plus.ahavta.com Open in urlscan Pro
2606:4700:4400::ac40:93a9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ahavta.com/
Effective URL:
https://plus.ahavta.com/p/willkommen
Submission: On September 23 via api (September 23rd 2023, 12:37:40 pm UTC) from US — Scanned from US

Summary HTTP 42 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 10 domains to perform 42 HTTP transactions. The main IP is 2606:4700:4400::ac40:93a9, located in United States and belongs to CLOUDFLARENET, US. The main domain is plus.ahavta.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 31st 2023. Valid for: a year.

This is the only time plus.ahavta.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	2a0c:5f00:1:1... 2a0c:5f00:1:11f::	20647 (IPB IPB I...) (IPB IPB Internet Provider in Berlin GmbH)
7	2606:4700:440... 2606:4700:4400::ac40:93a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2600:9000:24f... 2600:9000:24f9:7800:4:b4b9:d3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:402... 2607:f8b0:4020:806::2003	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:400... 2a04:4e42:400::729	54113 (FASTLY) (FASTLY)
6	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	108.157.147.100 108.157.147.100	16509 (AMAZON-02) (AMAZON-02)
3	2607:f8b0:402... 2607:f8b0:4020:806::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:4400::ac40:9a0b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:402... 2607:f8b0:4020:807::2004	15169 (GOOGLE) (GOOGLE)
42	11

2 2a0c:5f00:1:11f:: (Germany) 2 redirects

ASN20647 (IPB IPB Internet Provider in Berlin GmbH, DE)

ahavta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:4400::ac40:93a9 (United States)

ASN13335 (CLOUDFLARENET, US)

plus.ahavta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

substackcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:806::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::729 (Ascension Island)

ASN54113 (FASTLY, US)

js.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.157.147.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-147-100.mci50.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4020:806::2008 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9a0b (United States)

ASN13335 (CLOUDFLARENET, US)

substack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81c::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4020:807::2004 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	substackcdn.com substackcdn.com — Cisco Umbrella Rank: 25336	2 MB
9	ahavta.com 2 redirects ahavta.com plus.ahavta.com	117 KB
6	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1476 cloudflareinsights.com — Cisco Umbrella Rank: 1455	14 KB
3	substack.com substack.com — Cisco Umbrella Rank: 23404 Failed	9 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	231 KB
2	google.com www.google.com — Cisco Umbrella Rank: 11	563 B
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 66	3 KB
2	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 2469	95 KB
2	sentry-cdn.com js.sentry-cdn.com — Cisco Umbrella Rank: 7870	3 KB
1	gstatic.com fonts.gstatic.com	34 KB
42	10

	Domain	Requested by
13	substackcdn.com	plus.ahavta.com substack.com
7	plus.ahavta.com	substackcdn.com plus.ahavta.com www.datadoghq-browser-agent.com
4	cloudflareinsights.com	www.datadoghq-browser-agent.com static.cloudflareinsights.com
3	substack.com	substackcdn.com substack.com
3	www.googletagmanager.com	substackcdn.com www.googletagmanager.com
2	www.google.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	www.datadoghq-browser-agent.com	plus.ahavta.com substack.com
2	static.cloudflareinsights.com	plus.ahavta.com substack.com
2	js.sentry-cdn.com	plus.ahavta.com substack.com
2	ahavta.com	2 redirects
1	fonts.gstatic.com	plus.ahavta.com
42	12

This site contains links to these domains. Also see Links.

Domain
substack.com
substackcdn.com

Subject Issuer	Validity	Valid
plus.ahavta.com Cloudflare Inc ECC CA-3	`2023-01-31` - `2024-01-30`	a year	crt.sh
substackcdn.com Amazon RSA 2048 M02	`2023-03-14` - `2024-04-12`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-01` - `2024-09-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.datadoghq-browser-agent.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-14` - `2024-01-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
substack.com Cloudflare Inc ECC CA-3	`2023-09-13` - `2024-09-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://plus.ahavta.com/p/willkommen
Frame ID: 139B1E40D0E464CB6F39811C86228918
Requests: 25 HTTP requests in this frame

Frame: https://substack.com/channel-frame
Frame ID: 506B6C6832ED8F5F0E89742E43D48BCB
Requests: 1 HTTP requests in this frame

Frame: https://substack.com/channel-frame
Frame ID: 6488ECA1EE60FD897F7041EF9411F415
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Willkommen! - by Ricklef Münnich - ahavta - Begegnungen

Page URL History Show full URLs

http://ahavta.com/ HTTP 301
https://ahavta.com/ HTTP 301
https://plus.ahavta.com/p/willkommen Page URL

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

42
Requests

98 %
HTTPS

91 %
IPv6

10
Domains

12
Subdomains

11
IPs

4
Countries

2711 kB
Transfer

7445 kB
Size

12
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://substack.com/profile/119526272-ricklef-munnich

Search URL Search Domain Scan URL

URL: https://substack.com/@ahavta
Title: Ricklef Münnich

Search URL Search Domain Scan URL

URL: https://substackcdn.com/image/fetch/f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F28bc640c-c7bc-41b3-941e-21cadad9e0e4_1280x720.jpeg

Search URL Search Domain Scan URL

URL: https://substack.com/tos
Title: Bedingungen

Search URL Search Domain Scan URL

URL: https://substack.com/ccpa#personal-data-collected
Title: Sammelhinweis

Search URL Search Domain Scan URL

URL: https://substack.com/signup?utm_source=substack&utm_medium=web&utm_content=footer
Title: Beginnen Sie zu schreiben

Search URL Search Domain Scan URL

URL: https://substack.com/app/app-store-redirect?utm_campaign=app-marketing&utm_content=web-footer-button
Title: Holen Sie sich die App

Search URL Search Domain Scan URL

URL: https://substack.com/
Title: Substack

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ahavta.com/ HTTP 301
https://ahavta.com/ HTTP 301
https://plus.ahavta.com/p/willkommen Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request willkommen Show response
plus.ahavta.com/p/
Redirect Chain

http://ahavta.com/
https://ahavta.com/
https://plus.ahavta.com/p/willkommen

136 KB
24 KB

234ms
97ms

Document
text/html

2606:4700:4400::ac40:93a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:93a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a6b3ea835029589e60b692b2f903ea241203345c8a626b9878886cf5d2e8d5ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: HIT
cf-ray: 80b2d6ee88670a2a-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 23 Sep 2023 12:37:32 GMT
etag: W/"220e2-W3ST8hsiw3xbMIOXRdZ5g1crO1o"
link: <https://substackcdn.com>; rel=preconnect
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cluster: substack
x-deploy: 6f9748c38d
x-frame-options: sameorigin
x-powered-by: Express
x-served-by: Substack
x-sub: ahavta

