www.fakeflighttickets.com Open in urlscan Pro
2606:4700:3033::6815:3c8 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fakeflightticket.com/
Effective URL:
https://www.fakeflighttickets.com/
Submission: On June 14 via automatic, source certstream-suspicious (June 14th 2021, 4:44:21 pm UTC)

Summary HTTP 90 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 16 domains to perform 90 HTTP transactions. The main IP is 2606:4700:3033::6815:3c8, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.fakeflighttickets.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 15th 2020. Valid for: a year.

This is the only time www.fakeflighttickets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3031::ac43:a19a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 25	2606:4700:303... 2606:4700:3033::6815:3c8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
3	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
2	143.204.101.223 143.204.101.223	16509 (AMAZON-02) (AMAZON-02)
17	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
7	151.101.112.176 151.101.112.176	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
3	151.101.129.35 151.101.129.35	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
4	54.186.23.98 54.186.23.98	16509 (AMAZON-02) (AMAZON-02)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
5	52.42.231.203 52.42.231.203	16509 (AMAZON-02) (AMAZON-02)
90	22

1 2606:4700:3031::ac43:a19a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fakeflightticket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2606:4700:3033::6815:3c8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.fakeflighttickets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.fakeflighttickets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.101.223 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-223.fra50.r.cloudfront.net

d33wubrfki0l68.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 151.101.192.176 (United States)

ASN54113 (FASTLY, US)

checkout.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.112.176 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.129.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.42.231.203 (Boardman, United States)

ASN16509 (AMAZON-02, US)

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	stripe.com checkout.stripe.com js.stripe.com q.stripe.com m.stripe.com	770 KB
25	fakeflighttickets.com 1 redirects www.fakeflighttickets.com api.fakeflighttickets.com	609 KB
6	stripe.network m.stripe.network	57 KB
6	twitter.com platform.twitter.com syndication.twitter.com	148 KB
6	paypal.com www.paypal.com t.paypal.com	10 KB
4	paypalobjects.com www.paypalobjects.com	86 KB
4	gstatic.com fonts.gstatic.com	89 KB
2	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	cloudfront.net d33wubrfki0l68.cloudfront.net	94 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	googletagmanager.com www.googletagmanager.com	69 KB
1	google.de www.google.de	108 B
1	google.com www.google.com	108 B
1	googleadservices.com www.googleadservices.com	14 KB
1	fakeflightticket.com 1 redirects fakeflightticket.com	618 B
90	16

	Domain	Requested by
24	www.fakeflighttickets.com	1 redirects www.fakeflighttickets.com
11	checkout.stripe.com	www.fakeflighttickets.com checkout.stripe.com
7	js.stripe.com	www.fakeflighttickets.com js.stripe.com checkout.stripe.com
6	m.stripe.network	js.stripe.com m.stripe.network
5	m.stripe.com	m.stripe.network
4	platform.twitter.com	www.fakeflighttickets.com platform.twitter.com
4	q.stripe.com	www.fakeflighttickets.com
4	www.paypalobjects.com	www.paypal.com www.paypalobjects.com
4	fonts.gstatic.com	fonts.googleapis.com
3	t.paypal.com	www.fakeflighttickets.com
3	www.paypal.com	www.fakeflighttickets.com www.paypalobjects.com
2	syndication.twitter.com	platform.twitter.com www.fakeflighttickets.com
2	www.google-analytics.com	www.googletagmanager.com www.fakeflighttickets.com
2	d33wubrfki0l68.cloudfront.net	www.fakeflighttickets.com
2	fonts.googleapis.com	www.fakeflighttickets.com
2	www.googletagmanager.com	www.fakeflighttickets.com www.googletagmanager.com
1	www.google.de	www.fakeflighttickets.com
1	www.google.com	www.fakeflighttickets.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	stats.g.doubleclick.net	www.fakeflighttickets.com
1	www.googleadservices.com	www.googletagmanager.com
1	api.fakeflighttickets.com	www.fakeflighttickets.com
1	fakeflightticket.com	1 redirects
90	23

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-15` - `2021-07-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-04-16` - `2022-03-15`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2021-04-14` - `2021-08-04`	4 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2021-04-29` - `2021-12-13`	8 months	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-11-17` - `2021-11-21`	a year	crt.sh
*.stripe.com DigiCert SHA2 Secure Server CA	`2021-01-12` - `2021-09-29`	9 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-30` - `2021-11-29`	a year	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-16` - `2021-08-04`	4 months	crt.sh

This page contains 12 frames:

Primary Page: https://www.fakeflighttickets.com/
Frame ID: 9E6FAD4D230A22F2982F04EA1206D246
Requests: 58 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html?frameId=2d908919-f821-47cd-a02e-7d74c7159991&propertyId=8GTZRJ95JBTGU-1&flow=visitor-info&variant=analytics&mrid=8GTZRJ95JBTGU&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
Frame ID: 0335674E8C2EB39F146A839A92AC90F7
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-ff599b5032b79ea1f89ba5416bea26e6.html
Frame ID: 5F8B516313E22B837C5E85C48A0CC265
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.fakeflighttickets.com
Frame ID: B5B475B725895619B8B91E252FE63079
Requests: 2 HTTP requests in this frame

