E759F3BD421292B2E559066A6E90 Ref B: VIEEDGE2114 Ref C: 2024-05-16T13:46:26Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
open
relay.offtherecord.com/v1/ 		323 B
713 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/open
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.156.207.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-207-182.compute-1.amazonaws.com
Software
/ Branch
Resource Hash
606fb5659a5c1dae00bdb2632be3bc8e7084b276c01697e45ff664bd7321b2cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
via
1.1 cbc24fc015944f60fff0a495ec6d86c0.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD61-P3
x-powered-by
Branch
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
x-branch-request-id
40bc2df1-10c6-4c3f-a562-0a19de2e7421-2024051613
content-length
323
x-amz-cf-id
LjTR67qKnL0GvIUPAwxPDCIDr9XpyDhDCi2H8Hyjq2UVseDkgyIMdg==
collect
www.google-analytics.com/j/ 		2 B
208 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=905674257&t=pageview&_s=1&dl=https%3A%2F%2Fofftherecord.com%2F&ul=de-de&de=UTF-8&dt=Fight%20Your%20Moving%20Violation%20%7C%20Traffic%20Ticket%20Lawyer%20Local%20%26%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAUIRAAAAACAAI~&jid=1931978005&gjid=288945520&cid=586903730.1715867187&tid=UA-69140841-1&_gid=1464266149.1715867187&_r=1&gtm=457e45f0za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&jsscut=1&did=i5iSjo&npa=1&z=1793826539
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
275 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=185612438538592&ev=PageView&dl=https%3A%2F%2Fofftherecord.com%2F&rl=&if=false&ts=1715867186972&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1715867186971.1488947096&ler=empty&cdl=API_unavailable&it=1715867186818&coo=false&rqm=GET
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=39, rtx=0, c=10, mss=1294, tbw=2765, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 16 May 2024 13:46:27 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
collect
stats.g.doubleclick.net/j/ 		4 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69140841-1&cid=586903730.1715867187&jid=1931978005&gjid=288945520&_gid=1464266149.1715867187&npa=1&_u=aCDAAUIQAAAAACAAI~&z=699824023
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 16 May 2024 13:46:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
24128821.js
js.hs-analytics.net/analytics/1715867100000/ 		67 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1715867100000/24128821.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
adf138613e55c65103aaada7a42614be1d0d604596e4ce3b2d0319e823bb0628

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
89DMS6SEKB5FGYWR
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
fe5cc20d-5acf-4573-8335-ca3584c8d4a9
x-envoy-upstream-service-time
22
x-amz-id-2
rc+i6gEI1GI+v5B/gCYiGUgJlTaufQuJWCBweGPJDXB/ZaqWv0CHR1En5jwO1hHQb3DNta7GIBKTbi24p7oglw==
x-evy-trace-listener
listener_https
x-request-id
fe5cc20d-5acf-4573-8335-ca3584c8d4a9
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 24 Apr 2024 18:58:20 GMT
server
cloudflare
etag
W/"2921ffc0801c863d1f941404464ee4ea"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-q4rbs
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
884bd05faec3193c-FRA
expires
Thu, 16 May 2024 13:51:27 GMT
collectedforms.js
js.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=884bd05fa89c975e-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"7d377a186677c174f204d466b8fa5fdb"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
collected-forms-embed-js/static-1.503/bundles/project.js
date
Thu, 16 May 2024 13:46:27 GMT
x-amz-version-id
WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
via
1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
994448ae-42b2-42bb-aa3c-da69120416d4
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-request-id
994448ae-42b2-42bb-aa3c-da69120416d4
last-modified
Wed, 15 May 2024 14:34:44 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-w988t
cf-ray
884bd05fa89c975e-FRA
x-amz-cf-id
KVouhlf9iqkfAjr68Met8Bs6Ygb05bXiWc4I7kZgvULlk09j8HZsYQ==
web-interactives-embed.js
js.hubspot.com/ 		82 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf6683ec2fb825072bc67ba2b4831425951dc365245d5334ca6f2150f50e1590
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1122/bundles/project.js&cfRay=884bd05fac171cab-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"fa60ef0d372e46facb8180b2d901ba81"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.1122/bundles/project.js
date
Thu, 16 May 2024 13:46:27 GMT
x-amz-version-id
TKnbzs9HpFoaV4UGBsfs5UANej3HQBO9
via
1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
ea0fb655-19c2-4f59-9076-c235ccf9231d
x-cache
RefreshHit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
23
x-evy-trace-route-configuration
listener_https/all
x-request-id
ea0fb655-19c2-4f59-9076-c235ccf9231d
last-modified
Tue, 14 May 2024 11:26:52 UTC
server
cloudflare
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gYKD5sOltOKOVHIIooVrC2f%2BMalRk3I3QQHIz%2FG%2B463pPK7myUH8VIYMGK6BOk%2BddujSygbU3AtmWvYx0Bq%2BP8D8F%2BZImXrHU60X6Ej7rCcZivo4aM4%2Fh2olyUxcm4Qi%2F7hE876nRgOfCrW8"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-zjnrr
cf-ray
884bd05fac171cab-FRA
x-amz-cf-id
pVcR0pvZtI50RUBF5l8-2RydoLWbgZqp6OG-T2PrdROFLuKkVDUn5g==
banner.js
js.hs-banner.com/v2/24128821/ 		71 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/24128821/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fa8412e22a263baf0081df39a3ae64d5caa1a1c22ecbe8b865e1751792de101

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
x-amz-version-id
rk9XJpuCBNJd8V8VIEUJiw1jZ4CkcV93
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
RRQD4SBD9TNV8HEM
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
269b59a6-49f4-4a9e-86e8-616d7b25282a
x-envoy-upstream-service-time
76
x-amz-id-2
riOVQqxyVK1MhZ4x/FEEx4lSMBt77rDU3q/UqOQiguJ9JqDKIR9lbCLDTnvnmbv99duHcdYdzWw=
x-evy-trace-listener
listener_https
x-request-id
269b59a6-49f4-4a9e-86e8-616d7b25282a
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 18 Apr 2024 15:13:47 GMT
server
cloudflare
etag
W/"f6665e5b886313582732efeab4c1a4e6"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-pvzd8
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
884bd05fad0d976a-FRA
expires
Thu, 16 May 2024 13:51:27 GMT
page
relay.offtherecord.com/rec/ 		1 KB
776 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/rec/page
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.84.112.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-112-40.compute-1.amazonaws.com
Software
/
Resource Hash
3902daf989c8e80d1188248efa27b41247335fc24cad53b41d46347f3d27e595