Redirect headers

Connection: Keep-Alive
Content-Length: 244
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 23 Sep 2023 12:37:32 GMT
Keep-Alive: timeout=5, max=100
Location: https://plus.ahavta.com/p/willkommen
Server: Apache

GET
H2 200 main.5f324d5bfa9474e9ba4b.css
substackcdn.com/bundle/theme/ 473 KB
66 KB 335ms
85ms Stylesheet
text/css 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://substackcdn.com/bundle/theme/main.5f324d5bfa9474e9ba4b.css
Requested by: Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f28c27180119dc2352b86c74e0bfb14786e27463e9a7c8d79c7853b94f83fc84

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 15:11:51 GMT
content-encoding: gzip
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 77142
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-expiration: expiry-date="Thu, 21 Mar 2024 00:00:00 GMT", rule-id="StaticAssetIntelligentTiering"
last-modified: Fri, 22 Sep 2023 15:07:58 GMT
server: AmazonS3
etag: W/"5f324d5bfa9474e9ba4b08f0374180fd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: b1Vhaf2pCQQWmo55vHp11BaCa8GBRkqqzVDX34famm9Ifn7YGWaOKA==

GET
H2 200 color_links.0fb581553fbc852d4e4b.css
substackcdn.com/bundle/theme/ 2 KB
981 B 424ms
173ms Stylesheet
text/css 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://substackcdn.com/bundle/theme/color_links.0fb581553fbc852d4e4b.css
Requested by: Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72471a51ae7ffc4af3155280bce2974d8cd2d018d757c3ca45745868f3467268

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:11:11 GMT
content-encoding: gzip
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 1589
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-expiration: expiry-date="Thu, 14 Mar 2024 00:00:00 GMT", rule-id="StaticAssetIntelligentTiering"
last-modified: Fri, 15 Sep 2023 21:07:28 GMT
server: AmazonS3
etag: W/"0fb581553fbc852d4e4bdb63c47c1e75"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: 6Rii8JUL7q0XKnSkMrUqWEgYkHKBx6K1ntZxmm8wu4BBwOlmFib-MQ==

GET
H2 200 main.5246450c7156b9713c72.css
substackcdn.com/bundle/ 325 KB
41 KB 437ms
187ms Stylesheet
text/css 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://substackcdn.com/bundle/main.5246450c7156b9713c72.css
Requested by: Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fcb700717f29caf313d04a8addbc424b332310400da5390d97a1df9140919637

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 20:31:21 GMT
content-encoding: br
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 57972
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-expiration: expiry-date="Thu, 21 Mar 2024 00:00:00 GMT", rule-id="StaticAssetIntelligentTiering"
last-modified: Fri, 22 Sep 2023 20:28:54 GMT
server: AmazonS3
etag: W/"408bcaec439c4cc3ec14d54381b8ec65"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: EMGiQDsjebIy5u39cIeuTwp254rtmH-F3GdrIzS11amakwkN3ej1nA==

GET
H2 200 BngMUXZYTXPIvIBgJJSb6ufN5qWr4xCC.woff2
fonts.gstatic.com/s/robotoslab/v25/ 34 KB
34 KB 331ms
80ms Font
font/woff2 2607:f8b0:4020:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v25/BngMUXZYTXPIvIBgJJSb6ufN5qWr4xCC.woff2

Requested by

Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da1bf6d3deecd091e6a29886c2499f1b784e5b361493ad966f130871155c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plus.ahavta.com/
Origin: https://plus.ahavta.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 01:16:07 GMT
x-content-type-options: nosniff
age: 40885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34772
x-xss-protection: 0
last-modified: Tue, 02 May 2023 17:02:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 01:16:07 GMT

GET
H2 200 https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faea3c9f6-d934-49cb-b5c7-92c8f773175f_768x768.png
substackcdn.com/image/fetch/w_96,c_limit,f_auto,q_auto:good,fl_progressive:steep/ 3 KB
4 KB 498ms
250ms Image
image/png 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://substackcdn.com/image/fetch/w_96,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faea3c9f6-d934-49cb-b5c7-92c8f773175f_768x768.png

Requested by

Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

imgproxy / Express

Resource Hash

ba4c6230e6bb8adb721f3e18d7c46c266ec2af53e6e91b0305429e23ff487eef

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 07:28:24 GMT
content-security-policy: script-src 'none'
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 18548
x-powered-by: Express
x-cache: Hit from cloudfront
content-disposition: inline; filename="aea3c9f6-d934-49cb-b5c7-92c8f773175f_768x768.png"
alt-svc: h3=":443"; ma=86400
content-length: 3182
x-request-id: wTUb5Q6hpjCbhU_fdFYJz
server: imgproxy
etag: "BFcyhJUgw6kDr9UPxBpSsKXSMElaOAVla8V55nXtu48/RIjYwODc4NDNhNjBkYWRkZGViYmViOTJjYzA3MWMwNDFjIg"
content-type: image/png
cache-control: public, max-age=31536000
x-amz-cf-id: 9gbgpqGZJsORdkpS9Wmy20YdwIzRK2VPivF6zJPgiezaKABt2J7Cgw==

GET
H2 200 https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F454195ca-5401-407e-bc9c-37f522f20570_2952x2952.jpeg
substackcdn.com/image/fetch/w_80,c_limit,f_webp,q_auto:good,fl_progressive:steep/ 2 KB
3 KB 495ms
247ms Image
image/webp 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://substackcdn.com/image/fetch/w_80,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F454195ca-5401-407e-bc9c-37f522f20570_2952x2952.jpeg

Requested by

Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

imgproxy / Express

Resource Hash

98878e9bb1bb00673a4a23c525e47bf01b3dfad7cfa58ad2e95fc6bd4adc79ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 22:19:07 GMT
content-security-policy: script-src 'none'
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 224305
x-powered-by: Express
x-cache: Hit from cloudfront
content-disposition: inline; filename="454195ca-5401-407e-bc9c-37f522f20570_2952x2952.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2186
x-request-id: 8FxW1CgECp8rnJZu3snAb
server: imgproxy
etag: "TEB7RoQudZlDj6myBa_wZakVWebMDU2S36ulYMNTbuI/RImIzNzU3YjQ4YmQ5MWQwMGZmYzkyM2JjNWFiMmNmMTQzIg"
content-type: image/webp
cache-control: public, max-age=31536000
x-amz-cf-id: iUdupZnqOk_sIzCDnass_xcYhGQYHbTaGvwDv7SieM8OmLHm9Z7DIw==