Frame: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
Frame ID: F76D23B9D9D529CD0A1182BCE0C1327C
Requests: 5 HTTP requests in this frame

Frame: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
Frame ID: 6E837783FD02AD18190F24B67F774032
Requests: 5 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 16DF9175D36DAB7B1B13BE3FE7CC98F9
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Frame ID: 5FF589D2D1E4A9E925C5DD47131A43F9
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v2/m/outer.html
Frame ID: 76BC403B8C34A1ADFF637D81DE420DA7
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v2/m/outer.html
Frame ID: 180A2C17EAD9F25EAD9EA9622D00CA5C
Requests: 1 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 956FE60D768D0E2491EC7324352F3BA1
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 2843EB76F4DB746AD1A4BDAC66B1C5BE
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://fakeflightticket.com/ HTTP 301
http://www.fakeflighttickets.com/ HTTP 301
https://www.fakeflighttickets.com/ Page URL

Detected technologies

Gatsby (Static Site Generator) Expand

Overall confidence: 100%
Detected patterns

html /<style id="gatsby-inlined-css">/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i
html /<style id="gatsby-inlined-css">/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

webpack (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

html /<style id="gatsby-inlined-css">/i

Page Statistics

90
Requests

100 %
HTTPS

55 %
IPv6

16
Domains

23
Subdomains

22
IPs

3
Countries

1967 kB
Transfer

6590 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fakeflightticket.com/ HTTP 301
http://www.fakeflighttickets.com/ HTTP 301
https://www.fakeflighttickets.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

90 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.fakeflighttickets.com/
Redirect Chain

https://fakeflightticket.com/
http://www.fakeflighttickets.com/
https://www.fakeflighttickets.com/

498 KB
79 KB

44ms
24ms

Document
text/html

2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7fac6d2a9f260865d3898d5f0478c1c5526ca0c0ce58720e3818f0e67eb47c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.fakeflighttickets.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:00 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
link: </commons-53bdce3148e7f3d4e267.js>; rel=preload; as=script, </app-dee321f34fdbc3cb9e69.js>; rel=preload; as=script, </path---index-444cf217d3ecd7d9367a.js>; rel=preload; as=script, </component---src-pages-index-jsx-94ca0378626f8d4909c1.js>; rel=preload; as=script, </component---src-layouts-index-js-696717e53abf5711c707.js>; rel=preload; as=script
age: 181759
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-nf-request-id: 23d3d9cd-68d8-4a23-a7f7-696a5aaaf437
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
cf-request-id: 0aad01ab7a00002c22a2118000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l2KueXeYDWhZ%2FfpSEKN9Rm1DvrVDGzaT%2BVCjZtazwaca4vLPKNglkomdhZQJXN3IFi28kCLaRzwV%2B%2F5ts3D%2BSvmyj5a55VwT1OIS1O%2BtGX3UUhXk47gsgdFD2%2FawYpejm7vtcuUP4ZHj8PYlOxjPVuYxTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65f50558cdb62c22-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-h2-pushed: </commons-53bdce3148e7f3d4e267.js>,</app-dee321f34fdbc3cb9e69.js>,</path---index-444cf217d3ecd7d9367a.js>,</component---src-pages-index-jsx-94ca0378626f8d4909c1.js>,</component---src-layouts-index-js-696717e53abf5711c707.js>

Redirect headers

Date: Mon, 14 Jun 2021 16:44:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 14 Jun 2021 17:44:00 GMT
Location: https://www.fakeflighttickets.com/
cf-request-id: 0aad01ab4a00009778ce280000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JDu0hZhkqqEJ1LAQzHyMCtSWv4vCOrC2EFkllku8HGNuHhmrvb%2BssbHRx3Hp36v4RSEKA4CMGGRJIgix4hAKEoof%2FXF4q2BmAO64ePKSWRvZ7prdSoXW2uE%2FYLcMimmHacVV0X5moWEMWidQlngSpcI0IA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 65f505587e7d9778-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 commons-53bdce3148e7f3d4e267.js Show response
www.fakeflighttickets.com/ 1 MB
263 KB 66ms
51ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edec0d25952f9cb56e54c3aa8048c60c2837867384bf741bb2e379696c8d7259

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /commons-53bdce3148e7f3d4e267.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: bdc5b076-0acb-4030-9d0b-eb71cf789eda
date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01aba20000d709bf880000000001
server: cloudflare
x-frame-options: DENY
etag: W/"70894a6afd5a3a9b6d2b41614d4d1f89-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hhaT9YRNl3Y4nEJdeVGZyNYr75%2F3LEyVFM4seGx%2BAK0%2B03X7%2FsfTH94%2FwMjoDQUxchy641wy0Izih%2FLJkZ9Y00bnXCgDQKHouyyepig03%2Fl4GGC8WZSO780l%2B%2B%2B7EDtlSovhY9go3hOLYbb%2Bzmg9OM6V7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505590d2bd709-FRA

GET
H3-29 200 app-dee321f34fdbc3cb9e69.js Show response
www.fakeflighttickets.com/ 376 KB
78 KB 56ms
42ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/app-dee321f34fdbc3cb9e69.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