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://offtherecord.com
date
Thu, 16 May 2024 13:46:27 GMT
content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
application/json; charset=utf-8
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69140841-1&cid=586903730.1715867187&jid=1931978005&npa=1&_u=aCDAAUIQAAAAACAAI~&z=1025976075
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69140841-1&cid=586903730.1715867187&jid=1931978005&npa=1&_u=aCDAAUIQAAAAACAAI~&z=1025976075
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
events
wa.appsflyer.com/ 		80 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.appsflyer.com/events?site-id=26de086f-993b-4d92-9fb8-a2ee6128f041
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-5.fra56.r.cloudfront.net
Software
/
Resource Hash
6df299ccb4c80ca40f40a363ea96f2f27883a3795e92a5916dff29d959681132

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
via
1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
80
x-amz-cf-id
IcbU6C6X2AilctPJWSrUFAVlOUu3JUtcL4PigREOHF9QSsmXfP2cPA==
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=2b7qus1llkp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Thu, 16 May 2024 13:46:27 GMT
server
nginx/1.22.1
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		163 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=2b7qus1llkp
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
logout
otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/logout
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token,content-type
Access-Control-Request-Method
POST
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Thu, 16 May 2024 13:46:27 GMT
server
nginx/1.22.1
logout
otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/ 		0
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/logout
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
100.25.50.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-50-51.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
server
nginx/1.22.1
x-frame-options
DENY
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
onelink
wa.onelink.me/v1/ 		51 B
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.onelink.me/v1/onelink?af_id=6d690640-1146-44c2-880d-65ebdcfc103b-p
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-60.fra56.r.cloudfront.net
Software
/
Resource Hash
140b39454c5fc946599ae1bd2693d78b6761690a5feecd27657ac4d3a197c242

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
via
1.1 3f257ae011e1a2ab12346ea11fad9a18.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P12
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
51
x-amz-cf-id
f-ZQH-G6TM5bp812M7OwNu9PBzqe0DHIc09tgVh2d79-xcCkQGVmpw==
review-rating.component.170c675fa134251aaf4c.html
offtherecord.com/templates/ 		948 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/review-rating.component.170c675fa134251aaf4c.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
2d95f71505cec68b09ebcbad4208d2ede280629de1b62c329cca5aab65fad29a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:13 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320794
x-powered-by
Express
etag
W/"3b4-18f176c4290"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
948
x-amz-cf-id
4Sz53lyI_q0vpR1sg2VO4sZK0tjyUHmTp1YHayOD4_J51msmUejqcg==
avatar-image-fallback.component.6d85a17c6b223631488b.html
offtherecord.com/templates/ 		88 B
458 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/avatar-image-fallback.component.6d85a17c6b223631488b.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
091c27084bee9182fda190c70ab01d92f1f32c72be2f4dd37946f62c315ec574

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:10 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377297
x-powered-by
Express
etag
W/"58-18f304cd220"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
88
x-amz-cf-id
u5ajdXdxZjSULhnn3tep7CYiYJ3Z9hP6ijJrAuEAdLZFs_Gq24gMcQ==
truncated
/ 		329 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed1f896874cf1d2e5ffcf369ed1277be55c36ab18bcbeb822e7a587008e397bf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
603e10027c39bb736cc7dee132026554899c8df72c18a59e85d3f748228b0bd9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4333f5dde7ebbe95817db62d45966b8b0ea878734e0ebdceb3cbf93b0b2620d0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		331 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9c242bdf5411decaed3c6fd15a0193472feedd3f6509fa5d3a91267cb7daa27

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		331 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1153b55bebff3c11194b85fe0b16ff2378fcf8c0b10a220727eb4ad762491d5c

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab7cf6d604656e7b693a04fad0db66744fd810935ddcdd3db5f37ec8d98c2c21

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0bc3b201b03f97f0a69115ed407d31214e8b54671e399e1391d5d705a5f9acc0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		331 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
45295a811f899c7eea5e4d0312049da477390afc2a94ffa491dc6979cc34c9ec

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		329 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
78555e77f61d09d04c161af14988377120b44cbfa38a4f8886083949e34f3e46

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1feff37397f802603ed85e9061608051d5b2a77cea125d78519057d06232b07b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
production
anhkgav0.apicdn.sanity.io/v2023-07-12/data/query/ 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://anhkgav0.apicdn.sanity.io/v2023-07-12/data/query/production?query=*%5B_type+%3D%3D+%22faq%22+%26%26+%22home-page-faq%22+in+category+%26%26+state-%3EstateName+%21%3D+%22Florida%22%5D+%7C+order%28orderRank%29&perspective=published
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.211.197 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
197.211.102.34.bc.googleusercontent.com
Software
/
Resource Hash
d3660f16bdb84ff188271392c0ea11386273e98704f7c342f37d895b0b04add4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-sanity-shard
gcp-eu-w1-01-prod-1034
date
Thu, 16 May 2024 13:09:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
apicdn-cache-control
public, max-age=60, s-maxage=3600, stale-while-revalidate=60, stale-if-error=3600
via
1.1 google
server-timing
api;dur=20
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2381
sanity-query-hash
5eeh4a+as7Q uxvbys1qyTQ
access-control-max-age
600
x-sanity-age
2225
content-type
application/json; charset=utf-8
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Content-Type, Content-Length, ETag, X-Sanity-Deprecated, X-Sanity-Warning
cache-control
public, max-age=60, s-maxage=60, stale-while-revalidate=15, stale-if-error=3600
access-control-allow-credentials
true
vary
accept-encoding, origin
accept-ranges
bytes
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		135 B
428 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=24128821&utk=
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d1ce97752f29df67b0b336f715364cb0b902c9a9cbe004f9956767448da360d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
87412632-2306-4733-8527-8c29397fccd1
x-envoy-upstream-service-time
10
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
87412632-2306-4733-8527-8c29397fccd1
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-rl62l
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
884bd0610b0b975e-FRA
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 		433 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=24128821&currentUrl=https%3A%2F%2Fofftherecord.com%2F
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5494247a-ca6a-4216-a20b-45efc760c1e6
content-encoding
br
x-envoy-upstream-service-time
20
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5494247a-ca6a-4216-a20b-45efc760c1e6
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IidYJkgWhbLV5uNmURjtf%2BEqx7Kn3%2Bb6E5fTnImyCxf9kaILfvWpHw5%2BMWkHDXpZetxqtSkhyzXi75pI2ZqZobUWp0pfyDMZxSU8OSAH1IJ%2FrzHNUvfVdlpzT0asbphlBftAKGZLcz6%2BMFf%2FoJQBngeWZLa7QMDfwxk%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
884bd0613e6e1cab-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-2b9gh
user-rating.component.e3e94106426db1e8d981.html
offtherecord.com/templates/ 		2 KB
875 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/user-rating.component.e3e94106426db1e8d981.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
cafed8afce97ffc3d420081a23c193ac0dc3d2c70454332284233b3d151da5ad