GET
H2 200 https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F28bc640c-c7bc-41b3-941e-21cadad9e0e4_1280x720.jpeg
substackcdn.com/image/fetch/w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/ 41 KB
42 KB 478ms
228ms Image
image/webp 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://substackcdn.com/image/fetch/w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F28bc640c-c7bc-41b3-941e-21cadad9e0e4_1280x720.jpeg

Requested by

Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

imgproxy / Express

Resource Hash

310224cc4f9f0700437c0ee3c5fc46c18366761ec81a804d9de39376a0b56678

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 07:28:24 GMT
content-security-policy: script-src 'none'
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 18548
x-powered-by: Express
x-cache: Hit from cloudfront
content-disposition: inline; filename="28bc640c-c7bc-41b3-941e-21cadad9e0e4_1280x720.webp"
alt-svc: h3=":443"; ma=86400
content-length: 42182
x-request-id: MQo0EvC-dF3hFuDIBIWu7
server: imgproxy
etag: "qlHU8V3NNJZpU215InPeVsn00WaLseK6OIW4Dd6ZlMo/RImNjZTIwZjNhOGFhZmZlZDYzNTYwNWU1Yjc4ZWQ4ODFkIg"
content-type: image/webp
cache-control: public, max-age=31536000
x-amz-cf-id: UrH0Yl9TnLbttnsdM_M9rmZxecCTGJG60QEbaaKVGBzjMhAjhUAUkg==

GET
H2 200 https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71e0a42c-eb38-43e4-b732-3868bd54efa5_3955x2225.jpeg
substackcdn.com/image/fetch/w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/ 434 KB
435 KB 407ms
407ms Image
image/webp 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

imgproxy / Express

Resource Hash

8bf3b1ba34521bba96a462059857ef5d776256ad705b95f557d5f8261f125d7e

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 19:40:09 GMT
content-security-policy: script-src 'none'
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 233844
x-powered-by: Express
x-cache: Hit from cloudfront
content-disposition: inline; filename="71e0a42c-eb38-43e4-b732-3868bd54efa5_3955x2225.webp"
alt-svc: h3=":443"; ma=86400
content-length: 444634
x-request-id: 0WLe5nPtwRq9NV4xE5c3W
server: imgproxy
etag: "qlHU8V3NNJZpU215InPeVsn00WaLseK6OIW4Dd6ZlMo/RIjZjNTdiMmZkOWYzMGExZTVmNzVjMWU0MmZhMzA5OTBiIg"
content-type: image/webp
cache-control: public, max-age=31536000
x-amz-cf-id: PfgPbMCgyv4uokj9wGp_0F2GqOBcncLLLnGNxlSZxwDxhgl-CsGaqw==

GET
H2 200 6c2ff3e3828e4017b7faf7b63e24cdf8.min.js Show response
js.sentry-cdn.com/ 2 KB
2 KB 104ms
32ms Script
text/javascript 2a04:4e42:400::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.sentry-cdn.com/6c2ff3e3828e4017b7faf7b63e24cdf8.min.js

Requested by

Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::729 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f2334f2d03d85a38074d80f86ac81369cf765105c41b7b17fc7229994357cb94

Security Headers

Name	Value
Content-Security-Policy	connect-src ; style-src 'unsafe-inline'; base-uri 'none'; img-src * blob: data:; object-src 'self'; font-src * data:; frame-ancestors 'self' .sentry.io; default-src ; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com ssl.google-analytics.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=d973ce07a1403ec7ea350eed557d7a9b89d1fb0a
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plus.ahavta.com/
Origin: https://plus.ahavta.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: connect-src *; style-src * 'unsafe-inline'; base-uri 'none'; img-src * blob: data:; object-src 'self'; font-src * data:; frame-ancestors 'self' *.sentry.io; default-src *; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com ssl.google-analytics.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=d973ce07a1403ec7ea350eed557d7a9b89d1fb0a
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 23 Sep 2023 12:37:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
age: 30
x-envoy-upstream-service-time: 248
content-length: 1217
x-xss-protection: 1; mode=block
x-served-by: getsentry-web-default-common-production-86b7b56d65-6d5wl, cache-chi-kigq8000087-CHI, cache-mia-kmia1760028-MIA
x-frame-options: deny
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
content-language: en
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
x-envoy-attempt-count: 1
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 main.a7f1df4866c222c7d6d0.bundle.js Show response
substackcdn.com/bundle/ 4 MB
1 MB 192ms
191ms Script
application/javascript 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://substackcdn.com/bundle/main.a7f1df4866c222c7d6d0.bundle.js
Requested by: Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e4bc1108142ee8fd170d46e114799187e54de1bf161ce84f2e454c8735ee476e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 23:07:36 GMT
content-encoding: br
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 48598
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-amz-expiration: expiry-date="Thu, 21 Mar 2024 00:00:00 GMT", rule-id="StaticAssetIntelligentTiering"
last-modified: Fri, 22 Sep 2023 22:56:59 GMT
server: AmazonS3
etag: W/"47ec6f25231a537bd3ec7ef544754daa"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: f4CYJhLgh63c11xxXZZIK9uMawJI0JQBNdHqX0iODX4Oy8L2JSPslQ==

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 20 KB
7 KB 313ms
69ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:32 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 80b2d6f0bafad9e9-MIA

GET
H2 200 datadog-rum-v4.js Show response
www.datadoghq-browser-agent.com/ 148 KB
47 KB 301ms
77ms Script
application/javascript 108.157.147.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Requested by: Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.147.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-147-100.mci50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7610b7c3fd4127b914862287126dfc657682504c4b9b4867bbf09c827f6ecc4e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:36:35 GMT
content-encoding: br
via: 1.1 b7dff22e6ce7543279196f1fca7bb698.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 12:49:45 GMT
server: AmazonS3
x-amz-cf-pop: MCI50-P2
age: 59
x-amz-server-side-encryption: AES256
etag: W/"da01103a2f312e516570c136bdf702b4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: jFN9J8sJeZTDOT1REj7PBXrvNPDNa41-jy4pUxLiwEUxfnPYBKq0bQ==

GET
H2 200 translations Show response
plus.ahavta.com/api/v1/i18n/ 292 KB
88 KB 125ms
124ms Fetch
application/json 2606:4700:4400::ac40:93a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://plus.ahavta.com/api/v1/i18n/translations?language=de