905b7bec523c101be04d0699da0f95336daba913fe1cd28eb27aa9375313a437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /app-dee321f34fdbc3cb9e69.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 0c2902f6-2395-450c-83d7-3cdb66a65b93
date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01aba20000d709a1b88000000001
server: cloudflare
x-frame-options: DENY
etag: W/"df88b1ce381d44c75b561cac83665c66-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=g75zRLjgHv2iqmCTDzGZaQy7TJqQbn%2BBTyeVLC4EVW4usz3nlqOdqyvLzs2TNiQDggXLj%2FFXX4YGEMvZBlXU1WdkrTWuj%2F0WpYArKYBvhB59lGJdAw10St2tYZ08Sfl2ClAhQxO8%2BvSdL%2BDo7GPPcknEAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505590d28d709-FRA

GET
H3-29 200 path---index-444cf217d3ecd7d9367a.js Show response
www.fakeflighttickets.com/ 162 B
812 B 400ms
386ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/path---index-444cf217d3ecd7d9367a.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce5cf7770e199d1392756f052257e5ff5037b8ecef52894e6a949d8ab3ed0289

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /path---index-444cf217d3ecd7d9367a.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: f8c4ee2f-b957-4940-8f62-c9f8fe8da343
date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01aba20000d709a2166000000001
server: cloudflare
x-frame-options: DENY
etag: W/"8932b9b1ee6c6a4b9b2d877952e9ecbd-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OWjg23f8gmrpDzVjXZlR1tIY%2BoZRKEdkbMG9ja89QHgYiq7NAilT99MWkBMZt6mZ1K6QpSI9u9qpnZRlnCqYU4MDcdFKSxfAY1mQdZzrMbEZ%2Bn4TIBt8WcTZtsLpXbQXivADyK%2FV9c48uEnJgoI2b%2BRNZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505590d2ad709-FRA

GET
H3-29 200 component---src-pages-index-jsx-94ca0378626f8d4909c1.js Show response
www.fakeflighttickets.com/ 109 KB
36 KB 41ms
28ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/component---src-pages-index-jsx-94ca0378626f8d4909c1.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6d02e2f649a2291db598c2f68e1ccb820ab5e0946164d67ad35fd8cbccace39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /component---src-pages-index-jsx-94ca0378626f8d4909c1.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 2c9e6421-f3a9-441f-ace9-f950361a32c1
date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01aba10000d7096d128000000001
server: cloudflare
x-frame-options: DENY
etag: W/"2b60a457a3da59af4d2eb2952175b4d8-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fqbPlwnX2FexcVRT3bPyD%2FpNt7h6xAcHxJ4IjFZFdKzRxuHum%2BVdeXuHaGnJHBHjLPxAPloWc%2FQNwv7FWXxPozCaIaLkjU7uDAP4LkgtVltRVLyk4BhFk%2BCu1hQ5xr34VbfFxY8xE0V0K9e6%2FVfXdX%2B5Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505590d26d709-FRA

GET
H3-29 200 component---src-layouts-index-js-696717e53abf5711c707.js Show response
www.fakeflighttickets.com/ 85 KB
25 KB 46ms
34ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/component---src-layouts-index-js-696717e53abf5711c707.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dff283d141954fba4112ed20c240b60d30dbf57c1cb97cac0c647af526b0de8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /component---src-layouts-index-js-696717e53abf5711c707.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 982d3986-0534-45af-8a4b-e75e08fcb88e
date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01aba10000d709eb0da000000001
server: cloudflare
x-frame-options: DENY
etag: W/"711f9d9572a9d37044916e26758f901d-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ljvLXm7BpyX%2BonyDIrBTeqhn9koK1NHZlWys2fGSN2A9M65bkINixeDr5gcxG5PMs860idLnIZkHu9e2J3i1ZzJChNnScDZlr2L%2BZ54q20hUWczgt1aWE%2FSzUBmPnkXcNKMbhatGGmwdqY4KttMoL2YcSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505590d20d709-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-30171436-17

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8cc36d35fabf4e82de3c9085fe32e781d0f396791f3ea000d7f2a24159526f5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36075
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 14 Jun 2021 16:44:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
553 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

20568af44ab9b900de7d9f4d286cb26181af272d5ca6d1bb0789ae5483003643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 15:22:34 GMT
server: ESF
date: Mon, 14 Jun 2021 16:44:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Jun 2021 16:44:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
498 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Paytone+One

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab5365562797d4cb63c04ed8fac0399746471d2c6c5d7b26a219cfebc6a15068

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 15:48:29 GMT
server: ESF
date: Mon, 14 Jun 2021 16:44:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Jun 2021 16:44:00 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 19 KB
7 KB 106ms
19ms Script
application/x-javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=efdf3ee9-c470-42d7-817e-220f8a88fd21