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:14 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320793
x-powered-by
Express
etag
W/"913-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
0_jMb6IsVooD8IoOrBjgVSaIQnX2mBf0cfTfN_2u6WNXiX9zKj1JEQ==
NEJVvb3.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
255927.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
R5Pyjb0.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
nsYJGHT.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
rDlczWa.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
625699.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
567205.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
592796.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
pro-fa-light-300-1.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-1.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6892a725066e5a0c71c46574e9e5c2459c51c067c9ecd576abe77a70f442b2d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:16 GMT
server
cloudflare
age
3785405
etag
"660c2974-4678"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd061dda63656-FRA
content-length
18040
pro-fa-light-300-13.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-13.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fca26b24960b9a7badc3221b8c2d0daf2f7fe9f1774da08ca290ab56bc62cd5f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:16 GMT
server
cloudflare
age
3785405
etag
"660c2974-4484"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd061ddae3656-FRA
content-length
17540
eb79c0b24a5a9494cd36.png
offtherecord.com/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/eb79c0b24a5a9494cd36.png
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.38e6b04a9facc3b0a6c9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
072583eaca4f4cf965ff3913f7bffe2108cb46c91f28a51cff411e91459ca836

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/main.38e6b04a9facc3b0a6c9.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 01 May 2024 06:53:14 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1320793
x-powered-by
Express
etag
W/"1534-18f176c4290"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
5428
x-amz-cf-id
ImiwJM8uJY9AY8JF5UeDaZ5peGnP896vgruNlUf7Cu-YTqjTiqi3Vg==
pro-fa-regular-400-12.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-regular-400-12.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af04f015df3bbffd125ee30eaf78e7f1c9328f5b967d66f7b7f8958472464dda

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:17 GMT
server
cloudflare
age
3785688
etag
"660c2975-4244"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd061ddb43656-FRA
content-length
16964
integrations
relay.offtherecord.com/rec/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/rec/integrations?OrgId=6DGA5
Requested by
Host: relay.offtherecord.com
URL: https://relay.offtherecord.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.84.112.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-112-40.compute-1.amazonaws.com
Software
/
Resource Hash
fda8e2340dd0d31581f956b339da1e9533a2c6838d385e672f984d069dab2a62

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
via
1.1 google
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/javascript; charset=utf-8
logout
relay.offtherecord.com/v1/ 		190 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/logout
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.156.207.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-207-182.compute-1.amazonaws.com
Software
/ Express
Resource Hash
d6e3f262b644684cf01035d52e9be7e3a27577dbd1a36efb9470dc91e99e2f42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 cbc24fc015944f60fff0a495ec6d86c0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
IAD61-P3
etag
W/"be-4Hr+KnnlBaxa/CHBfuMCDBumpmU"
x-powered-by
Express
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
f4048087fb384538861771ec6fb49c8c-2024051613
content-length
190
x-amz-cf-id
DYOHiJfoE9arReJu8R7HRY8TQ2RkNP2m6oUSc9BvQLEKcLp0DLecSQ==
pro-fa-solid-900-13.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-13.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5fb457fc69058cd84b72db3a52c0ef9961aa7d18e7bab081d7f1953a7cc23dd

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
3785472
etag
"660c297a-37d0"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
884bd0623e5f3656-FRA
content-length
14288
counters.gif
perf-na1.hsforms.com/embed/v3/ 		35 B
929 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c7f4ad40-dd7f-4922-9acc-a8cf6e6a50cd
x-envoy-upstream-service-time
4
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c7f4ad40-dd7f-4922-9acc-a8cf6e6a50cd
last-modified
Thu, 16 May 2024 13:46:27 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-kvkzg
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
884bd062de4f3560-WAW
latest.js
edge.fullstory.com/datalayer/v4/
Redirect Chain
  • https://relay.offtherecord.com/datalayer/v4/latest.js
  • https://edge.fullstory.com/datalayer/v4/latest.js
43 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/datalayer/v4/latest.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3b604f1e389d668b8535edb53e650780275dfa02e874ecc98c8f72c38662799f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Thu, 16 May 2024 13:01:16 GMT
content-encoding
gzip
age
2711
x-guploader-uploadid
ABPtcPpDTnB1QiEc7SsgFksAXS-PLv_x-QzaiUxr7RzRyCJ_uueQ2hn80bRxsRxOr90QJzhJiYHqA3_T-g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11986
last-modified
Fri, 10 May 2024 14:58:37 GMT
server
UploadServer
etag
"182b49f0262c0a0e6504cd3dfd20a137"
x-goog-generation
1715353117275502
x-goog-hash
crc32c=cN3mUA==, md5=GCtJ8CYsCg5lBM09/SChNw==
access-control-allow-origin
*
content-type
application/javascript
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
11986
accept-ranges
bytes
expires
Thu, 16 May 2024 14:01:16 GMT

Redirect headers

location
https://edge.fullstory.com/datalayer/v4/latest.js
date
Thu, 16 May 2024 13:46:27 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
72
content-type
text/html; charset=utf-8
logout
relay.offtherecord.com/v1/ 		190 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/logout
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.156.207.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-207-182.compute-1.amazonaws.com
Software
/ Express
Resource Hash
a3f0bb01c2a58152d7bdb54d6c26b16bc5499273e904cc792940e99b71461771
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 16 May 2024 13:46:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 cbc24fc015944f60fff0a495ec6d86c0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
IAD61-P3
etag
W/"be-NAhr02YEvErhdLHK1IiTkwAvUEo"
x-powered-by
Express
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
a9b5bbb6f538497b9d607c87116a97fe-2024051613
content-length
190
x-amz-cf-id
XCsnQ5dUegjLLYIej5SpR36BElRWiU7fuvpVjS9uEBgLps_KR7vxVQ==
pageview
relay.offtherecord.com/v1/ 		29 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/pageview
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.156.207.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-207-182.compute-1.amazonaws.com
Software
/ Branch
Resource Hash
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 16 May 2024 13:46:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 cbc24fc015944f60fff0a495ec6d86c0.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD61-P3
x-powered-by
Branch
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
29
x-amz-cf-id
EMDA8p7L4ysN43S6g8GWUxAH78EifwBaUTGeZc4_Rr7zsee7xG3gwA==
59.aeb7bdac240964840cb2.js
offtherecord.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/59.aeb7bdac240964840cb2.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.23e6b8d8263921a9720d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
dcf098fa11979ad3c4217bbdc012292d2aa9ea75aa644501fd7d9b3bc67c0c43