Requested by

Host: substackcdn.com
URL: https://substackcdn.com/bundle/main.a7f1df4866c222c7d6d0.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:93a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

c73609a4c33e0cc226c6420b97cd4d41ce9a27c05b09289e5720c39133ebbdd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/p/willkommen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:34 GMT
strict-transport-security: max-age=31536000
x-cluster: substack
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
etag: W/"49067-CD6m6Zxzsb3P5c8Z8pyigWrk/b4"
x-powered-by: Express
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-deploy: 6f9748c38d
cache-control: public, max-age=3600
cf-ray: 80b2d6fc4c6e0a2a-MIA
alt-svc: h3=":443"; ma=86400
x-served-by: Substack

GET
H2 200 firehose
plus.ahavta.com/api/v1/ 35 B
951 B 116ms
116ms Image
image/gif 2606:4700:4400::ac40:93a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://plus.ahavta.com/api/v1/firehose?_=1695472654744&d=eyJldmVudCI6IlBhZ2VzIiwicHJvcGVydGllcyI6eyJicm93c2VyU2Vzc2lvbklkIjoiaXJ2ZXZ6ZWVnaiIsImlmcmFtZVZpc2l0SWQiOmZhbHNlLCJwb3N0X2lkIjoxMTUyNDQ2MjUsInBvc3RfYXVkaWVuY2UiOiJldmVyeW9uZSIsInBvc3RfdHlwZSI6InBhZ2UifSwiY29udGV4dCI6eyJjbGllbnRfdHlwZSI6IndlYiIsImRpc3BsYXlNb2RlIjoiYnJvd3NlciIsInBhZ2UiOnsicmVmZXJyZXIiOiIiLCJ0aXRsZSI6IldpbGxrb21tZW4hIC0gYnkgUmlja2xlZiBNw7xubmljaCAtIGFoYXZ0YSAtIEJlZ2VnbnVuZ2VuIiwidXJsIjoiaHR0cHM6Ly9wbHVzLmFoYXZ0YS5jb20vcC93aWxsa29tbWVuIn0sImNhbXBhaWduIjp7fX19

Requested by

Host: plus.ahavta.com
URL: https://plus.ahavta.com/p/willkommen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:93a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/p/willkommen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:34 GMT
x-cluster: substack
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000
x-powered-by: Express
vary: Accept-Encoding
content-type: image/gif
x-deploy: 6f9748c38d
cache-control: no-cache
cf-ray: 80b2d6fc4c720a2a-MIA
alt-svc: h3=":443"; ma=86400
x-served-by: Substack

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 197 KB
72 KB 317ms
96ms Script
application/javascript 2607:f8b0:4020:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-316245675&l=localGaDataLayer

Requested by

Host: substackcdn.com
URL: https://substackcdn.com/bundle/main.a7f1df4866c222c7d6d0.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3107d98cee310364954d4435b2bf300efcfb28e217081fdd99bdc36abe079ef5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73515
x-xss-protection: 0
last-modified: Sat, 23 Sep 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 23 Sep 2023 12:37:35 GMT

POST
H2 204 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
37 B 37ms
36ms XHR
text/plain 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://plus.ahavta.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: application/json

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://plus.ahavta.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 80b2d6feefcf8dcc-MIA

GET channel-frame
substack.com/ Frame 506B 0
0

GET
H2 200 channel-frame Show response
substack.com/ Frame 6488 23 KB
7 KB 222ms
101ms Document
text/html 2606:4700:4400::ac40:9a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://substack.com/channel-frame

Requested by

Host: substackcdn.com
URL: https://substackcdn.com/bundle/main.a7f1df4866c222c7d6d0.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9a0b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7faa8f33de2588ba4dd187984b1e09cc31484f5bf3bf84c8c4233f92b171c5e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://plus.ahavta.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 80b2d6ff5d8b4c07-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 23 Sep 2023 12:37:35 GMT
etag: W/"5c62-7cE+SHKAf+y2fj638SeSgUtCzAM"
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cluster: substack
x-deploy: 6f9748c38d
x-powered-by: Express
x-served-by: Substack

GET
H2 200 https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F28bc640c-c7bc-41b3-941e-21cadad9e0e4_1280x720.jpeg
substackcdn.com/image/fetch/w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/ 41 KB
42 KB 122ms
120ms Image
image/webp 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

imgproxy / Express

Resource Hash

310224cc4f9f0700437c0ee3c5fc46c18366761ec81a804d9de39376a0b56678

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 07:28:24 GMT
content-security-policy: script-src 'none'
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 18551
x-powered-by: Express
x-cache: Hit from cloudfront
content-disposition: inline; filename="28bc640c-c7bc-41b3-941e-21cadad9e0e4_1280x720.webp"
alt-svc: h3=":443"; ma=86400
content-length: 42182
x-request-id: MQo0EvC-dF3hFuDIBIWu7
server: imgproxy
etag: "qlHU8V3NNJZpU215InPeVsn00WaLseK6OIW4Dd6ZlMo/RImNjZTIwZjNhOGFhZmZlZDYzNTYwNWU1Yjc4ZWQ4ODFkIg"
content-type: image/webp
cache-control: public, max-age=31536000
x-amz-cf-id: _G1BLDWUOFfkaF36zIAZtJMIuG-KggxMInIFeCNPzcVF7DKO1MOZRw==

GET
H2 200 https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71e0a42c-eb38-43e4-b732-3868bd54efa5_3955x2225.jpeg
substackcdn.com/image/fetch/w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/ 434 KB
435 KB 104ms
103ms Image
image/webp 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

imgproxy / Express

Resource Hash

8bf3b1ba34521bba96a462059857ef5d776256ad705b95f557d5f8261f125d7e

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 19:40:09 GMT
content-security-policy: script-src 'none'
via: 1.1 7091de94c49fb9a7aff78e2eb5b5f0ea.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 233846
x-powered-by: Express
x-cache: Hit from cloudfront
content-disposition: inline; filename="71e0a42c-eb38-43e4-b732-3868bd54efa5_3955x2225.webp"
alt-svc: h3=":443"; ma=86400
content-length: 444634
x-request-id: 0WLe5nPtwRq9NV4xE5c3W
server: imgproxy
etag: "qlHU8V3NNJZpU215InPeVsn00WaLseK6OIW4Dd6ZlMo/RIjZjNTdiMmZkOWYzMGExZTVmNzVjMWU0MmZhMzA5OTBiIg"
content-type: image/webp
cache-control: public, max-age=31536000
x-amz-cf-id: Ps0ZSlesb5nDpmaMc8JIjGBg7OR_halWq9ZnKpeMtQBYoTGbHYKDhQ==