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9736fd3d5a3b12ceb1a0a2aa51691ea208b9f83813edb756cba1ec4b38f60a3a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+Qhyi43VHLVBQ95W+7TUrLE2LjJk/KVAxrM8LHY4lb4lynd6' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+Qhyi43VHLVBQ95W+7TUrLE2LjJk/KVAxrM8LHY4lb4lynd6' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 30901
x-cache: HIT, HIT
paypal-debug-id: 5f0e0a284cd15
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 5671
x-xss-protection: 1; mode=block
x-served-by: cache-lhr7331-LHR, cache-cdg20755-CDG
x-timer: S1623689041.919842,VS0,VE2
x-frame-options: SAMEORIGIN
date: Mon, 14 Jun 2021 16:44:00 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
etag: W/"4b35-t7hpfEfOGjajTtUVU65EOx3GE+o"
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 fakeflighttickets.com-samplev2.jpg
d33wubrfki0l68.cloudfront.net/8a729d2d059a386ecca83a6e8640d205d8369f0e/dbaea/ 54 KB
54 KB 114ms
41ms Image
image/jpeg 143.204.101.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/8a729d2d059a386ecca83a6e8640d205d8369f0e/dbaea/fakeflighttickets.com-samplev2.jpg
Requested by: Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-223.fra50.r.cloudfront.net
Software: Netlify /
Resource Hash: 5168a9bf7957784feecf77b8febec26d3fbe59d7341d2210351a0122a2fc95bc

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 9e49cb4f-bada-4739-91d7-27c38725d345-34463018
date: Fri, 29 Jan 2021 07:51:31 GMT
via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
server: Netlify
age: 11782349
etag: 20a2ae2e5db4f87185488c8f6ea03b56e7bc0688
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 54873
x-amz-cf-id: D57ZFLp9yv1tjohxMZqolWbp521MnSjT0EVkkNVt3am1oxmzsKWn5Q==

GET
H3-29 200 email-decode.min.js Show response
www.fakeflighttickets.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 17ms
16ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 0aad01abbb0000d7097c310000000001
last-modified: Tue, 08 Jun 2021 15:58:01 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"60bf9389-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LyIiZVxkBKETAtdOWW7Yy7sF9Yl3A7xa7nZ1%2BiiELX0R5IrtMjW%2FmaHpSThEXpUGXEf0iteH6ii80slmnEPd3eO8nlg5npPEuBjTs55g5ofxQdlg3NbWpiJRlURNZXlaCkXc%2BeuzaYuZGdWugoF0XMLSGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
cf-ray: 65f505592d80d709-FRA
expires: Wed, 16 Jun 2021 16:44:00 GMT

GET
H2 200 checkout.js Show response
checkout.stripe.com/ 101 KB
27 KB 101ms
16ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/checkout.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6a57f708aa8340612cf5123815b67aca32c33e831ff62421695815a9ad0186e6

Security Headers

Name

Value

Content-Security-Policy

connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 51
x-cache: HIT
content-length: 26661
x-amz-id-2: bc3wXkCzQ7TlUxsjHQvzvv45dFnlPlFfAgFrUyTsVAmcGSaH8ISmmmQ5bzD6X6xzlp3aqf79lTE=
x-served-by: cache-cdg20725-CDG
last-modified: Fri, 07 May 2021 17:55:32 GMT
server: AmazonS3
x-timer: S1623689041.918647,VS0,VE0
etag: "0063368484c9faafccd079d07ac24931"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: Y0JHH5874H5J3AQK
via: 1.1 varnish
cache-control: no-cache
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 14

GET
H2 200 / Show response
js.stripe.com/v3/ 223 KB
56 KB 113ms
27ms Script
application/javascript 151.101.112.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

57dd0b954432e4d6950458863a3b255a3898a5784c359578d834f119d6aac60e

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:00 GMT
content-encoding: br
vary: Accept-Encoding
age: 288
via: 1.1 varnish
x-cache: HIT
content-length: 56599
x-amz-id-2: hYIPC+QsNyx/sspJNmrcd4chwrAVBLKjQ5Tj3RLiX6azbGqJXjnxrDTMt1MPx4xz8Oi79XI+G4k=
x-served-by: cache-hhn4076-HHN
timing-allow-origin: *
last-modified: Fri, 11 Jun 2021 15:36:48 GMT
server: AmazonS3
etag: "b0a4a2e67e46302c4bdd3bca0bb54e2a"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: 8VRAAJSPAD57MRKP
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 377

GET
H2 200 0nksC9P7MfYHj2oFtYm2ChTtgPs.woff2
fonts.gstatic.com/s/paytoneone/v13/ 19 KB
19 KB 11ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/paytoneone/v13/0nksC9P7MfYHj2oFtYm2ChTtgPs.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Paytone+One

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95063fd1043212fb60483912ac33a0af88e8e20826ea4c07b4cc0e8a69a2040e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fakeflighttickets.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 13:40:00 GMT
x-content-type-options: nosniff
age: 183840
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19740
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:49:57 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 13:40:00 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 22 KB
23 KB 11ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fakeflighttickets.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 04:46:04 GMT
x-content-type-options: nosniff
age: 215876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 04:46:04 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v17/ 24 KB
24 KB 10ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fakeflighttickets.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 07:03:53 GMT
x-content-type-options: nosniff
age: 207607
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24440
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:12:06 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 07:03:53 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 23 KB
23 KB 12ms
8ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fakeflighttickets.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 05:40:22 GMT
x-content-type-options: nosniff
age: 212618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 05:40:22 GMT

GET
DATA 200
OK truncated
/ 1 KB
1 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7cfc4cec708b3ef2763009b293e7b21286f9e8e3e833486c9346653f3c64b4d1