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 12:54:07 GMT
content-encoding
gzip
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 22:42:02 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
1471941
x-powered-by
Express
etag
W/"157c-18f176c4290"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
CMQRccoIPXBN5dqDzhDXpixKkHSnVEwGAkVdU0E4WvL4adxfetdXHQ==
config_iframe.html
wchat.freshchat.com/widget/ Frame 7960 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://wchat.freshchat.com/widget/config_iframe.html?host=https://wchat.freshchat.com&token=c36ed4b1-ac05-4052-a91f-83203339cd7c&origin=https://offtherecord.com
Requested by
Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.33.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-33-190.compute-1.amazonaws.com
Software
fwe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-encoding
gzip
content-security-policy
style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
content-type
text/html
date
Thu, 16 May 2024 13:46:28 GMT
last-modified
Wed, 08 May 2024 05:23:06 GMT
nel
{ "report_to": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true}
report-to
{ "group": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
server
fwe
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
1
x-fw-ratelimiting-managed
false
x-request-id
b230405a-8b4d-45cc-a1b9-6c6e6a53707e
x-server
dl2xr
x-trace-id
00-e96c09c01697ec71f0967bfb181848d7-930492c08a3c819f-00
x-xss-protection
1; mode=block
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2492303821&v=1.1&a=24128821&rcu=https%3A%2F%2Fofftherecord.com%2F&pu=https%3A%2F%2Fofftherecord.com%2F&t=Fight+Your+Moving+Violation+%7C+Traffic+Ticket+Lawyer+Local+%26+Online&cts=1715867188705&vi=4eb5371dcfdc9ebc55645a021040e2a5&nc=true&u=77102922.4eb5371dcfdc9ebc55645a021040e2a5.1715867188704.1715867188704.1715867188704.1&b=77102922.1.1715867188704&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a500917b-0569-4869-8f18-4f2f7f2e9360
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
18
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a500917b-0569-4869-8f18-4f2f7f2e9360
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kvu1N1U7f9S6JSC%2BpUqpcMLmalnd6gVDh7v%2BsldGJ5QPVRbAANNMd3Uwwbi%2BsxdodPkO%2B22iyq5kqIHMdpg7A9T2NHC03yjiGnPfianATnLCGtsZqvDBqyza%2Bu0KJUv6YYq4H%2FK%2BR81q%2BDjp3DBv"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-nmffp
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
884bd06a0f354da0-FRA
x-robots-tag
none
fc-pre-chat-form.css
snippets.freshchat.com/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snippets.freshchat.com/css/fc-pre-chat-form.css
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/59.aeb7bdac240964840cb2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-55.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9027bc2ee5d559beeb81d822fd8e1b8962f6be256aaed95aca74a0a519406c3a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
7OnEBywXzVAA7dOf2qysIqyO2hTJpPUZ
content-encoding
br
via
1.1 626c544a24a86c6cd608360f520b6d8c.cloudfront.net (CloudFront)
date
Thu, 16 May 2024 13:46:28 GMT
last-modified
Wed, 30 Oct 2019 14:02:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
140
x-amz-server-side-encryption
AES256
etag
W/"4e65817d49212c3bd08daf7ba74670a9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
cache-control
max-age=3600
x-amz-cf-id
iImKSF3MdzV524UdCQmZcGtZcBMIJhvg-DSukyx4Lq3JZgqGEoNiCw==
favicon.ico
offtherecord.com/assets/img/favicon/ 		34 KB
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/assets/img/favicon/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-19.fra6.r.cloudfront.net
Software
nginx / Express
Resource Hash
c5832c43af37aceae73a95406f6115fbbe18b09d463fea354f371c79ae7b9027

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 04:58:13 GMT
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified
Tue, 30 Apr 2024 18:38:12 GMT
server
nginx
x-amz-cf-pop
FRA6-C1
age
377296
x-powered-by
Express
etag
W/"86be-18f304cd220"
x-cache
Hit from cloudfront
content-type
image/x-icon
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
34494
x-amz-cf-id
2U_tXg_ABRfI7p5WBvuJDbwGg6yNP4RbphuYDnd5xp3t4XVd1sp8BA==
/
wchat.freshchat.com/widget/ Frame BB7F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t&eagerLoad=true
Requested by
Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.33.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-33-190.compute-1.amazonaws.com
Software
fwe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-encoding
gzip
content-security-policy
style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
content-type
text/html
date
Thu, 16 May 2024 13:46:29 GMT
last-modified
Wed, 08 May 2024 05:23:06 GMT
nel
{ "report_to": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true}
report-to
{ "group": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
server
fwe
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
x-fw-ratelimiting-managed
false
x-request-id
00d60a3f-3336-4e90-956e-c6b4f4ed2451
x-server
2trjk
x-trace-id
00-f415a96a75e3f3289cb70293087874ff-b724c87eb8c13f72-00
x-xss-protection
1; mode=block
widget.css
wchat.freshchat.com/widget/css/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wchat.freshchat.com/widget/css/widget.css?t=1715867189219
Requested by
Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.33.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-33-190.compute-1.amazonaws.com
Software
fwe /
Resource Hash
58e78ddbe7394cd14a1e3bc3d8a85a8f9a5c319653ce2a50008ed33560df6b1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
nel
{ "report_to": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true}
x-envoy-upstream-service-time
0
x-xss-protection
1; mode=block
x-request-id
0253e02f-5f73-487b-8a86-5dbf306b6e8d
x-trace-id
00-1711d46d1e45482c5a09808b04a0f444-131e033818945d40-00
last-modified
Wed, 08 May 2024 05:23:06 GMT
server
fwe
report-to
{ "group": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
content-type
text/css
x-fw-ratelimiting-managed
false
cache-control
max-age=31536000,no-cache, no-store, must-revalidate, pre-check=0, post-check=0,public
x-server
kgwrl
expires
Fri, 16 May 2025 13:46:29 GMT
co-browsing.js
wchat.freshchat.com/widget/js/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wchat.freshchat.com/widget/js/co-browsing.js
Requested by
Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.33.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-33-190.compute-1.amazonaws.com
Software
fwe /
Resource Hash
1e10e9493470eb296ba1ba705a39455e226be2906bd24a41e1f2b8287ff8f62b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
nel
{ "report_to": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true}
x-envoy-upstream-service-time
1
x-xss-protection
1; mode=block
x-request-id
6c9bcb22-c4fa-494f-aa68-d6577f7f025e
x-trace-id
00-b8a0d9a86d127036388d50dee0b9fe68-5b96ed9bbab3ebc1-00
last-modified
Wed, 08 May 2024 05:23:06 GMT
server
fwe
report-to
{ "group": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
content-type
application/javascript
x-fw-ratelimiting-managed
false
cache-control
max-age=31536000,no-cache, no-store, must-revalidate, pre-check=0, post-check=0,public
x-server
dl2xr
expires
Fri, 16 May 2025 13:46:30 GMT
v2
relay.offtherecord.com/rec/bundle/ 		29 B
234 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/rec/bundle/v2?OrgId=6DGA5&UserId=471a355f-7b58-4e59-965b-dfece311ef74&SessionId=600d8fee-969f-4f6d-8e3c-0c7431b2a64a&PageId=67c77696-94f5-4a83-b9d2-cd0be4e19270&Seq=1&ClientTime=1715867190021&PageStart=1715867187476&PrevBundleTime=0&LastActivity=2367&IsNewSession=true
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.84.112.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-112-40.compute-1.amazonaws.com
Software
/
Resource Hash
0f852606a18a5122ea1a7d72d2160f569ad7d3633a1449f4de9fb93b615fa48c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://offtherecord.com
date
Thu, 16 May 2024 13:46:30 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8
cb.css
wchat.freshchat.com/widget/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wchat.freshchat.com/widget/css/cb.css?t=1715867190091
Requested by
Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/js/co-browsing.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.33.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-33-190.compute-1.amazonaws.com
Software
fwe /
Resource Hash
8029982e606b01f8d1651a46683c7a90ef2496e73823047c0e73b72e285d593e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 13:46:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
nel
{ "report_to": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true}
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
x-request-id
0618e6b9-a179-4acf-9f58-e595750a28f5
x-trace-id
00-84af1928428ec0f3f632bbeb44fd8c52-4ed6bae9d9b50323-00
last-modified
Wed, 08 May 2024 05:23:06 GMT
server
fwe
report-to
{ "group": "nel-endpoint-freshchat", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
content-type
text/css
x-fw-ratelimiting-managed
false
cache-control
max-age=31536000,no-cache, no-store, must-revalidate, pre-check=0, post-check=0,public
x-server
2trjk
expires
Fri, 16 May 2025 13:46:30 GMT
index.html
httpsofftherecordcom.webpush.freshchat.com/ Frame 88B9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://httpsofftherecordcom.webpush.freshchat.com/index.html?ref=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Requested by
Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-11.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-type
text/html
date
Thu, 16 May 2024 13:46:31 GMT
etag
W/"4d98f93ebe4eb8cedbbfdb3004920aeb"
last-modified
Fri, 25 Oct 2019 06:53:38 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 a51af242bb87a51c6b17ed13ee788db8.cloudfront.net (CloudFront)
x-amz-cf-id
u1oRgBYK0gKsSK3fpJ8uhUHBqABSLkzMkRe5dRAoCegnmoYnZPxHzw==
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
/
relay.offtherecord.com/track/ 		25 B
440 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:446/track/?verbose=1&ip=1&_=1715867191438
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.156.207.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-207-182.compute-1.amazonaws.com
Software
envoy /
Resource Hash
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 16 May 2024 13:46:31 GMT
strict-transport-security
max-age=604800; includeSubDomains
via
1.1 google
server
envoy
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
44
access-control-allow-headers
X-Requested-With, X-Amzn-Trace-Id
content-length
25
alt-svc
clear

