urlscan.io logo urlscan.io
SecurityTrails logo

check.xtrapension.com Open in urlscan Pro
69.48.185.156  Public Scan

Go To Rescan Add Verdict Report
URL: https://check.xtrapension.com/
Submission: On September 23 via api from EE — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 22 IPs in 2 countries across 16 domains to perform 39 HTTP transactions. The main IP is 69.48.185.156, located in United States and belongs to A2HOSTING, US. The main domain is check.xtrapension.com.
TLS certificate: Issued by R10 on August 3rd 2024. Valid for: 3 months.
This is the only time check.xtrapension.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 69.48.185.156 55293 (A2HOSTING)
1 142.250.65.202 15169 (GOOGLE)
4 6 104.17.245.203 13335 (CLOUDFLAR...)
3 142.251.40.136 15169 (GOOGLE)
2 13.107.253.40 8075 (MICROSOFT...)
1 104.18.34.201 13335 (CLOUDFLAR...)
1 104.18.160.117 13335 (CLOUDFLAR...)
1 23.200.3.12 20940 (AKAMAI-ASN1)
2 157.240.241.1 32934 (FACEBOOK)
1 45.55.99.106 14061 (DIGITALOC...)
1 18.238.55.88 16509 (AMAZON-02)
2 52.152.143.207 8075 (MICROSOFT...)
2 5 13.107.42.14 8068 (MICROSOFT...)
1 1 104.18.41.41 13335 (CLOUDFLAR...)
1 142.250.65.238 15169 (GOOGLE)
1 142.250.176.194 15169 (GOOGLE)
1 142.250.72.98 15169 (GOOGLE)
1 138.197.60.79 14061 (DIGITALOC...)
2 31.13.71.36 32934 (FACEBOOK)
1 142.250.80.36 15169 (GOOGLE)
1 142.251.32.99 15169 (GOOGLE)
1 2 20.110.205.119 8075 (MICROSOFT...)
1 1 13.107.21.237 8068 (MICROSOFT...)
39 22
9    69.48.185.156 (United States)

ASN55293 (A2HOSTING, US)
PTR: server.tinderpoint.com
check.xtrapension.com
1    142.250.65.202 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f10.1e100.net
fonts.googleapis.com
6    104.17.245.203 (None, )

ASN13335 (CLOUDFLARENET, US)
unpkg.com
3    142.251.40.136 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f8.1e100.net
www.googletagmanager.com
2    13.107.253.40 (Redmond, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    104.18.34.201 (None, )

ASN13335 (CLOUDFLARENET, US)
assets.website-files.com
1    104.18.160.117 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.prod.website-files.com
1    23.200.3.12 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-3-12.deploy.static.akamaitechnologies.com
snap.licdn.com
2    157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net
connect.facebook.net
1    45.55.99.106 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
i.kissmetrics.io
1    18.238.55.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-88.jfk52.r.cloudfront.net
scripts.kissmetrics.io
2    52.152.143.207 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
o.clarity.ms
5    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    104.18.41.41 (None, )

ASN13335 (CLOUDFLARENET, US)
www.linkedin.com
1    142.250.65.238 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f14.1e100.net
www.google-analytics.com
1    142.250.176.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net
googleads.g.doubleclick.net
1    142.250.72.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net
td.doubleclick.net
1    138.197.60.79 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
trk.kissmetrics.io
2    31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com
www.facebook.com
1    142.250.80.36 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f4.1e100.net
www.google.com
1    142.251.32.99 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f3.1e100.net
www.google.ca
2    20.110.205.119 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    13.107.21.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
Apex Domain
Subdomains		 Transfer
9 xtrapension.com
check.xtrapension.com
641 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 330
www.linkedin.com — Cisco Umbrella Rank: 655
3 KB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 674
o.clarity.ms — Cisco Umbrella Rank: 9620
c.clarity.ms — Cisco Umbrella Rank: 1338
29 KB
6 unpkg.com
unpkg.com — Cisco Umbrella Rank: 803
22 KB
3 kissmetrics.io
i.kissmetrics.io — Cisco Umbrella Rank: 100498
scripts.kissmetrics.io — Cisco Umbrella Rank: 83844
trk.kissmetrics.io — Cisco Umbrella Rank: 75932
27 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
295 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 109
3 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 44
td.doubleclick.net — Cisco Umbrella Rank: 189
2 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 187
72 KB
2 website-files.com
assets.website-files.com — Cisco Umbrella Rank: 31124 Failed
cdn.prod.website-files.com — Cisco Umbrella Rank: 6224
4 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 223
772 B
1 google.ca
www.google.ca — Cisco Umbrella Rank: 11546
64 B
1 google.com
www.google.com — Cisco Umbrella Rank: 3
64 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 795
14 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32
981 B
39 16
Domain Requested by
9 check.xtrapension.com check.xtrapension.com
6 unpkg.com 4 redirects check.xtrapension.com
5 px.ads.linkedin.com 2 redirects snap.licdn.com
check.xtrapension.com
3 www.googletagmanager.com check.xtrapension.com
www.googletagmanager.com
2 c.clarity.ms 1 redirects
2 www.facebook.com check.xtrapension.com
2 o.clarity.ms www.clarity.ms
2 connect.facebook.net www.googletagmanager.com
connect.facebook.net
2 www.clarity.ms check.xtrapension.com
www.clarity.ms
1 c.bing.com 1 redirects
1 www.google.ca check.xtrapension.com
1 www.google.com check.xtrapension.com
1 trk.kissmetrics.io scripts.kissmetrics.io
1 td.doubleclick.net www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 www.google-analytics.com www.googletagmanager.com
1 www.linkedin.com 1 redirects
1 scripts.kissmetrics.io check.xtrapension.com
1 i.kissmetrics.io check.xtrapension.com
1 snap.licdn.com www.googletagmanager.com
1 cdn.prod.website-files.com check.xtrapension.com
1 assets.website-files.com check.xtrapension.com
1 fonts.googleapis.com check.xtrapension.com
39 23