Request headers

Origin: https://www.fakeflighttickets.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 icons.0ab54153.woff2
d33wubrfki0l68.cloudfront.net/6ec6d36cb2464b4e821cfabb532f310bd342601c/1abab/static/ 39 KB
40 KB 99ms
37ms Font
application/octet-stream 143.204.101.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d33wubrfki0l68.cloudfront.net/6ec6d36cb2464b4e821cfabb532f310bd342601c/1abab/static/icons.0ab54153.woff2
Requested by: Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-223.fra50.r.cloudfront.net
Software: Netlify /
Resource Hash: 434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3

Request headers

Origin: https://www.fakeflighttickets.com
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 36596924-e7a8-4146-bb5e-ab5a2d5058d8
date: Tue, 27 Apr 2021 10:44:44 GMT
via: 1.1 80c1ad5f9352d00b95a9da73eb6b6be5.cloudfront.net (CloudFront)
server: Netlify
age: 4168756
etag: 86c2de0faac10ebd5aed5adfa06846582153826b
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: public, max-age=31556926
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 40148
x-amz-cf-id: DiCcfovjqTyBSNQ9ydwb1i5co8St_clUsWeRxVKqFkMxxAMW6GqIWw==

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 64 KB
17 KB 106ms
32ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/tagmanager/pptm.js?id=efdf3ee9-c470-42d7-817e-220f8a88fd21

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ea98e218e1aadbbb655fe976d1eeb8ee88a4254b88cd12cbe6d4b003d50d1b66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: d12eed8348e3c
dc: phx-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 17320
x-served-by: cache-sjc10071-SJC, cache-hhn4022-HHN
last-modified: Fri, 11 Jun 2021 14:58:53 GMT
x-timer: S1623689041.053616,VS0,VE0
etag: W/"60c37a2d-10035"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 12809, 36

GET
H2 200 ts
t.paypal.com/ 42 B
706 B 238ms
200ms Image
image/gif 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics%3A%3A8GTZRJ95JBTGU-1&page=muse%3Athird-party%3Aanalytics%3A%3A8GTZRJ95JBTGU-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=efdf3ee9-c470-42d7-817e-220f8a88fd21&fltp=analytics&mrid=8GTZRJ95JBTGU&code=UNDEFINED&partner_name=UNDEFINED&flag_consume=yes&pt=%E2%9C%88%EF%B8%8F%20Fake%20Flight%20Tickets%20%F0%9F%91%8D%20%E2%80%94%20Generate%20Proof%20of%20Onward%20Travel&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1623689040967&g=-120&completeurl=https%3A%2F%2Fwww.fakeflighttickets.com%2F
Requested by: Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:01 GMT
via: 1.1 varnish, 1.1 varnish
server: akka-http/10.1.11
x-timer: S1623689041.017289,VS0,VE182
x-cache: MISS, MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slca.slc
expires: Mon, 14 Jun 2021 16:44:01 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0, 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-lhr7321-LHR, cache-cdg20735-CDG

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-30171436-17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 1161
date: Mon, 14 Jun 2021 16:24:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 14 Jun 2021 18:24:40 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 86 KB
34 KB 40ms
39ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-874844064&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-30171436-17

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cb6c69478b39c524cf90cc4092a290e60046ce48108e94554e416b79dbd0ccf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34818
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 14 Jun 2021 16:44:01 GMT

GET
H2 200 manhattan Show response
checkout.stripe.com/api/outer/ 15 B
83 B 713ms
678ms XHR
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/api/outer/manhattan?key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&locale=auto

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

32d1453fe07b5aa57b7c1ec92215ebe9f1af8197fcac825529324940066a3a75

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
via: 1.1 varnish
x-cache: MISS
x-envoy-upstream-service-time: 7
x-cache-hits: 0
content-length: 15
x-served-by: cache-cdg20770-CDG
pragma: no-cache
server: nginx
x-timer: S1623689041.154272,VS0,VE663
date: Mon, 14 Jun 2021 16:44:01 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.fakeflighttickets.com
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
expires: 0

GET
H2 200 manhattan Show response
checkout.stripe.com/api/outer/ 15 B
818 B 704ms
675ms XHR
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/api/outer/manhattan?key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&locale=auto

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

32d1453fe07b5aa57b7c1ec92215ebe9f1af8197fcac825529324940066a3a75

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
via: 1.1 varnish
x-cache: MISS
x-envoy-upstream-service-time: 8
x-cache-hits: 0
content-length: 15
x-served-by: cache-cdg20770-CDG
pragma: no-cache
server: nginx
x-timer: S1623689041.154561,VS0,VE659
date: Mon, 14 Jun 2021 16:44:01 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.fakeflighttickets.com
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
expires: 0

GET
H2 200 /
q.stripe.com/ 43 B
286 B 998ms
180ms Image
image/gif 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.stripe.com/?event=checkout.config.summary&rf=www.fakeflighttickets.com&optchecker-origin=configure&optchecker-numErrors=0&optchecker-numWarnings=0&distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9&eventId=2f92c28d-c801-edf0-3571-90e3b8409293&option-key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&h=1200&w=1600&lsid=2ed0e6ce-e816-4b57-ae11-4ab69b856507&cid=25b66e8f-5658-40b8-809e-4c0b4cc6bd92&i=1623689041109