GET
H3 200 firehose
plus.ahavta.com/api/v1/ 35 B
1 KB 103ms
102ms Image
image/gif 2606:4700:4400::ac40:93a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://plus.ahavta.com/api/v1/firehose?_=1695472655057&d=eyJldmVudCI6IlBvc3QgU2VlbiIsInByb3BlcnRpZXMiOnsiYnJvd3NlclNlc3Npb25JZCI6ImlydmV2emVlZ2oiLCJpZnJhbWVWaXNpdElkIjpmYWxzZSwicG9zdF9pZCI6MTE1MjQ0NjI1LCJwb3N0X2F1ZGllbmNlIjoiZXZlcnlvbmUiLCJwb3N0X3R5cGUiOiJwYWdlIiwiaGFzX3BheXdhbGwiOmZhbHNlLCJwb3N0X2FnZV9taW51dGVzIjoyMjk4ODQsInN1cmZhY2UiOiJwdWJsaWNhdGlvbiJ9LCJjb250ZXh0Ijp7ImNsaWVudF90eXBlIjoid2ViIiwiZGlzcGxheU1vZGUiOiJicm93c2VyIiwicGFnZSI6eyJyZWZlcnJlciI6IiIsInRpdGxlIjoiV2lsbGtvbW1lbiEgLSBieSBSaWNrbGVmIE3DvG5uaWNoIC0gYWhhdnRhIC0gQmVnZWdudW5nZW4iLCJ1cmwiOiJodHRwczovL3BsdXMuYWhhdnRhLmNvbS9wL3dpbGxrb21tZW4ifSwiY2FtcGFpZ24iOnt9fX0%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:93a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/p/willkommen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
x-cluster: substack
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000
x-powered-by: Express
vary: Accept-Encoding
content-type: image/gif
x-deploy: 6f9748c38d
cache-control: no-cache
cf-ray: 80b2d6fe8f57336a-MIA
alt-svc: h3=":443"; ma=86400
x-served-by: Substack

GET
H3 200 reactors Show response
plus.ahavta.com/api/v1/post/115244625/ 2 B
1 KB 168ms
167ms XHR
application/json 2606:4700:4400::ac40:93a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://plus.ahavta.com/api/v1/post/115244625/reactors

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:93a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/p/willkommen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
strict-transport-security: max-age=31536000
x-cluster: substack
cf-cache-status: DYNAMIC
server: cloudflare
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-powered-by: Express
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-deploy: 6f9748c38d
cache-control: no-cache
cf-ray: 80b2d6fe8f59336a-MIA
alt-svc: h3=":443"; ma=86400
content-length: 2
x-served-by: Substack

GET
H3 200 restackers Show response
plus.ahavta.com/api/v1/post/115244625/ 2 B
1 KB 117ms
116ms XHR
application/json 2606:4700:4400::ac40:93a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://plus.ahavta.com/api/v1/post/115244625/restackers

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:93a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/p/willkommen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
strict-transport-security: max-age=31536000
x-cluster: substack
cf-cache-status: DYNAMIC
server: cloudflare
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
x-powered-by: Express
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-deploy: 6f9748c38d
cache-control: no-cache
cf-ray: 80b2d6fe8f5a336a-MIA
alt-svc: h3=":443"; ma=86400
content-length: 2
x-served-by: Substack

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 241ms
36ms Preflight
text/plain 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://plus.ahavta.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://plus.ahavta.com
access-control-max-age: 86400
cf-ray: 80b2d6feaf848dcc-MIA
content-encoding: gzip
content-type: text/plain
date: Sat, 23 Sep 2023 12:37:35 GMT
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 channelFrame.d41d8cd98f00b204e980.css
substackcdn.com/bundle/theme/ Frame 6488 0
409 B 74ms
73ms Stylesheet
text/css 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://substackcdn.com/bundle/theme/channelFrame.d41d8cd98f00b204e980.css
Requested by: Host: substack.com
URL: https://substack.com/channel-frame
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 12:39:40 GMT
via: 1.1 3ce25b408212b0431973764f2829bcd2.cloudfront.net (CloudFront)
x-amz-cf-pop: MCI50-P2
age: 86289
x-amz-server-side-encryption: AES256
x-cache: L1N:Hit
alt-svc: h3=":443"; ma=86400
content-length: 0
x-amz-expiration: expiry-date="Thu, 14 Mar 2024 00:00:00 GMT", rule-id="StaticAssetIntelligentTiering"
last-modified: Fri, 15 Sep 2023 21:07:28 GMT
server: AmazonS3
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
x-amz-cf-id: eiGIq5Mxw-pH0U_kK3Wjv0jYZSDmCDg3DqZuCLAgfT4AM-hl_Mgqqg==

GET
H3 200 channelFrame.d0daff33335da99a9ce8.css
substackcdn.com/bundle/ Frame 6488 14 KB
3 KB 75ms
74ms Stylesheet
text/css 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://substackcdn.com/bundle/channelFrame.d0daff33335da99a9ce8.css
Requested by: Host: substack.com
URL: https://substack.com/channel-frame
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1ec255fc16cc5a807ac56b9be89f0487757c5ae623c3dda448939204dda1cb74

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 01:14:40 GMT
content-encoding: gzip
via: 1.1 3ce25b408212b0431973764f2829bcd2.cloudfront.net (CloudFront)
age: 40992
x-amz-cf-pop: MCI50-P2
x-amz-server-side-encryption: AES256
x-cache: L1N:Hit
alt-svc: h3=":443"; ma=86400
x-amz-expiration: expiry-date="Mon, 18 Mar 2024 00:00:00 GMT", rule-id="StaticAssetIntelligentTiering"
last-modified: Tue, 19 Sep 2023 23:08:44 GMT
server: AmazonS3
etag: W/"8a5ae0c011d750aaacef6f6264e09feb"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: ZPEhz_x-SoQiOmruLMtQwcqx4om5H9kUiHLZpf8Qyf-htytzvU21iQ==

GET
H2 200 6c2ff3e3828e4017b7faf7b63e24cdf8.min.js Show response
js.sentry-cdn.com/ Frame 6488 2 KB
1 KB 33ms
32ms Script
text/javascript 2a04:4e42:400::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.sentry-cdn.com/6c2ff3e3828e4017b7faf7b63e24cdf8.min.js

Requested by

Host: substack.com
URL: https://substack.com/channel-frame

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::729 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f2334f2d03d85a38074d80f86ac81369cf765105c41b7b17fc7229994357cb94