This site contains links to these domains. Also see Links.

Domain
www.xtrapension.com
api.whatsapp.com
Subject Issuer Validity Valid
check.xtrapension.com
R10		 2024-08-03 -
2024-11-01		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2024-09-04 -
2025-09-04		 a year crt.sh
website-files.com
WE1		 2024-09-11 -
2024-12-10		 3 months crt.sh
prod.website-files.com
WE1		 2024-08-23 -
2024-11-21		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-07-02 -
2024-09-30		 3 months crt.sh
*.kissmetrics.io
Sectigo RSA Domain Validation Secure Server CA		 2023-12-05 -
2024-11-09		 a year crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08		 2024-06-23 -
2025-06-18		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-09-11 -
2025-03-11		 6 months crt.sh
*.g.doubleclick.net
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.doubleclick.net
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google.ca
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://check.xtrapension.com/
Frame ID: 5E00034A47784B97F4588BC81633DBA9
Requests: 38 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11386504429?random=1727090139383&cv=11&fst=1727090139383&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49j0v9169218250z89122449287za201zb9122449287&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcheck.xtrapension.com%2F&hn=www.googleadservices.com&frm=0&tiba=Quickly%20See%20if%20You%20Qualify&npa=0&pscdl=noapi&auid=2023785282.1727090139&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 5A7E3DFBAEC2D1B9AD24B2E6734FC9AF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Quickly See if You Qualify

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

87 %
HTTPS

0 %
IPv6

16
Domains

23
Subdomains

22
IPs

2
Countries

1110 kB
Transfer

1988 kB
Size

26
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://unpkg.com/popper.js@1 HTTP 302
  • https://unpkg.com/popper.js@1.16.1 HTTP 302
  • https://unpkg.com/popper.js@1.16.1/dist/umd/popper.min.js
Request Chain 7
  • https://unpkg.com/tippy.js@4 HTTP 302
  • https://unpkg.com/tippy.js@4.3.5 HTTP 302
  • https://unpkg.com/tippy.js@4.3.5/umd/index.all.min.js
Request Chain 25
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5407794%26time%3D1727090139288%26li_adsId%3D36453824-045b-41b3-9ea3-65c49ee05e86%26url%3Dhttps%253A%252F%252Fcheck.xtrapension.com%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F&cookiesTest=true&liSync=true
Request Chain 35
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9A7EEAD07F954FF5A4E943D261ACCBE2&RedC=c.clarity.ms&MXFR=2F1B4D49CB2E6C0712FB584ACF2E6294 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9A7EEAD07F954FF5A4E943D261ACCBE2&MUID=2398D466648C600F1565C16565A661C4