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:02 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: image/gif
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-length: 43
expires: 0

GET
H2 403 me Show response
api.fakeflighttickets.com/auth/ 9 B
493 B 644ms
617ms XHR
text/plain 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fakeflighttickets.com/auth/me
Requested by: Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/app-dee321f34fdbc3cb9e69.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78342a0905a72ce44da083dcb5d23b8ea0c16992ba2a82eece97e033d76ba3d3

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:01 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"9-PatfYBLj4Um1qTm5zrukoLhNyPU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=91HrCfOu7%2FqHzpe2qvS8jpBYJ%2FWFDOn6j2vC5M6jaLuRQP40SjWIEWhMYwh4FgZnFq7UIdE%2BYYj0aQtrU92%2BQnrmkiF2IBkC80JeYArt2wSEkf%2F2T%2BisMYu9V6Lyl61Q0plr7dQ%2B82gKk6dGcjIvN483Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.fakeflighttickets.com
access-control-allow-credentials: true
cf-ray: 65f5055b4b902c22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 9
cf-request-id: 0aad01ad0a00002c2244240000000001

GET
H2 200 /
q.stripe.com/ 43 B
285 B 996ms
180ms Image
image/gif 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.stripe.com/?event=checkout.config.summary&rf=www.fakeflighttickets.com&optchecker-origin=configure&optchecker-numErrors=0&optchecker-numWarnings=0&distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9&eventId=c792d0d9-e507-693d-e95a-ded23c6d1386&option-key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&h=1200&w=1600&lsid=c07037d5-7957-419a-8447-d4475f790615&cid=52f5b837-91fe-4ff4-93e9-49a8a6336f5e&i=1623689041116

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:02 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: image/gif
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-length: 43
expires: 0

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 27ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668D) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 16:44:01 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/668D)
Age: 976
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame 0335 219 KB
66 KB 28ms
28ms Document
text/html 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html?frameId=2d908919-f821-47cd-a02e-7d74c7159991&propertyId=8GTZRJ95JBTGU-1&flow=visitor-info&variant=analytics&mrid=8GTZRJ95JBTGU&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a27a4a6562bd612eae0036fd1e1ba5fcaf47c14e24eb9adfe2959f5ce683a1c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: www.paypalobjects.com
:scheme: https
:path: /muse/analytics/index.html?frameId=2d908919-f821-47cd-a02e-7d74c7159991&propertyId=8GTZRJ95JBTGU-1&flow=visitor-info&variant=analytics&mrid=8GTZRJ95JBTGU&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fakeflighttickets.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fakeflighttickets.com/

Response headers

content-encoding: gzip
content-type: text/html
etag: W/"60b6bca8-36aa9"
last-modified: Tue, 01 Jun 2021 23:03:04 GMT
paypal-debug-id: 84d12c38f525e
dc: phx-origin-www-3.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:01 GMT
x-served-by: cache-sjc10059-SJC, cache-hhn4022-HHN
x-cache: HIT, HIT
x-cache-hits: 76662, 21
x-timer: S1623689041.320619,VS0,VE0
vary: Accept-Encoding
cache-control: public,max-age=3600
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 67274

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 115ms
43ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-874844064&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7ed6ea6b994f975e4ede747d96d2eb3f63ad55b3d5803615fdb115b487b461d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13984
x-xss-protection: 0
server: cafe
etag: 12421713846596914618
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 14 Jun 2021 16:44:01 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&aip=1&a=1670264030&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fakeflighttickets.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=%E2%9C%88%EF%B8%8F%20Fake%20Flight%20Tickets%20%F0%9F%91%8D%20%E2%80%94%20Generate%20Proof%20of%20Onward%20Travel&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAUABAAAAAC~&jid=2035712568&gjid=374741885&cid=1468073727.1623689041&tid=UA-30171436-17&_gid=1537054136.1623689041&_r=1&gtm=2ou690&z=186578476

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/component---src-layouts-index-js-696717e53abf5711c707.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fakeflighttickets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m-outer-ff599b5032b79ea1f89ba5416bea26e6.html Show response
js.stripe.com/v3/ Frame 5F8B 215 B
535 B 30ms
30ms Document
text/html 151.101.112.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-ff599b5032b79ea1f89ba5416bea26e6.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

544e7b0ddaba3404a327d068cfca2f3000e385102c042323909c636cf6bdca0e

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; font-src 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/m-outer-ff599b5032b79ea1f89ba5416bea26e6.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fakeflighttickets.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fakeflighttickets.com/

Response headers

x-amz-id-2: ze5yxht0XBTTs/PsvO6QOG69Bk23FR1sQTZbbH9qHLz0J7qfhrAvbIBXnvq6Dj+wW8iZnuisPPs=
x-amz-request-id: AWCTKJHBFSCNN7V8
last-modified: Tue, 01 Jun 2021 22:25:38 GMT
etag: "ff599b5032b79ea1f89ba5416bea26e6"
cache-control: public, max-age=300
content-type: text/html; charset=utf-8
server: AmazonS3
content-encoding: br
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:01 GMT
via: 1.1 varnish
age: 171
x-served-by: cache-hhn4076-HHN
x-cache: HIT
x-cache-hits: 479
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-security-policy: connect-src 'self'; default-src 'self'; font-src 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'
content-length: 130