Security Headers

Name	Value
Content-Security-Policy	connect-src ; style-src 'unsafe-inline'; base-uri 'none'; img-src * blob: data:; object-src 'self'; font-src * data:; frame-ancestors 'self' .sentry.io; default-src ; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com ssl.google-analytics.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=d973ce07a1403ec7ea350eed557d7a9b89d1fb0a
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://substack.com/
Origin: https://substack.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: connect-src *; style-src * 'unsafe-inline'; base-uri 'none'; img-src * blob: data:; object-src 'self'; font-src * data:; frame-ancestors 'self' *.sentry.io; default-src *; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com ssl.google-analytics.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=d973ce07a1403ec7ea350eed557d7a9b89d1fb0a
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 23 Sep 2023 12:37:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
age: 33
x-envoy-upstream-service-time: 248
content-length: 1217
x-xss-protection: 1; mode=block
x-served-by: getsentry-web-default-common-production-86b7b56d65-6d5wl, cache-chi-kigq8000087-CHI, cache-mia-kmia1760028-MIA
x-frame-options: deny
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
content-language: en
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
x-envoy-attempt-count: 1
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 channelFrame.ec0929ae8f9130cbe6f2.bundle.js Show response
substackcdn.com/bundle/ Frame 6488 320 KB
99 KB 76ms
75ms Script
application/javascript 2600:9000:24f9:7800:4:b4b9:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://substackcdn.com/bundle/channelFrame.ec0929ae8f9130cbe6f2.bundle.js
Requested by: Host: substack.com
URL: https://substack.com/channel-frame
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:24f9:7800:4:b4b9:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c4c8e47c8b72db28a64b1d70da2997f44445989afc8b970f39a6a433212bc066

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 23:07:35 GMT
content-encoding: br
via: 1.1 3ce25b408212b0431973764f2829bcd2.cloudfront.net (CloudFront)
age: 48601
x-amz-cf-pop: MCI50-P2
x-amz-server-side-encryption: AES256
x-cache: L1N:Hit
alt-svc: h3=":443"; ma=86400
x-amz-expiration: expiry-date="Thu, 21 Mar 2024 00:00:00 GMT", rule-id="StaticAssetIntelligentTiering"
last-modified: Fri, 22 Sep 2023 22:56:59 GMT
server: AmazonS3
etag: W/"b54c09918e86173785e6fcd1921313ba"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: WAgwbkWTEJff7g8dVZKIpi-K9W-P2bI_tPku0EuuoN4eX2mXitMSUQ==

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ Frame 6488 20 KB
7 KB 75ms
74ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: substack.com
URL: https://substack.com/channel-frame
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 80b2d70009d7d9e9-MIA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/316245675/ 2 KB
2 KB 438ms
295ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/316245675/?random=1695472655391&cv=11&fst=1695472655391&bg=ffffff&guid=ON&async=1&gtm=45be39k2&u_w=1600&u_h=1200&url=https%3A%2F%2Fplus.ahavta.com%2Fp%2Fwillkommen&hn=www.googleadservices.com&frm=0&tiba=Willkommen!%20-%20by%20Ricklef%20M%C3%BCnnich%20-%20ahavta%20-%20Begegnungen&auid=1271776098.1695472655&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-316245675&l=localGaDataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e7e5650aefd587336ddf7edfb2334269894257f78a9fde4b136c1f9c76f5b72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Sep 2023 12:37:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1341
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 datadog-rum-v4.js Show response
www.datadoghq-browser-agent.com/ Frame 6488 148 KB
47 KB 84ms
83ms Script
application/javascript 108.157.147.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
Requested by: Host: substack.com
URL: https://substack.com/channel-frame
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.147.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-147-100.mci50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7610b7c3fd4127b914862287126dfc657682504c4b9b4867bbf09c827f6ecc4e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
content-encoding: br
via: 1.1 b7dff22e6ce7543279196f1fca7bb698.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 12:49:45 GMT
server: AmazonS3
x-amz-cf-pop: MCI50-P2
age: 1
x-amz-server-side-encryption: AES256
etag: W/"da01103a2f312e516570c136bdf702b4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: i7IS0ukmW-b22lcsceSbzLiPfkygXC-fzgudfO4EIZWM93hME0e8Wg==

GET
H2 200 firehose
substack.com/api/v1/ Frame 6488 35 B
920 B 83ms
81ms Image
image/gif 2606:4700:4400::ac40:9a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://substack.com/api/v1/firehose?_=1695472655660&d=eyJldmVudCI6IlBhZ2VzIiwicHJvcGVydGllcyI6eyJicm93c2VyU2Vzc2lvbklkIjoicHdnaWFsdGRhZiIsImlmcmFtZVZpc2l0SWQiOnsiaWQiOiJhOGRhMzEzYi0zMWE1LTRhN2MtYjY0MC00MjEzMmFhMmFmZTYiLCJ0aW1lc3RhbXAiOiIyMDIzLTA5LTIzVDEyOjM3OjM1LjY1NFoifX0sImNvbnRleHQiOnsiY2xpZW50X3R5cGUiOiJ3ZWIiLCJkaXNwbGF5TW9kZSI6ImJyb3dzZXIiLCJwYWdlIjp7InJlZmVycmVyIjoiaHR0cHM6Ly9wbHVzLmFoYXZ0YS5jb20vIiwidGl0bGUiOiIiLCJ1cmwiOiJodHRwczovL3N1YnN0YWNrLmNvbS9jaGFubmVsLWZyYW1lIn0sImNhbXBhaWduIjp7fX19

Requested by

Host: substack.com
URL: https://substack.com/channel-frame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9a0b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/channel-frame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
x-cluster: substack
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000
x-powered-by: Express
vary: Accept-Encoding
content-type: image/gif
x-deploy: 6f9748c38d
cache-control: no-cache
cf-ray: 80b2d7020fd44c07-MIA
alt-svc: h3=":443"; ma=86400
x-served-by: Substack

GET
H2 200 firehose
substack.com/api/v1/ Frame 6488 35 B
980 B 89ms
89ms Image
image/gif 2606:4700:4400::ac40:9a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://substack.com/api/v1/firehose?_=1695472655664&d=eyJldmVudCI6IkZyYW1lIE1lc3NhZ2UgU2VudCIsInByb3BlcnRpZXMiOnsiYnJvd3NlclNlc3Npb25JZCI6InB3Z2lhbHRkYWYiLCJpZnJhbWVWaXNpdElkIjp7ImlkIjoiYThkYTMxM2ItMzFhNS00YTdjLWI2NDAtNDIxMzJhYTJhZmU2IiwidGltZXN0YW1wIjoiMjAyMy0wOS0yM1QxMjozNzozNS42NTRaIn0sImhhc1VzZXJTdGF0ZSI6ZmFsc2V9LCJjb250ZXh0Ijp7ImNsaWVudF90eXBlIjoid2ViIiwiZGlzcGxheU1vZGUiOiJicm93c2VyIiwicGFnZSI6eyJyZWZlcnJlciI6Imh0dHBzOi8vcGx1cy5haGF2dGEuY29tLyIsInRpdGxlIjoiIiwidXJsIjoiaHR0cHM6Ly9zdWJzdGFjay5jb20vY2hhbm5lbC1mcmFtZSJ9LCJjYW1wYWlnbiI6e319fQ%3D%3D