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
check.xtrapension.com/ 		116 KB
116 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
32bab1a8e0405a7f9fd9da3da5c770bb79f88203a2b27abdd98c53af23180605
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-length
118394
content-type
text/html
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Wed, 10 Jul 2024 10:48:17 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
css2
fonts.googleapis.com/ 		2 KB
981 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat&display=swap
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.202 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f10.1e100.net
Software
ESF /
Resource Hash
1e37b616b4dfba2c95070068b1f9811becb1f042c5eb0199ed38dcfd1f0960cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 23 Sep 2024 11:15:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
text/css; charset=utf-8
last-modified
Mon, 23 Sep 2024 10:17:28 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
style.css
check.xtrapension.com/ 		15 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://check.xtrapension.com/style.css
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
c284678335ebf6256e98980411fe1727fec2d973c525da5202ba5e480ee17b28
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
15128
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Wed, 10 Jul 2024 10:39:09 GMT
content-type
text/css
server
Apache
x-frame-options
SAMEORIGIN
xtrapensionlogo.png
check.xtrapension.com/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://check.xtrapension.com/xtrapensionlogo.png
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
e0fd724dfd27bc130b1b433f37c8f8f0ca823c8bcc4ace53b9ca9510c3eb2748
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
13261
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Mon, 05 Feb 2024 23:57:36 GMT
content-type
image/png
server
Apache
x-frame-options
SAMEORIGIN
badge-Agent-Logo-p-500.png
check.xtrapension.com/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://check.xtrapension.com/badge-Agent-Logo-p-500.png
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
a03ca906f80a859ec0e63b7dbc9ace2b46866fff7c21b6bc415488e093f2ffae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
12190
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Mon, 05 Feb 2024 23:57:19 GMT
content-type
image/png
server
Apache
x-frame-options
SAMEORIGIN
jquery-3.6.0.min.js
check.xtrapension.com/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://check.xtrapension.com/jquery-3.6.0.min.js
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
89501
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Mon, 05 Feb 2024 23:57:30 GMT
content-type
text/javascript
server
Apache
x-frame-options
SAMEORIGIN
script.js
check.xtrapension.com/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://check.xtrapension.com/script.js
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
e5623532ccab5772cfb35bae8ff5ff7f3568feb517e65946f419073c741b1fcf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
6707
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Thu, 09 May 2024 02:03:53 GMT
content-type
text/javascript
server
Apache
x-frame-options
SAMEORIGIN
popper.min.js
unpkg.com/popper.js@1.16.1/dist/umd/
Redirect Chain
  • https://unpkg.com/popper.js@1
  • https://unpkg.com/popper.js@1.16.1
  • https://unpkg.com/popper.js@1.16.1/dist/umd/popper.min.js
21 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/popper.js@1.16.1/dist/umd/popper.min.js
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Server
104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
age
17942469
x-content-type-options
nosniff
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 22 Jan 2020 15:27:18 GMT
fly-request-id
01HQRJ7GYGJX2BS6H3T77GJBT3-yyz
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
via
1.1 fly.io
cf-ray
8c7a1e38a8b039e4-YYZ
access-control-allow-origin
*
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
location
/popper.js@1.16.1/dist/umd/popper.min.js
content-encoding
br
cf-cache-status
HIT
age
12621172
x-content-type-options
nosniff
via
1.1 fly.io
cf-ray
8c7a1e38584e39e4-YYZ
access-control-allow-origin
*
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
text/plain; charset=utf-8
vary
Accept, Accept-Encoding
fly-request-id
01HWQ50M76P7ZDE68BM2EXPTTX-yyz
server
cloudflare
index.all.min.js
unpkg.com/tippy.js@4.3.5/umd/
Redirect Chain
  • https://unpkg.com/tippy.js@4
  • https://unpkg.com/tippy.js@4.3.5
  • https://unpkg.com/tippy.js@4.3.5/umd/index.all.min.js
30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/tippy.js@4.3.5/umd/index.all.min.js
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Server
104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
761ac9d90db974fe969731353e89c350db7134b20551c44892150751f15736c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
"787f-TFBIfsiIFmj3IvDUepEcN9xV7s4"
age
10835116
x-content-type-options
nosniff
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HYCCAPH0DM8267QR0BENE2Y7-yyz
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
via
1.1 fly.io
cf-ray
8c7a1e38a8b139e4-YYZ
access-control-allow-origin
*
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
location
/tippy.js@4.3.5/umd/index.all.min.js
content-encoding
br
cf-cache-status
HIT
age
12621200
x-content-type-options
nosniff
via
1.1 fly.io
cf-ray
8c7a1e38585039e4-YYZ
access-control-allow-origin
*
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
text/plain; charset=utf-8
vary
Accept, Accept-Encoding
fly-request-id
01HWQ4ZRND1BBC8KVEGF95PE6H-yyz
server
cloudflare
gtm.js
www.googletagmanager.com/ 		281 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JVWMLL
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.136 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
04e5f0451440427ceae95de9ba2399bcdeac5441780a21a7a3571ce1528ea410
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
br
expires
Mon, 23 Sep 2024 11:15:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 23 Sep 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
99981
x-xss-protection
0
server
Google Tag Manager
n4kll5sp2v
www.clarity.ms/tag/ 		637 B
1002 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/n4kll5sp2v
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.253.40 Redmond, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
31f2beed84e0978af94d723c573616da560023b304370dbb19052ed4cce500f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

cache-control
no-cache, no-store
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
expires
-1
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
637
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
application/x-javascript
x-azure-ref
20240923T111538Z-1778b569c75twlc7vw9n0h7pec00000004u0000000000vga
648c453%E2%80%A6_white.jpg
assets.website-files.com/646b3f1%E2%80%A6/ 		0
0
65040f3f33a7ec85a9c471b2_send.png
assets.website-files.com/646b3f12df737f5a46034de5/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.website-files.com/646b3f12df737f5a46034de5/65040f3f33a7ec85a9c471b2_send.png
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.34.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfa20ce660b621ac0c8b781e44ac0adffebcbb5b02cc1497164fbcd7bfb939c7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