GET
H3-29 200 FakeFlightTickets.com-SampleV2.jpg
www.fakeflighttickets.com/ 54 KB
54 KB 191ms
188ms Image
image/jpeg 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/FakeFlightTickets.com-SampleV2.jpg

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5168a9bf7957784feecf77b8febec26d3fbe59d7341d2210351a0122a2fc95bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /FakeFlightTickets.com-SampleV2.jpg
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 9cb26033-dd0a-40a1-a821-f50c6f337160
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 54873
cf-request-id: 0aad01ae050000d709d4a98000000001
server: cloudflare
x-frame-options: DENY
etag: "3bf514b071cce73944ac4285d2df7e19-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=C4mOu2Apxmso6b0fgkwFN6u5zTSBC9wQyLmMVpWnWoq4s%2FtPCxFzJ4ShnTxbuu%2B8oW1RstIgplZgmwS07A2b%2BQXfpiXoM7AcZCVGUxTYryV66bkis0jJ79G0MWZA6BkcMVMJFyJAtnZHzThqOolIn%2FTI7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
accept-ranges: bytes
cf-ray: 65f5055cdd5dd709-FRA

GET
H3-29 200 EK.png
www.fakeflighttickets.com/airline/ 6 KB
7 KB 82ms
79ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/EK.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0633444a6632bec5f6a6768c39fc6f043bcd24db75c447caa8a3f7f19c3cbe3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/EK.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: deba62d1-9838-4487-85e0-64f7d7a5a651
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="EK.webp"
server-timing: fastly;dur=1;start=2021-06-14T16:44:01.453Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6274
cf-request-id: 0aad01ae060000d709e4114000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "df578062eed388ead2fd9d5eda5c5cbc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Mpfka17VVOTXVDiKPFcbcmI%2F3Xs3S85uIaZRutRvFyll5fpI17Y4bL1Tj8NQ842snLBxmtjRysRtiS3OfcenFI61%2FmZchTRWP%2BMh%2B7A2EIvUweAXb1JBcCl%2BYNX9UxIpuCupw%2Bi2gK78RqvKJ8LkPgqR2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd61d709-FRA

GET
H3-29 200 3K.png
www.fakeflighttickets.com/airline/ 5 KB
6 KB 82ms
79ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/3K.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f5ffb332c6b64f46bc5f783249eb21b494386f07815442142d7b5e046374d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/3K.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 680dcf7b-63d0-41d2-aae1-1fde709bfb86
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="3K.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-14T16:44:01.465Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5214
cf-request-id: 0aad01ae060000d709963a1000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "d1377c833c3235827ced5d276f0c15e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yc5n5v7qrESABJ5y%2FgpWs7PQun5TRXhoKvpRC5MqBiLyr6N%2FtC%2BjhMZcHXR2CLUNvYKv%2BkHFXtqp883fS%2FMRHOcuDBB3pOkvKBs%2B%2BB2YPjsG082FRNUyYQJ1oecq6vRpJS8zcWbOLcaPMOZX6t%2Bnsv7p3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd64d709-FRA

GET
H3-29 200 UA.png
www.fakeflighttickets.com/airline/ 4 KB
5 KB 84ms
81ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/UA.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6989ee41bfbf205e5633e08ff6d1d119a40468950793d6fa257fbb8ecb673f67

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/UA.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 9a372820-3fa6-4dc7-b6df-3a33ddeb4162
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="UA.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-14T16:44:01.453Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4496
cf-request-id: 0aad01ae060000d709e48b3000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "ff10089cb0f7817f812d75ba7039b8ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uaz4xkKtdr%2F6O%2FdXnWyIA7BlLa7WCU48q%2ByiSoYU9n3wWactw5hShkmxjFcemGCQYiocrEo8oCPexQk2EW3VwIjPOGZFwhbqIU55zRTa0UsNS2%2BvGQNUcXSEWul6kl66xAXidwnva2RMMysQE3kMVYed9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd67d709-FRA

GET
H3-29 200 CX.png
www.fakeflighttickets.com/airline/ 4 KB
5 KB 84ms
81ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/CX.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5d4284fb349ce897a1cbbb8ef996c7ef8a7d5ce7098ad85baf05723e7bf9168

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/CX.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: d045886f-a316-4fcb-b505-69dac59bcbe4
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="CX.webp"
server-timing: fastly;dur=2;cpu=1;start=2021-06-14T16:44:01.453Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4182
cf-request-id: 0aad01ae060000d7096d167000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "c5e654c17b457effaf7670e66c9956c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jTfYb%2Fxa5rFxqlRfFkNfOZ7C7kYU2rxWOEEQXwZcQ3lkUMdhHdkd2OmtJTsmwe9Dlc3Y8jMcHrelwF6mc0ajlQHL83UWfcfiXArbPJJiZs%2BsupAwWKdP4Mgdc9i9mJkH6vYRDQD7I8N8gpvphlbJECDtsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd69d709-FRA

GET
H3-29 200 TG.png
www.fakeflighttickets.com/airline/ 7 KB
8 KB 85ms
82ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/TG.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa5b87aa8ddf3cf3305f176f0ae0d51d7d8075616da8444155f7c55b3c464294