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/NEJVvb3.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=0657f1e58d69727cf706cc91923b1fd16fd61fae94edb468b8d31cc4830087ca
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/255927.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=0c7751a5182e3722427c4dc1efdc335440fe87a2ff5ef5c74f7b3954a6ce6b7a
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/R5Pyjb0.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=764f20e91dd1c225edb2ecf9d6ff465332eef9b7e27566d5938b2dfde8d9a4ef
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/nsYJGHT.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=9dde3f00f4d5775dc5dfb34520ff10a98440084504c60cfccae2acbb7a3cce58
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/rDlczWa.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=d060ac211736f6f32112badfb2b336baecde587ec65510e3abae81afab1d7e59
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/625699.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=c26ddd38c73403b3f27a76ee70fb4a9ed8d44857bf6b8abcd907fc29adb16ad2
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/567205.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=4942e82e2cd1b02ef98ca463bc48035261299e0410b66cda48440691d169ef30
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/592796.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240516T133040Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240516%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=f36356678649af2803e060e7a95484e6ebf29b11603f5c4d6728d08f1a06f265

Verdicts & Comments Add Verdict or Comment

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| appAbTestFlags object| code object| _vwo_code number| _vwo_settings_timer object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| FontAwesomeKitConfig object| Sentry object| __SENTRY__ function| Stripe object| webpackChunkStripeJSouter function| noop boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS function| loadDeferredStyles function| raf function| setVH number| _vwo_acc_id object| vwoCode object| _vwo_style string| _vwo_css function| commonWrapper function| pushBasedCommonWrapper string| _vwo_cookieDomain string| _vwo_uuid number| _vwo_library_timer string| _vis_opt_file string| _vis_opt_lib undefined| vwo_e number| _vwo_j_e string| _vwo_mt string| _vwo_tm object| VWO object| vwo_iehack_queue object| _vwo_exp_ids object| _vwo_exp object| VWOOmni object| dataLayer object| webpackChunkotr_marketing_site object| gapi object| ___jsl object| SENTRY_RELEASE object| SENTRY_RELEASES object| angular object| branch function| _ function| Snap function| moment function| Flow function| ga object| gaDevIds object| gaplugins object| mixpanel function| fbAsyncInit object| fcSettings object| recaptcha object| closure_lm_499959 function| vwo_$ string| _vwo_server_url object| _vis_opt_queue object| _vis_opt_check_segment object| _vwo_evq function| _vwo_ev boolean| DISABLE_NATIVE_CONSTANTS object| _vwo_t object| _vwo_editorOperationTracker function| _vwo_handleMutations object| _vwo_api_section_callback object| _vis_opt_comb_name function| _vwo_s object| _vwo_campaignData function| _vis_opt_top_initialize function| _vis_opt_bottom_initialize function| _vis_opt_goal_conversion function| _vis_opt_revenue_conversion function| _vis_opt_pause function| _vis_opt_readCookie function| _vis_opt_createCookie function| _vis_opt_element_loaded function| _vis_opt_GA_track function| _vis_opt_register_conversion function| _vis_opt_get_campaign_xPath string| _vis_opt_experiment_id boolean| _vwo_settings_timed_out object| _F_toggles object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis object| google_tag_manager object| google_tag_data function| rdt function| fbq function| _fbq object| uetq string| GoogleAnalyticsObject string| AppsFlyerSdkObject function| AF object| FB string| _fs_loaded function| _fs_shutdown object| __buffer function| GooglemKTybQhCsO function| google_trackConversion function| gtag function| onYouTubeIframeAPIReady object| gaGlobal object| gaData function| redditNormalizeEmail object| AF_SDK function| UET function| UET_init function| UET_push object| ueto_4f631517b9 object| fcWidget object| _hsp object| __hsCollectedFormsDebug object| _hsq object| _paq function| sanitizeKey boolean| _hstc_loaded object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running string| _fs_rec_settings_host object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran string| _dlo_appender object| _dlo_telemetryExporter number| _dlo_logLevel object| _dlo_beforeDestination boolean| _dlo_previewMode boolean| _dlo_readOnLoad boolean| _dlo_validateRules object| _dlo_rules_adobe_am object| _dlo_rules_google_em object| _dlo_rules_google_em_ga4 object| _dlo_observer boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| fcPreChatform object| fc_cobrowse object| _fc_cbtemplate object| __sentry_instrumentation_handlers__