cf-cache-status
HIT
etag
"cbcef2a53d52e7774f5b2603c0d1a829"
x-amz-version-id
YYDBmLxd2ZozkR8RWulhjklRT5ZMJyJt
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
image/png
last-modified
Fri, 15 Sep 2023 08:01:05 GMT
vary
Accept-Encoding
x-amz-id-2
OiZybRXWvXE7yMyMdDB0mAXYISCmEaUFu+jKL/72gT0Ep+zm9NV4cCbXaVn+0ndWLamHVEV6Rrw=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
AZJZVCWDPF8JH2M4
cf-ray
8c7a1e3819daac26-YYZ
accept-ranges
bytes
access-control-allow-origin
*
content-length
2148
server
cloudflare
x-amz-server-side-encryption
AES256
Montserrat-Regular.ttf
check.xtrapension.com/fonts/ 		193 KB
194 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://check.xtrapension.com/fonts/Montserrat-Regular.ttf
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
dcfe8df29e553fbd655212f94300cb1e704c6cd147fa7a98cb4bcd9eb92c6707
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://check.xtrapension.com
Referer
https://check.xtrapension.com/style.css

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
197976
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Mon, 05 Feb 2024 23:58:54 GMT
content-type
font/ttf
server
Apache
x-frame-options
SAMEORIGIN
Montserrat-Bold.ttf
check.xtrapension.com/fonts/ 		193 KB
194 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://check.xtrapension.com/fonts/Montserrat-Bold.ttf
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
189aeb285be99f0b58e454dd2dc3cbf34a6db844a9ef26ebc5909178ff77c5be
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://check.xtrapension.com
Referer
https://check.xtrapension.com/style.css

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
198072
date
Mon, 23 Sep 2024 11:15:38 GMT
last-modified
Mon, 05 Feb 2024 23:58:43 GMT
content-type
font/ttf
server
Apache
x-frame-options
SAMEORIGIN
667be84fd046d39798d1307f_whatsapp.svg
cdn.prod.website-files.com/646b3f12df737f5a46034de5/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.website-files.com/646b3f12df737f5a46034de5/667be84fd046d39798d1307f_whatsapp.svg
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
551b4bdf4227a99d4d0c9cab741d23f5d40f7c24449670b47a897b1cad34766d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

x-amz-id-2
V3qef/t2iWffb/Pvq/PVR1YKckLvP4zOgZtOg0Weso07wN4CaRLiLUPLe1ckUKz7HW6l4pJXK/g=
cache-control
max-age=31536000, must-revalidate
content-encoding
br
cf-cache-status
HIT
etag
W/"fc069b1e289d15be66c97c7ebe34b478"
x-amz-version-id
_QOxZsiVPJLfjAzX114zN7_2T0J36HEw
x-amz-request-id
YCC37G8VG621ZVCB
cf-ray
8c7a1e38295e39c3-YYZ
access-control-allow-origin
*
date
Mon, 23 Sep 2024 11:15:38 GMT
content-type
image/svg+xml
last-modified
Wed, 26 Jun 2024 10:07:12 GMT
vary
Accept-Encoding
server
cloudflare
x-amz-server-side-encryption
AES256
clarity.js
www.clarity.ms/s/0.7.47/ 		64 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.47/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/n4kll5sp2v
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.253.40 Redmond, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

x-azure-ref
20240923T111539Z-1778b569c75twlc7vw9n0h7pec00000004u0000000000vgb
cache-control
public, max-age=86400
x-ms-version
2018-03-28
content-encoding
br
etag
W/"0x8DCDB1C79EFD18C"
x-fd-int-roxy-purgeid
51562430
x-ms-request-id
447327d1-601e-0050-4749-0dec8b000000
access-control-allow-origin
*
x-cache
TCP_HIT
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
last-modified
Sun, 22 Sep 2024 15:37:33 GMT
js
www.googletagmanager.com/gtag/ 		316 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-N8ZQ4HL517&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JVWMLL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.136 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
a29b79af8115207711b00032c673df5790731d9ff8aa45b495f836c898dbbb3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
br
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Mon, 23 Sep 2024 11:15:39 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
107302
date
Mon, 23 Sep 2024 11:15:39 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
destination
www.googletagmanager.com/gtag/ 		265 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-11386504429&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JVWMLL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.136 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
c4bc09fffbba2af7e10a1cf933ef6c7a1301ee3c27cce271fe2c0728be02441a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
br
expires
Mon, 23 Sep 2024 11:15:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 23 Sep 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
93801
x-xss-protection
0
server
Google Tag Manager
insight.min.js
snap.licdn.com/li.lms-analytics/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JVWMLL
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.200.3.12 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-200-3-12.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