Requested by

Host: substack.com
URL: https://substack.com/channel-frame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9a0b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/channel-frame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
x-cluster: substack
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000
x-powered-by: Express
vary: Accept-Encoding
content-type: image/gif
x-deploy: 6f9748c38d
cache-control: no-cache
cf-ray: 80b2d7020fd64c07-MIA
alt-svc: h3=":443"; ma=86400
x-served-by: Substack

GET
H3 200 firehose
plus.ahavta.com/api/v1/ 35 B
1 KB 110ms
109ms Image
image/gif 2606:4700:4400::ac40:93a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://plus.ahavta.com/api/v1/firehose?_=1695472655667&d=eyJldmVudCI6IkZyYW1lIE1lc3NhZ2UgSGFuZGxlZCIsInByb3BlcnRpZXMiOnsiYnJvd3NlclNlc3Npb25JZCI6ImlydmV2emVlZ2oiLCJpZnJhbWVWaXNpdElkIjpmYWxzZSwibG9nZ2VkSW5BdFN1YnN0YWNrIjpmYWxzZSwibG9nZ2VkSW5BdEN1c3RvbURvbWFpbiI6ZmFsc2UsImF0dGVtcHRSZWRpcmVjdCI6ZmFsc2V9LCJjb250ZXh0Ijp7ImNsaWVudF90eXBlIjoid2ViIiwiZGlzcGxheU1vZGUiOiJicm93c2VyIiwicGFnZSI6eyJyZWZlcnJlciI6IiIsInRpdGxlIjoiV2lsbGtvbW1lbiEgLSBieSBSaWNrbGVmIE3DvG5uaWNoIC0gYWhhdnRhIC0gQmVnZWdudW5nZW4iLCJ1cmwiOiJodHRwczovL3BsdXMuYWhhdnRhLmNvbS9wL3dpbGxrb21tZW4ifSwiY2FtcGFpZ24iOnt9fX0%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:93a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/p/willkommen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
x-cluster: substack
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000
x-powered-by: Express
vary: Accept-Encoding
content-type: image/gif
x-deploy: 6f9748c38d
cache-control: no-cache
cf-ray: 80b2d7020b98336a-MIA
alt-svc: h3=":443"; ma=86400
x-served-by: Substack

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 6488 254 KB
87 KB 99ms
98ms Script
application/javascript 2607:f8b0:4020:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TLW0DF6G5V&l=localGaDataLayer

Requested by

Host: substackcdn.com
URL: https://substackcdn.com/bundle/channelFrame.ec0929ae8f9130cbe6f2.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

187179b3ad6819530f63d10c0a6ed480a746224b5684260fb5caf026af67a61a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88951
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 23 Sep 2023 12:37:35 GMT

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 34ms
33ms Preflight
text/plain 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://substack.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://substack.com
access-control-max-age: 86400
cf-ray: 80b2d7029ca08dcc-MIA
content-encoding: gzip
content-type: text/plain
date: Sat, 23 Sep 2023 12:37:35 GMT
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 204 rum Show response
cloudflareinsights.com/cdn-cgi/ Frame 6488 0
37 B 34ms
33ms XHR
text/plain 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://substack.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: application/json

Response headers

date: Sat, 23 Sep 2023 12:37:35 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://substack.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 80b2d702ccd28dcc-MIA

GET
H2 200 /
www.google.com/pagead/1p-user-list/316245675/ 42 B
455 B 255ms
98ms Image
image/gif 2607:f8b0:4020:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/316245675/?random=1695472655391&cv=11&fst=1695470400000&bg=ffffff&guid=ON&async=1&gtm=45be39k2&u_w=1600&u_h=1200&url=https%3A%2F%2Fplus.ahavta.com%2Fp%2Fwillkommen&frm=0&tiba=Willkommen!%20-%20by%20Ricklef%20M%C3%BCnnich%20-%20ahavta%20-%20Begegnungen&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=49744934&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://plus.ahavta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Sep 2023 12:37:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 6488 197 KB
72 KB 94ms
94ms Script
application/javascript 2607:f8b0:4020:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-316245675&l=localGaDataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TLW0DF6G5V&l=localGaDataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d6c98b389501bfdaad7c2962881ff6e137bcc3f5de6dfa16b6d445df311c7afb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 12:37:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73508
x-xss-protection: 0
last-modified: Sat, 23 Sep 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 23 Sep 2023 12:37:36 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/316245675/ Frame 6488 2 KB
2 KB 249ms
248ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/316245675/?random=1695472656184&cv=11&fst=1695472656184&bg=ffffff&guid=ON&async=1&gtm=45be39k2&u_w=1600&u_h=1200&url=https%3A%2F%2Fsubstack.com%2Fchannel-frame&ref=https%3A%2F%2Fplus.ahavta.com%2F&hn=www.googleadservices.com&frm=2&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-316245675&l=localGaDataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad27fc4ce7e595daeda492fbac0b74cab9e20b8db330e569d9510232359f96e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Sep 2023 12:37:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/316245675/ Frame 6488 42 B
108 B 100ms
99ms Image
image/gif 2607:f8b0:4020:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/316245675/?random=1695472656184&cv=11&fst=1695470400000&bg=ffffff&guid=ON&async=1&gtm=45be39k2&u_w=1600&u_h=1200&url=https%3A%2F%2Fsubstack.com%2Fchannel-frame&ref=https%3A%2F%2Fplus.ahavta.com%2F&frm=2&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3587306495&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://substack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Sep 2023 12:37:36 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: substack.com
URL: https://substack.com/channel-frame