38 Cookies

Domain/Path Name / Value
.offtherecord.com/ Name: _vwo_uuid_v2
Value: D3EA9D517E62A1B345EC64DEFA83C95E2|9a6e00dea6d12b4dc7684865c80c36df
.offtherecord.com/ Name: _vis_opt_s
Value: 1%7C
.offtherecord.com/ Name: _vis_opt_test_cookie
Value: 1
.offtherecord.com/ Name: _vwo_uuid
Value: D3EA9D517E62A1B345EC64DEFA83C95E2
.offtherecord.com/ Name: _vwo_ds
Value: 3%241715867186%3A78.86012222%3A%3A
.offtherecord.com/ Name: _vwo_sn
Value: 0%3A1%3A%3A%3A1
.offtherecord.com/ Name: _vis_opt_exp_28_combi
Value: 2
.offtherecord.com/ Name: _vis_opt_exp_46_combi
Value: 2
.offtherecord.com/ Name: _vis_opt_exp_50_combi
Value: 3
.offtherecord.com/ Name: _gcl_au
Value: 1.1.740368755.1715867187
.offtherecord.com/ Name: mp_971aeee0e6b3795a30de20c2cc8585b4_mixpanel
Value: %7B%22distinct_id%22%3A%20%22%24device%3A18f81a77506413-08d1c2f8d7b3cf-26001d51-1d4c00-18f81a77506413%22%2C%22%24device_id%22%3A%20%2218f81a77506413-08d1c2f8d7b3cf-26001d51-1d4c00-18f81a77506413%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22__mps%22%3A%20%7B%22%24os%22%3A%20%22Windows%22%2C%22%24browser%22%3A%20%22Chrome%22%2C%22%24browser_version%22%3A%20124%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22%24vwo_user_id%22%3A%20%22D3EA9D517E62A1B345EC64DEFA83C95E2%22%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%7D
.offtherecord.com/ Name: _ga_TMGSMNG8YY
Value: GS1.1.1715867186.1.0.1715867186.60.0.0
.offtherecord.com/ Name: _ga
Value: GA1.2.586903730.1715867187
.offtherecord.com/ Name: _gid
Value: GA1.2.1464266149.1715867187
.offtherecord.com/ Name: _rdt_uuid
Value: 1715867186919.2b7655d5-4e34-4fa1-9c84-2d073f872889
.offtherecord.com/ Name: _uetsid
Value: b11a01e0138a11efa53261f9fd3176ad
.offtherecord.com/ Name: _uetvid
Value: b11a4640138a11ef8d92791d5bacba51
.offtherecord.com/ Name: _gat_gtag_UA_69140841_1
Value: 1
.offtherecord.com/ Name: _fbp
Value: fb.1.1715867186971.1488947096
.bing.com/ Name: MUID
Value: 29F35A4A574B659927334ECB567C6465
.appsflyer.com/ Name: af_id
Value: 6d690640-1146-44c2-880d-65ebdcfc103b-p
.offtherecord.com/ Name: afUserId
Value: 6d690640-1146-44c2-880d-65ebdcfc103b-p
.onelink.me/ Name: af_id
Value: 6d690640-1146-44c2-880d-65ebdcfc103b-p
.offtherecord.com/ Name: AF_SYNC
Value: 1715867187368
.offtherecord.com/ Name: fs_lua
Value: 1.1715867187475
.offtherecord.com/ Name: fs_uid
Value: #6DGA5#471a355f-7b58-4e59-965b-dfece311ef74:600d8fee-969f-4f6d-8e3c-0c7431b2a64a:1715867187475::1#/1747403188
.offtherecord.com/ Name: otr-referrer
Value: %22https%3A%2F%2Fofftherecord.com%2F%22
m.stripe.com/ Name: m
Value: 83987094-7923-4ed3-aef0-bae1da604982898654
.offtherecord.com/ Name: __stripe_mid
Value: 6b40c751-3d47-43c2-a691-430392a0800e0e8d08
.offtherecord.com/ Name: __stripe_sid
Value: 977ee281-65da-4968-8626-3780c2d78d27ab609c
.hsforms.com/ Name: __cf_bm
Value: gtXr.kUGtMQvJDalcdeREhuKu_9PUERy2SExf7D150U-1715867187-1.0.1.1-9IwXg2VvdL_8.mA1EXnDkHJ5UyT3MJTEH_ASLgpUptmuCNAnW92_uyw_5soJeCynN8oxmNy5XzHy.1ncMMwcww
.hsforms.com/ Name: _cfuvid
Value: hYvUCD9jFyLuMLjgPY_7OxTHg_Cdxvc7iAdihJULH10-1715867187789-0.0.1.1-604800000
.offtherecord.com/ Name: __hstc
Value: 77102922.4eb5371dcfdc9ebc55645a021040e2a5.1715867188704.1715867188704.1715867188704.1
.offtherecord.com/ Name: hubspotutk
Value: 4eb5371dcfdc9ebc55645a021040e2a5
.offtherecord.com/ Name: __hssrc
Value: 1
.offtherecord.com/ Name: __hssc
Value: 77102922.1.1715867188704
.hubspot.com/ Name: __cf_bm
Value: OY0WfCWkWE86ub7Ajr8AYqqum6hOm8m3wruHjGhx5.o-1715867188-1.0.1.1-tSwYUIHmRD6JIb6zL6L43vx3FfxET2DV0f.3C.1ENX__lO4eaVL1mr7R5M_CTxVT03yZvULkQDAP0_vXhjWUcw
.hubspot.com/ Name: _cfuvid
Value: xX6OwyNC9kFg1uaAc7eZ_Mwb4DBELcgI72FBZzB4Rwg-1715867188954-0.0.1.1-604800000