cache-control
max-age=66583
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Mon, 23 Sep 2024 11:15:39 GMT
last-modified
Thu, 22 Aug 2024 11:06:54 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
fbevents.js
connect.facebook.net/en_US/ 		225 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JVWMLL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
edge-control
cache-maxage=10m
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=36, rtx=0, c=23, mss=1232, tbw=4442, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
nAfYXN4hSEI9/suv+3mufMUiv41tjCHwMR7ihqPrYbnFudPpLapVP5yeh15WS3g3U40ZiEpvO7MsU7KQcLlqBw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
58953
x-xss-protection
0
i.js
i.kissmetrics.io/ 		39 B
320 B 		Script
General
Check archive.org
Download Go to
Full URL
https://i.kissmetrics.io/i.js
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.55.99.106 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
2bc18c5e40b439c202bfa5d0a973c2a8c30ccdb6a83c85c5d0b55cd2abcad8b9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

expires
Wed, 23 Oct 2024 11:15:39 GMT
cache-control
max-age=2592000
content-length
39
p3p
CP="NOI CURa ADMa DEVa TAIa OUR IND UNI NAV INT"
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
application/javascript,application/x-javascript
server
nginx
2de8577b8cecfea9c8a12abce4605fd83f8d23cb.2.js
scripts.kissmetrics.io/ 		26 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scripts.kissmetrics.io/2de8577b8cecfea9c8a12abce4605fd83f8d23cb.2.js
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.55.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-55-88.jfk52.r.cloudfront.net
Software
nginx/1.22.0 (Ubuntu) /
Resource Hash
2f046ec0ea203040874ae7a3e044f21b6cb81f253b4e61b2adfd35930e7bbaa8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=60
etag
"e0ffc0303e77527ea759fdca087e0a00"
age
6
via
1.1 4416a31c9d77f8f8b877d81f840c88c8.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
p3p
CP="NOI CURa ADMa DEVa TAIa OUR IND UNI NAV INT"
x-amz-cf-id
1C5Rf__RppWzi5BTWneepBaYQOgbDZ4owdl0UKKlaeGnLZs4BZyo5A==
date
Mon, 23 Sep 2024 11:15:33 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Thu, 09 Nov 2023 13:56:13 GMT
server
nginx/1.22.0 (Ubuntu)
x-amz-cf-pop
JFK52-P4
x-amz-server-side-encryption
AES256
collect
o.clarity.ms/ 		0
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://o.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://check.xtrapension.com/

Response headers

Request-Context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
Access-Control-Allow-Origin
https://check.xtrapension.com
Date
Mon, 23 Sep 2024 11:15:39 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
1430399120851400
connect.facebook.net/signals/config/ 		67 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1430399120851400?v=2.9.167&r=stable&domain=check.xtrapension.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
b0bae93c534cd999e73ffafb9ad1d14fe3466768bd1544c090177261eeccc9d2
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
edge-control
cache-maxage=10m
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=34, rtx=0, c=74, mss=1232, tbw=67112, tp=63, tpl=0, uplat=78, ullat=0
pragma
public
x-fb-debug
3B98etjNxiQRHmqCNEPco9sfzFdkcQtwOZ/OjztS4zBYdsuoGl8Clz7wba9A1SEkMO4kin9rcGGH8oCNSnmwjA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
attribution_trigger
px.ads.linkedin.com/ 		2 B
764 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=5407794&time=1727090139288&url=https%3A%2F%2Fcheck.xtrapension.com%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Referer
https://check.xtrapension.com/