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.plus.ahavta.com/	1970-01-20 14:57:54	Name: __cf_bm Value: WR4hmdvyRVFqi2r4tp5HvjVClwxLnGek90qxI_2hlG4-1695472652-0-AQ/7SioCDoeyapzMquJaEszHMo9YiNmnARBpRIXdjn6XonN+G/1dXnwYYK3dm1WH0jqp+Xs53aRGiD7LjYIEL+s=
plus.ahavta.com/	1970-01-20 23:43:28	Name: ajs_anonymous_id Value: %22070e4107-8f46-4fe0-9f38-42d1e7131024%22
.plus.ahavta.com/	1970-01-20 23:43:28	Name: ajs_anonymous_id Value: %22070e4107-8f46-4fe0-9f38-42d1e7131024%22
.plus.ahavta.com/	1970-01-20 14:57:54	Name: visit_id Value: %7B%22id%22%3A%226bb3832c-efc3-4d00-8413-45471a48c8e1%22%2C%22timestamp%22%3A%222023-09-23T12%3A37%3A34.829Z%22%7D
.plus.ahavta.com/	1970-01-20 23:43:28	Name: ab_testing_id Value: %22bb455f23-59ce-49f5-a05c-9625c54c88f9%22
.substack.com/	1970-01-20 14:57:54	Name: __cf_bm Value: N8fCXQcTHZ6B8Hpm..BflJ42GoCbUwv.QSJLj2gYn6A-1695472655-0-AfCY0KtiMO5bGdxLnZLMB3uFjEIrwjhXRNp0aJJ4ClW6ex6Sf7LGXgSEVivTelwq8y0oingsa7DInwvoR94mCEc=
.ahavta.com/	1970-01-20 17:07:28	Name: _gcl_au Value: 1.1.1271776098.1695472655
substack.com/	1970-01-20 15:07:57	Name: AWSALBTGCORS Value: hufSNC9HD/fyAdA0QhUeMxECubzmKEEpZ9eFR2Ke1GvZj8CxK6cW5YZp2A/31NK2Z0fP+s6xjVBiehEiafJWshpxyhcFj84KDbSlm3czyP9aIJHppEF9hj+yivm/APDb6/A8t7g5sJd1keBXhVxb00eowNngd9j2kvXYHWBoWJGm
plus.ahavta.com/	1970-01-20 15:07:57	Name: AWSALBTG Value: CAGv2AeklnfynsJFQslXsW9VOAjGiE0RetSXh8/tjppwCDfxoEUspTfJgwGL+L68k3s8LP0PHbYn0fArL7t7wi5aY946Y0V8N8ywpgwXnQD6+b46qe8qzuujb5OIPs4oAAJZ5NKqGaR3kOzMnDr1uqJsDUUJ8Q6occLoCJgnWxNJ
plus.ahavta.com/	1970-01-20 15:07:57	Name: AWSALBTGCORS Value: CAGv2AeklnfynsJFQslXsW9VOAjGiE0RetSXh8/tjppwCDfxoEUspTfJgwGL+L68k3s8LP0PHbYn0fArL7t7wi5aY946Y0V8N8ywpgwXnQD6+b46qe8qzuujb5OIPs4oAAJZ5NKqGaR3kOzMnDr1uqJsDUUJ8Q6occLoCJgnWxNJ
.doubleclick.net/	1970-01-21 00:33:52	Name: IDE Value: AHWqTUnPRpDesK2Z3bT7uGsToMP13HHyFSAjQALDORW_0bjborZLpWR615KYdZtz
plus.ahavta.com/	1970-01-20 14:57:53	Name: _dd_s Value: rum=0&expire=1695473554899

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ahavta.com
cloudflareinsights.com
fonts.gstatic.com
googleads.g.doubleclick.net
js.sentry-cdn.com
plus.ahavta.com
static.cloudflareinsights.com
substack.com
substackcdn.com
www.datadoghq-browser-agent.com
www.google.com
www.googletagmanager.com
substack.com
108.157.147.100
2600:9000:24f9:7800:4:b4b9:d3c0:93a1
2606:4700:4400::ac40:93a9
2606:4700:4400::ac40:9a0b
2606:4700::6810:3865
2607:f8b0:4006:81c::2002
2607:f8b0:4020:806::2003
2607:f8b0:4020:806::2008
2607:f8b0:4020:807::2004
2a04:4e42:400::729
2a0c:5f00:1:11f::
187179b3ad6819530f63d10c0a6ed480a746224b5684260fb5caf026af67a61a
1ec255fc16cc5a807ac56b9be89f0487757c5ae623c3dda448939204dda1cb74
310224cc4f9f0700437c0ee3c5fc46c18366761ec81a804d9de39376a0b56678
3107d98cee310364954d4435b2bf300efcfb28e217081fdd99bdc36abe079ef5
35da1bf6d3deecd091e6a29886c2499f1b784e5b361493ad966f130871155c9b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
72471a51ae7ffc4af3155280bce2974d8cd2d018d757c3ca45745868f3467268
7610b7c3fd4127b914862287126dfc657682504c4b9b4867bbf09c827f6ecc4e
7faa8f33de2588ba4dd187984b1e09cc31484f5bf3bf84c8c4233f92b171c5e8
8bf3b1ba34521bba96a462059857ef5d776256ad705b95f557d5f8261f125d7e
98878e9bb1bb00673a4a23c525e47bf01b3dfad7cfa58ad2e95fc6bd4adc79ba
9e7e5650aefd587336ddf7edfb2334269894257f78a9fde4b136c1f9c76f5b72
a6b3ea835029589e60b692b2f903ea241203345c8a626b9878886cf5d2e8d5ab
ad27fc4ce7e595daeda492fbac0b74cab9e20b8db330e569d9510232359f96e8
ba4c6230e6bb8adb721f3e18d7c46c266ec2af53e6e91b0305429e23ff487eef
c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391
c4c8e47c8b72db28a64b1d70da2997f44445989afc8b970f39a6a433212bc066
c73609a4c33e0cc226c6420b97cd4d41ce9a27c05b09289e5720c39133ebbdd6
d6c98b389501bfdaad7c2962881ff6e137bcc3f5de6dfa16b6d445df311c7afb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bc1108142ee8fd170d46e114799187e54de1bf161ce84f2e454c8735ee476e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2334f2d03d85a38074d80f86ac81369cf765105c41b7b17fc7229994357cb94
f28c27180119dc2352b86c74e0bfb14786e27463e9a7c8d79c7853b94f83fc84
fcb700717f29caf313d04a8addbc424b332310400da5390d97a1df9140919637

plus.ahavta.com Open in urlscan Pro 2606:4700:4400::ac40:93a9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

42 Requests

98 %HTTPS

91 %IPv6

10 Domains

12 Subdomains

11 IPs

4 Countries

2711 kBTransfer

7445 kBSize

12 Cookies

9 Outgoing links

Page URL History

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

plus.ahavta.com Open in urlscan Pro
2606:4700:4400::ac40:93a9 Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

98 %
HTTPS

91 %
IPv6

10
Domains

12
Subdomains

11
IPs

4
Countries

2711 kB
Transfer

7445 kB
Size

12
Cookies

42 HTTP transactions
0 data transactions