9 Console Messages

Source Level URL
Text
other warning URL: https://connect.facebook.net/signals/config/185612438538592?v=2.9.156&r=stable&domain=offtherecord.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 97)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://offtherecord.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
anhkgav0.apicdn.sanity.io
apis.google.com
bat.bing.com
browser.sentry-cdn.com
connect.facebook.net
cta-service-cms2.hubspot.com
dev.visualwebsiteoptimizer.com
edge.fullstory.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
httpsofftherecordcom.webpush.freshchat.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.hubspot.com
js.stripe.com
ka-p.fontawesome.com
kit.fontawesome.com
off-the-record-service.s3.us-west-2.amazonaws.com
offtherecord.com
otr-backend-service-us-prod.offtherecord.com
perf-na1.hsforms.com
region1.analytics.google.com
relay.offtherecord.com
snippets.freshchat.com
stats.g.doubleclick.net
track.hubspot.com
wa.appsflyer.com
wa.onelink.me
wchat.freshchat.com
websdk.appsflyer.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.redditstatic.com
off-the-record-service.s3.us-west-2.amazonaws.com
100.25.50.51
104.18.80.204
142.250.181.232
142.250.186.35
151.101.128.176
151.101.193.140
157.240.252.13
18.173.205.60
18.245.60.11
18.66.112.5
2001:4860:4802:32::178
2001:4860:4802:32::36
216.58.206.66
216.58.206.67
216.58.206.68
2606:4700:4400::6812:22e5
2606:4700:4400::ac40:93bc
2606:4700::6810:6dfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8bd1
2606:4700::6811:afc9
2a00:1450:4001:806::200a
2a00:1450:4001:812::2003
2a00:1450:4001:81d::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2008
2a00:1450:400c:c1d::9c
2a01:111:202c::237
2a02:26f0:3500:11::215:14d5
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:200::729
2a04:4e42:400::396
34.102.211.197
34.96.102.137
35.201.112.186
52.222.214.55
52.222.236.6
52.55.33.190
54.156.207.182
54.84.112.40
99.86.4.19
01a3066991f4af85d35aaa0068aa00054f9762f39c263853f49518d5f9784c4b
031f287592b33afc19eee9195f23b5146d5922bc004dc439df3e3d8b0bf54008
0632be9691818d992c04349dc8030b55f18c2fe82ee831a4bf1a49d9198431ab
072583eaca4f4cf965ff3913f7bffe2108cb46c91f28a51cff411e91459ca836
091c27084bee9182fda190c70ab01d92f1f32c72be2f4dd37946f62c315ec574
099f5764acf448fdd12bdb9f709606093ea481ecf2b55f03f89ed8cbad7849fb
0bc3b201b03f97f0a69115ed407d31214e8b54671e399e1391d5d705a5f9acc0
0e52361cb2f6af4bb1f5fa4f27c87ddb8c6d4918ccd75655bd1d1bb34d4eeabe
0f852606a18a5122ea1a7d72d2160f569ad7d3633a1449f4de9fb93b615fa48c
101dd9d7bb974d92c5a782371369855b10b7c21985affc76696f03f968cc5278
1153b55bebff3c11194b85fe0b16ff2378fcf8c0b10a220727eb4ad762491d5c
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
140b39454c5fc946599ae1bd2693d78b6761690a5feecd27657ac4d3a197c242
1580a6a19cb081a84215f13b42f765469beb87d7401f16349760cd067fc4da71
17d2ee6ef525d4a35125c1ce7417ef5b7e1b611c2dc110a3add824bb078adcbf
1e10e9493470eb296ba1ba705a39455e226be2906bd24a41e1f2b8287ff8f62b
1f3387f11826be4923a2d3a8c1542780abd6d4c66ce13f2de770f2e386989593
1f5b000935bd4d56e6b3d6407a69da5d934d247c94a833d845b2476d3a3b8f22
1feff37397f802603ed85e9061608051d5b2a77cea125d78519057d06232b07b
28503820ff423a3e61dcab001567d362860dfed3863e3143f5046316a2f262f2
2d367b9054bc5b92d423f2f9484c18d8b41468a7f4fd9e63829d3dba290a206e
2d95f71505cec68b09ebcbad4208d2ede280629de1b62c329cca5aab65fad29a
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2
32a55c673dfbcccd608dfa96cd2aa9b34d0b503ba32de13ace9f5b81c05e0386
3370a96aebff78410e002417215f133482a4b23ea268641d1677781fed9e61fc
381a645c1801dac785327a9452a975461d0a8959eee9edc567430955f3031bb4
38ba6370b8d16de4ee7f82099425ead835ff7317d56bf86fe0f5bd34a1a266ef
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
3902daf989c8e80d1188248efa27b41247335fc24cad53b41d46347f3d27e595
39f976b287176178a645cb4f743ec4f3dbb7a08c31ca34c3b096e7bba425c322
3b604f1e389d668b8535edb53e650780275dfa02e874ecc98c8f72c38662799f
3bf4e07601b268d1d7e49c3d59f63db2263c9e69868e27d9f5cf87e6ddd74c84
3d8e3be54a20aef89dda975f8e468db27fc034065c3b10e3780bd0812056c2fa
3ef96cf8ace7331eac86b1109658ad523a208e1f2d4cffb715964b5c3611930f
3f0730cd0abfa61ab736fc7797e8d6ed2ad78d1b1a903a0664bcfb2f67b04adb
3fa8412e22a263baf0081df39a3ae64d5caa1a1c22ecbe8b865e1751792de101
40f8b64d24709b5797b75a6543b44984dd3d4c3d205b5bcb9e181a6570348756
4333f5dde7ebbe95817db62d45966b8b0ea878734e0ebdceb3cbf93b0b2620d0
45295a811f899c7eea5e4d0312049da477390afc2a94ffa491dc6979cc34c9ec
45303277878437cb8faafcbaf090aac7fd30089fd26bfe3bb4490641e7cec84f
46deed2d373abe70cb9a8271dd451b2d3c1e4959f88a21613ee3141689a1a8cb
489d06131e031d27a033f924daba197f6b483b9bc8602b0dddaea8ebe90f60d8
4c4f3badf00f087b073e0402909bff2d823fe8ad9536b026ae5a3469646ad572
4c64d183304fcb9316adeceed80e112ae71c6e33484b097896dbb6998d4b9659
516640faeb856df6599d165f26ee51ce8cbaaf34f7c09d818509e75f6a48ae13
53355e92ca37f077ef5fb7dbcc40b579ab0fa9178e19121d54ce99ece2f39aeb
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
55702f227767323ea2a7ccd56b525059bf36257f8dc1c3dd107611290c82b957
55e9a08cde71ec47754aef6c72a216b2900fecfe5015d035cc04a0935cdd4e42
58e78ddbe7394cd14a1e3bc3d8a85a8f9a5c319653ce2a50008ed33560df6b1b
5ccd2a2d0cfc8f7b36c238c935a36c751eb306a4f23788a0c6c33eec1a5a2071
5d904be0b7b81df09b9197c0b09baac3340e08a583a17f64b75e1c0b467dd07f
603e10027c39bb736cc7dee132026554899c8df72c18a59e85d3f748228b0bd9
606fb5659a5c1dae00bdb2632be3bc8e7084b276c01697e45ff664bd7321b2cc
648c698dd41bf291833204226476e7d092b281fd06255a70a4925f45ca8c96c2
67a8b91c7b7e19e80feb9b82d946c3eb063d7ef3c3b4f58eb8d60a3dacebaf2d