Response headers

x-li-pop
afd-prod-ltx1-x
content-encoding
gzip
x-fs-uuid
000622c782412cd47538ac4e40f972b0
x-msedge-ref
Ref A: 38D15E71463B4999AFCBC413ADB29583 Ref B: YTO01EDGE0717 Ref C: 2024-09-23T11:15:39Z
x-li-fabric
prod-ltx1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYix4JBLNR1OKxOQPlysA==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
application/json
access-control-allow-headers
*
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5407794%26time%3D1727090139288%26li_adsId%3D36453824-045b-41b3-9ea3-65c49ee05e86%...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F&cookiesTest=true&liSync=true
0
162 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F&cookiesTest=true&liSync=true
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 64BFD44751BA46CF91C144802D123F64 Ref B: YTO01EDGE0806 Ref C: 2024-09-23T11:15:39Z
x-li-fabric
prod-lva1
x-li-uuid
AAYix4JFv5p4lpoKa9v7sA==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
cf-cache-status
DYNAMIC
x-li-fabric
prod-lva1
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto
http/2
date
Mon, 23 Sep 2024 11:15:39 GMT
x-frame-options
sameorigin
strict-transport-security
max-age=31536000
x-li-pop
cf-prod-lva1-x
content-security-policy
frame-ancestors 'self'
cache-control
no-cache, no-store
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5407794&time=1727090139288&li_adsId=36453824-045b-41b3-9ea3-65c49ee05e86&url=https%3A%2F%2Fcheck.xtrapension.com%2F&cookiesTest=true&liSync=true
pragma
no-cache
cf-ray
8c7a1e3cba7c548b-YYZ
x-li-uuid
AAYix4JE7WU7xJbruSv85w==
content-length
0
server
cloudflare
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-N8ZQ4HL517&gtm=45je49j0v9169179858z89122449287za200zb9122449287&_p=1727090138840&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=773106943.1727090139&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1727090139&sct=1&seg=0&dl=https%3A%2F%2Fcheck.xtrapension.com%2F&dt=Quickly%20See%20if%20You%20Qualify&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1178
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N8ZQ4HL517&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.238 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f14.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://check.xtrapension.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
text/plain
server
Golfe2
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11386504429/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11386504429/?random=1727090139383&cv=11&fst=1727090139383&bg=ffffff&guid=ON&async=1&gtm=45be49j0v9169218250z89122449287za201zb9122449287&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcheck.xtrapension.com%2F&hn=www.googleadservices.com&frm=0&tiba=Quickly%20See%20if%20You%20Qualify&npa=0&pscdl=noapi&auid=2023785282.1727090139&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-11386504429&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.176.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f2.1e100.net
Software
cafe /
Resource Hash
b63fd75a9b71b08bcbf4b14ef13254a0ff567d82af577ae5311374a0c70123fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2315
date
Mon, 23 Sep 2024 11:15:39 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
11386504429
td.doubleclick.net/td/rul/ Frame 5A7E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/11386504429?random=1727090139383&cv=11&fst=1727090139383&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49j0v9169218250z89122449287za201zb9122449287&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcheck.xtrapension.com%2F&hn=www.googleadservices.com&frm=0&tiba=Quickly%20See%20if%20You%20Qualify&npa=0&pscdl=noapi&auid=2023785282.1727090139&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-11386504429&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://check.xtrapension.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 23 Sep 2024 11:15:39 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
e
trk.kissmetrics.io/ 		43 B
352 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://trk.kissmetrics.io/e
Requested by
Host: scripts.kissmetrics.io
URL: https://scripts.kissmetrics.io/2de8577b8cecfea9c8a12abce4605fd83f8d23cb.2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.60.79 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://check.xtrapension.com/

Response headers

cache-control
no-cache
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 23 Sep 2024 11:15:38 GMT
access-control-allow-origin
*
content-length
43
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
image/gif
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
nginx
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1430399120851400&ev=PageView&dl=https%3A%2F%2Fcheck.xtrapension.com&rl=&if=false&ts=1727090139467&sw=1600&sh=1200&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4124&fbp=fb.1.1727090139464.90772756585737927&pm=1&hrl=b172a0&ler=empty&cdl=API_unavailable&it=1727090139280&coo=false&tm=1&cs_cc=1&cas=8000807703321665%2C8514677518594892%2C7415539028543682%2C7301028413242975%2C5403761613081698%2C6715155258592583&rqm=GET
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-lga3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=35, rtx=0, c=10, mss=1316, tbw=2843, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1430399120851400&ev=PageView&dl=https%3A%2F%2Fcheck.xtrapension.com&rl=&if=false&ts=1727090139467&sw=1600&sh=1200&v=2.9.167&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4124&fbp=fb.1.1727090139464.90772756585737927&pm=1&hrl=b172a0&ler=empty&cdl=API_unavailable&it=1727090139280&coo=false&tm=1&cs_cc=1&cas=8000807703321665%2C8514677518594892%2C7415539028543682%2C7301028413242975%2C5403761613081698%2C6715155258592583&rqm=FGET
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-lga3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7417795664275972547"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 23 Sep 2024 11:15:39 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
a8AJ6k8sQUbkZNqS4n0IcCE/1l/IOXS3IFGP+FlbXUbxkuLtQ+6L+JWACDhnYgCbih8TNvLcAfptGVLWXeN42w==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7417795664275972547", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=33, rtx=0, c=14, mss=1316, tbw=3161, tp=-1, tpl=-1, uplat=60, ullat=0
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
/
www.google.com/pagead/1p-user-list/11386504429/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/11386504429/?random=1727090139383&cv=11&fst=1727089200000&bg=ffffff&guid=ON&async=1&gtm=45be49j0v9169218250z89122449287za201zb9122449287&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcheck.xtrapension.com%2F&hn=www.googleadservices.com&frm=0&tiba=Quickly%20See%20if%20You%20Qualify&npa=0&pscdl=noapi&auid=2023785282.1727090139&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfWjENRuTnor1L7mtz_AS-XvS8OK2fsQ&random=2696523934&rmt_tld=0&ipr=y
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 23 Sep 2024 11:15:39 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.ca/pagead/1p-user-list/11386504429/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/11386504429/?random=1727090139383&cv=11&fst=1727089200000&bg=ffffff&guid=ON&async=1&gtm=45be49j0v9169218250z89122449287za201zb9122449287&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcheck.xtrapension.com%2F&hn=www.googleadservices.com&frm=0&tiba=Quickly%20See%20if%20You%20Qualify&npa=0&pscdl=noapi&auid=2023785282.1727090139&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfWjENRuTnor1L7mtz_AS-XvS8OK2fsQ&random=2696523934&rmt_tld=1&ipr=y
Requested by
Host: check.xtrapension.com
URL: https://check.xtrapension.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.99 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 23 Sep 2024 11:15:39 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
px.ads.linkedin.com/wa/ 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://check.xtrapension.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 5EFF205D36D143AF85321B4E00ED1405 Ref B: YTO01EDGE0806 Ref C: 2024-09-23T11:15:39Z
x-li-fabric
prod-lva1
access-control-allow-credentials
true
x-li-uuid
AAYix4JGw1/XTkrgqcXspA==
x-li-proto
http/2
access-control-allow-origin
https://check.xtrapension.com
x-cache
CONFIG_NOCACHE
date
Mon, 23 Sep 2024 11:15:39 GMT
vary
Origin
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9A7EEAD07F954FF5A4E943D261ACCBE2&RedC=c.clarity.ms&MXFR=2F1B4D49CB2E6C0712FB584ACF2E6294
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9A7EEAD07F954FF5A4E943D261ACCBE2&MUID=2398D466648C600F1565C16565A661C4
42 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9A7EEAD07F954FF5A4E943D261ACCBE2&MUID=2398D466648C600F1565C16565A661C4
Protocol
H2
Server
20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

cache-control
private, no-cache, proxy-revalidate, no-store
pragma
no-cache
etag
"bb391b5d70eeda1:0"
accept-ranges
bytes
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length
42
date
Mon, 23 Sep 2024 11:15:41 GMT
content-type
image/gif
last-modified
Wed, 14 Aug 2024 17:35:32 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET

Redirect headers

cache-control
private, no-cache, proxy-revalidate, no-store
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9A7EEAD07F954FF5A4E943D261ACCBE2&MUID=2398D466648C600F1565C16565A661C4
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B8ADA900DA0A42AE9B8A1BEC8415D725 Ref B: YTO01EDGE0821 Ref C: 2024-09-23T11:15:41Z
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length
0
date
Mon, 23 Sep 2024 11:15:40 GMT
x-powered-by
ASP.NET
favicon.ico
check.xtrapension.com/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://check.xtrapension.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.48.185.156 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
server.tinderpoint.com
Software
Apache /
Resource Hash
c7911b36477cef579e8ffa744b14d1a28158ce771c076a3a3e8cfb35d78c7bc5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://check.xtrapension.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
accept-ranges
bytes
content-length
4286
date
Mon, 23 Sep 2024 11:15:39 GMT
last-modified
Mon, 05 Feb 2024 23:57:26 GMT
content-type
image/x-icon
server
Apache
x-frame-options
SAMEORIGIN
collect
o.clarity.ms/ 		0
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://o.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://check.xtrapension.com/

Response headers

Request-Context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
Access-Control-Allow-Origin
https://check.xtrapension.com
Date
Mon, 23 Sep 2024 11:15:40 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
assets.website-files.com
URL
https://assets.website-files.com/646b3f1%E2%80%A6/648c453%E2%80%A6_white.jpg

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| dataLayer function| clarity function| $ function| jQuery function| populateOptions function| Popper function| tippy object| google_tag_manager object| google_tag_data string| _linkedin_data_partner_id function| fbq function| _fbq object| _fbq_gtm_ids object| _kmq string| _kmk function| _kms function| lintrk boolean| _already_called_lintrk function| onYouTubeIframeAPIReady object| gaGlobal object| GooglebQhCsO string| KM_KEY number| KM_INCLUDE_HOSTNAME number| KM_SKIP_PAGE_VIEW number| KM_HANDLE_PRERENDER object| KM function| KMQ string| KMCTT_ORIGIN function| _kmil string| KM_COOKIE_DOMAIN object| ORIBILI