6a432ec996da0b400368eb6cf47f8e056f2b25e32a50b03d9a709fa6c1fecc1a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b771d8c7719a4d6187fb47de02b830ba0ccf68e66be12526786ded85cb960b2
6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65
6df299ccb4c80ca40f40a363ea96f2f27883a3795e92a5916dff29d959681132
703c6538c7c240f05fa39933fe7625588a50071d6d402250da0075de638c7b81
72ff5f072ff8347ad899bd99947a0d5267d932023e4698611da3e36b9d7d7899
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
770ab091f87c39b70a00d92d2479d6564064e4a89859285c6cdc08a502e8aa52
7742bb16ac54dbccd2a9df6edc159ff921e1e738f08dc0d4b4b9f31424ede919
78555e77f61d09d04c161af14988377120b44cbfa38a4f8886083949e34f3e46
7924fd2e6167be712d7efea6b2de21a7331899da86cc273461d4e40b5a522af3
7b5edcbf4a04dec3e1381046ccfe8e7135eaca4cc47973ccfd4ec6384b39b8bb
7b7ca9dee8acbf03925b43a2cb76e364ba514c30a18de9f1523d0b156093c7d6
7ccf80229bbe586853232059978b67c1dbe6ccd7f6b4b8585b34bbcf2d9f195f
7e3f2e5c9c0f642f19eb5d1488c3257ad89341700795e0e6253400c876c4e06d
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
8029982e606b01f8d1651a46683c7a90ef2496e73823047c0e73b72e285d593e
814c8a6926d53ce3bb4926b0110b62517e530a4c557c23adf7907672c5c852ee
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84201b5b07ed135255667b4e6b46c729c065e1983f571fb7b0d9eeff075926ce
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87d1d3eff67f2586e9039d705d502f782613f87dac4850653e10973940ffb7c0
8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3
8b852e041e35b676cf550d19cf8d15bc58db780a3827626518f4e0dfc5fb3109
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e742fbd7146cea9dee3a9c4b4474e1da43f62e8864d519c1debe7f10ec6043b
9027bc2ee5d559beeb81d822fd8e1b8962f6be256aaed95aca74a0a519406c3a
909c4adf1c2435d373b6e0d83ee64cc9888881ac24905238ea010b4da3d06b93
91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e
98af017c05d0d89d07187e5fea5df961cfe0da03321de1daf05e545b663718a4
99141deb1e06c17d62b664d1b8bacde6c827cd0559a8cd2c2a81b45e0ac3304c
9d1ce97752f29df67b0b336f715364cb0b902c9a9cbe004f9956767448da360d
9d64ce89336a149d954573c477ff7d9b320f92db397e754626c809b1d1313503
a05de9f3792048eff0cedc9370691b2a604cc1628f6aa9f70ad07444d2f02bdb
a2b40eed2a14d541eb0ec80d05d29815fa18fd71c46455fc374a47a81226e9d6
a3d2952330aefe690302e90460777d9b5c6fc354861336a919c83e44fe352800
a3f0bb01c2a58152d7bdb54d6c26b16bc5499273e904cc792940e99b71461771
a5d227b5d9c8b9b461d0a35df1c39685463fe0bd375c2aa2aa197dfd2776a7c8
a660a82226cc76c6674f060a12de2c7eb6b5aa98ee9e725d296fa7b5934d0f20
a6b9e77f842f68bf64b450048c752a189401955f45d149c5430fbc208469ffe0
a8510ffd3e9d2934e0ad67e81a2fc12f36e2b04ac3f3f150bd7e44ad12af3d76
ab7cf6d604656e7b693a04fad0db66744fd810935ddcdd3db5f37ec8d98c2c21
abe72c7981d3e55e05f111caebead10a7e80cf20b3b60776600724f251c4790d
adf138613e55c65103aaada7a42614be1d0d604596e4ce3b2d0319e823bb0628
af04f015df3bbffd125ee30eaf78e7f1c9328f5b967d66f7b7f8958472464dda
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b07fffef0ae1504dfba7fb4096afb6e097815298973f51a1b211771e05c075b0
b1072a719f94243b211b6fcb7c0a510e242f35b508c048fee84aeaf58e707f86
b1ec55a9e66fe05243e1977a0db2af48f4af4c07bfd0b9cdef32c01ab0f42b9d
b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1
b6892a725066e5a0c71c46574e9e5c2459c51c067c9ecd576abe77a70f442b2d
bceb73993d094c4c821c7571921103bdc8c05e9082c4fc513d244358d53593db
bd90f865472fe70f7acafca83b79b17cea7a2687024d4842309ad97e7bc04f7c
c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
c46812c7c91d67dcc84ac30ff32138415af25b3416ea5b6588628cb3e2d1f686
c5832c43af37aceae73a95406f6115fbbe18b09d463fea354f371c79ae7b9027
c5fb457fc69058cd84b72db3a52c0ef9961aa7d18e7bab081d7f1953a7cc23dd
c625a259d52303bc63e165e0326e1d78de9bb5b5074423f368df77fca407b7bf
cad08c9782cbde27b90104ded5f58eddcf7fcf469f6a7f61ee8c489a8f377e2e
cafed8afce97ffc3d420081a23c193ac0dc3d2c70454332284233b3d151da5ad
cf6683ec2fb825072bc67ba2b4831425951dc365245d5334ca6f2150f50e1590
d100a79e9ca4f220f81fd0729136ce2839c361f0850a3ddabb987bb04c99b925
d3660f16bdb84ff188271392c0ea11386273e98704f7c342f37d895b0b04add4
d52af8243ca6afe270829cfe2853cb79a486b81650f8b575374a220c311d5411
d61c08de21fbc87ef485040ce4ca9a20c09251ae6799d5732af329da1849dfba
d6e3f262b644684cf01035d52e9be7e3a27577dbd1a36efb9470dc91e99e2f42
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcf098fa11979ad3c4217bbdc012292d2aa9ea75aa644501fd7d9b3bc67c0c43
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2eb49ebf978dd7140eacd08fca34dfe6da0db3bebdee08606996d00766d60af
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
e92f0b552deffbf207cee5389713056c7c3d27e4b9b9edaf29338d01a83c5962
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
ed1f896874cf1d2e5ffcf369ed1277be55c36ab18bcbeb822e7a587008e397bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01d3fe2a8106b2ac0fe9ed20c7c3548c198cb1402e5fba6ac150841ea4bd65f
f1e6a0811f0df7be7482db95552fd57017ca33d5a35f07c330859debd46d135c
f304f3fd3d8bb15da7a2bafcf83f90bb40bff5bbe00bc0671ebca41e0128d903
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5dbb505669739738cf8a5549be5dd78dd7915ce8a33127632d428efb795f089
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7b242b6fc836be7b2e892946b2c7293d65da02a12ba9cb368e3ce404ad33819
f9c242bdf5411decaed3c6fd15a0193472feedd3f6509fa5d3a91267cb7daa27
fac08aba895b0525de1904bc4fb04928ba03ec2cd715d084831f0dd265774bce
faf47e501cdae61064aed4b03b1129d37c6e004ebde6f6452f1632f835c9f318
fca26b24960b9a7badc3221b8c2d0daf2f7fe9f1774da08ca290ab56bc62cd5f
fda8e2340dd0d31581f956b339da1e9533a2c6838d385e672f984d069dab2a62
fdcc34060c0c6a0ec771d0a4f1e14f00092e96577e166be28d33b83ba72faa69
fff6dfa0ddf00aaa98c8e94c031182b05d9d7b1bd9a758db03633d6daf97e411