26 Cookies

Domain/Path Name / Value
www.clarity.ms/ Name: CLID
Value: 83b39bc2e3d34281956bad54463c3376.20240923.20250923
.xtrapension.com/ Name: _gcl_au
Value: 1.1.2023785282.1727090139
.xtrapension.com/ Name: _clck
Value: 1s0yts%7C2%7Cfpf%7C0%7C1727
.xtrapension.com/ Name: _ga_N8ZQ4HL517
Value: GS1.1.1727090139.1.0.1727090139.0.0.0
.xtrapension.com/ Name: _ga
Value: GA1.1.773106943.1727090139
.xtrapension.com/ Name: kvcd
Value: 1727090139441
.xtrapension.com/ Name: km_ai
Value: iWD1eJI0GbQoaYHlTAEHfCyXM%2BY%3D
.xtrapension.com/ Name: km_vs
Value: 1
.linkedin.com/ Name: li_sugr
Value: ce09e561-afe1-4437-b613-662ba18dedde
.linkedin.com/ Name: bcookie
Value: "v=2&054274cb-31e7-4bae-8abb-8994277b51c4"
.linkedin.com/ Name: lidc
Value: "b=VGST09:s=V:r=V:a=V:p=V:g=3000:u=1:x=1:i=1727090139:t=1727176539:v=2:sig=AQFMJSN7t-hZncXYqSV3IEZIooOJMTvT"
.xtrapension.com/ Name: km_lv
Value: 1727090139
.xtrapension.com/ Name: _fbp
Value: fb.1.1727090139464.90772756585737927
.linkedin.com/ Name: UserMatchHistory
Value: AQLRi95nYxnZJwAAAZIemCFS80Mi_0qAzQFlDIvw5EOvj-nJdaLMdUFZCBNbA2N-KiOfGkAkWiOATw
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLgCpri40EQawAAAZIemCFSyke8BlgT3e6ro0KfDVVopG2jBJ7BI8R4Qcpofop0FiYTI0ko7GsGv_HlJqklmA
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.xtrapension.com/ Name: _clsk
Value: gx7iqa%7C1727090139620%7C1%7C1%7Co.clarity.ms%2Fcollect
.www.linkedin.com/ Name: bscookie
Value: "v=1&202409231115394c7a11bc-ed93-40b7-86ee-14555e650e88AQG_fka7QrR4yxBt0txpzh1XXN5X4mLu"
.linkedin.com/ Name: __cf_bm
Value: 2pNnpPHXnD3kF4t09UAMZZMrhRMvlnEAMZ1uqcXc6N0-1727090139-1.0.1.1-GCnAPmAA0ldTCg8qsSf7idf2hnFhitiAiWRnMUFavEgng70xEOJEiAhL6RO0ch7SfrUlgRxWbMARUU_DwJHeRg
.bing.com/ Name: MUID
Value: 2398D466648C600F1565C16565A661C4
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 2398D466648C600F1565C16565A661C4
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 2398D466648C600F1565C16565A661C4
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.website-files.com
c.bing.com
c.clarity.ms
cdn.prod.website-files.com
check.xtrapension.com
connect.facebook.net
fonts.googleapis.com
googleads.g.doubleclick.net
i.kissmetrics.io
o.clarity.ms
px.ads.linkedin.com
scripts.kissmetrics.io
snap.licdn.com
td.doubleclick.net
trk.kissmetrics.io
unpkg.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.linkedin.com
assets.website-files.com
104.17.245.203
104.18.160.117
104.18.34.201
104.18.41.41
13.107.21.237
13.107.253.40
13.107.42.14
138.197.60.79
142.250.176.194
142.250.65.202
142.250.65.238
142.250.72.98
142.250.80.36
142.251.32.99
142.251.40.136
157.240.241.1
18.238.55.88
20.110.205.119
23.200.3.12
31.13.71.36
45.55.99.106
52.152.143.207
69.48.185.156
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
04e5f0451440427ceae95de9ba2399bcdeac5441780a21a7a3571ce1528ea410
189aeb285be99f0b58e454dd2dc3cbf34a6db844a9ef26ebc5909178ff77c5be
1e37b616b4dfba2c95070068b1f9811becb1f042c5eb0199ed38dcfd1f0960cb
2bc18c5e40b439c202bfa5d0a973c2a8c30ccdb6a83c85c5d0b55cd2abcad8b9
2f046ec0ea203040874ae7a3e044f21b6cb81f253b4e61b2adfd35930e7bbaa8
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa
31f2beed84e0978af94d723c573616da560023b304370dbb19052ed4cce500f2
32bab1a8e0405a7f9fd9da3da5c770bb79f88203a2b27abdd98c53af23180605
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
551b4bdf4227a99d4d0c9cab741d23f5d40f7c24449670b47a897b1cad34766d
761ac9d90db974fe969731353e89c350db7134b20551c44892150751f15736c1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a03ca906f80a859ec0e63b7dbc9ace2b46866fff7c21b6bc415488e093f2ffae
a29b79af8115207711b00032c673df5790731d9ff8aa45b495f836c898dbbb3f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b0bae93c534cd999e73ffafb9ad1d14fe3466768bd1544c090177261eeccc9d2
b63fd75a9b71b08bcbf4b14ef13254a0ff567d82af577ae5311374a0c70123fc
bfa20ce660b621ac0c8b781e44ac0adffebcbb5b02cc1497164fbcd7bfb939c7
c284678335ebf6256e98980411fe1727fec2d973c525da5202ba5e480ee17b28
c4bc09fffbba2af7e10a1cf933ef6c7a1301ee3c27cce271fe2c0728be02441a
c7911b36477cef579e8ffa744b14d1a28158ce771c076a3a3e8cfb35d78c7bc5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dcfe8df29e553fbd655212f94300cb1e704c6cd147fa7a98cb4bcd9eb92c6707
e0fd724dfd27bc130b1b433f37c8f8f0ca823c8bcc4ace53b9ca9510c3eb2748
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5623532ccab5772cfb35bae8ff5ff7f3568feb517e65946f419073c741b1fcf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e