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/TG.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: d6e21953-3105-4f69-8b85-1e491d8c3781
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="TG.webp"
server-timing: fastly;dur=1;start=2021-06-14T16:44:01.453Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 7616
cf-request-id: 0aad01ae070000d709773a0000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:02:35 GMT
server: cloudflare
etag: "faa37b81cb5a1109a4ec4ff45c559678"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QC8myz3m1MySSQkl3qtPLjNcJGXUI%2BxUUIXccmU5N6Ho8nDQx3WVGHoiTIRN6HgFQaw27VHBMjwEhmkeoE4sdW2P2T%2FCYLP%2Bc%2B1BZ3yrJRc4xACsL1W9wKbsSkWxOv5I%2FOICLMZFoOk4oQRuC78hXd7eBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd6dd709-FRA

GET
H3-29 200 MH.png
www.fakeflighttickets.com/airline/ 7 KB
8 KB 85ms
82ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/MH.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b6939c8d4061cd8b54da2f4bdf65b2858f4840dd3ff549d3a548682dc45413

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/MH.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: ddc258df-f0ed-45d3-a85e-07362e83f7ba
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="MH.webp"
server-timing: fastly;dur=1;start=2021-06-14T16:44:01.453Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 7110
cf-request-id: 0aad01ae070000d709f1adb000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "6549e80003d228c0a268705fb1102897"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=nphpTJtBT81jlqTBG%2FEAt9u%2Bm8qUGNY%2BQtLcXbYgr5%2BrnJQrsUPfsT2Pz6vF2NFmMlFycuRrHnw0mpgojvwMn3vza1E%2FEWB%2FbRBpXlk6xznv6joTVMZhVOwDO0p62Q0fTc9x7nmFKffXWQnryD5hD%2Fb3HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd72d709-FRA

GET
H3-29 200 CZ.png
www.fakeflighttickets.com/airline/ 9 KB
10 KB 56ms
54ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/CZ.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2536a7b3f7bc5a9f74dda114e914dbee7a8d9ddbcf9ec60c941f962f1f7946cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/CZ.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 98e95f4f-e967-4b27-81ca-7d56b6376044
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="CZ.webp"
server-timing: fastly;dur=1;start=2021-06-14T16:44:01.453Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 9138
cf-request-id: 0aad01ae080000d709dc84e000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "3793f9f5be0dedf379731a23b7e8f4b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Sy7drIFITrriWYlLdhPNlPFAVC3NOeCBoHnXog1b8bLqI8hu2qIM6E11%2BcTeb1x%2BSnIkFKU2QDQ2qEQ20eDp0zUmB6XFeuXGnvoZPpYDq%2BtP%2F%2FzUAS%2BQmstsOch%2FDeG%2FHzWwak2ih%2FhBYM6H1QMBI5nf0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd74d709-FRA

GET
H3-29 200 DL.png
www.fakeflighttickets.com/airline/ 3 KB
4 KB 84ms
83ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/DL.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02666cecaf073d8b9ecd590e20d6072710b3a5bd631c485a6e992523d837293b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/DL.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: a2b20543-4377-41ef-92d2-3e41f1fecacb
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="DL.webp"
server-timing: fastly;dur=1;cpu=0;start=2021-06-14T16:44:01.453Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3098
cf-request-id: 0aad01ae080000d70987236000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "aac3eea0139bd7301c29d6cc717954f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=A5xk%2FmW3fQQqyaSG2F1bZMeZKHQ9JlvksmL%2BgiQVvW1EmJA%2Bz6sDdLwl8mRo3VYMDsl%2BZKq%2FRpcEEGhb5sNuqW93AEMHuG6LP0N%2BAVsfwFycCYtlYaiOSo3JJq7IkJNknmhw7R1Rs84W4JGo%2BxADr0Dg0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055cdd75d709-FRA

GET
H3-29 200 F9.png
www.fakeflighttickets.com/airline/ 7 KB
8 KB 143ms
142ms Image
image/webp 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fakeflighttickets.com/airline/F9.png

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

384cfd2dc5884808c78f9cf3dce6432512d676cd49128f9974c8bb0dd15119b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /airline/F9.png
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 95490d6a-03f7-4090-925a-8bbd843ddf2c
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
content-disposition: inline; filename="F9.webp"
server-timing: fastly;dur=1;cpu=0;start=2021-06-14T16:44:01.545Z;desc=hit,rtt;dur=0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 7594
cf-request-id: 0aad01ae110000d709d4a9a000000001
timing-allow-origin: *
last-modified: Wed, 13 May 2020 09:07:36 GMT
server: cloudflare
etag: "2ccefe5b1f359424fc8fdde9177b6f4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ta3JtKweoaz%2FQcAaH9ROD2dVLpI5%2BwJD%2BG5VcpC2bZL%2BxyaamSGwVGWgozex1qj7zVESIF%2Fq7nbTe2OQxJ4jwe0hxVL%2FLFqiC3GrosGUjMNLHW8TYJIiS2S9%2BCMDgqyZBkhXkKPOLzLKCCcrRcAyRVmZ%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: private, no-transform, immutable, max-age=31557600
accept-ranges: bytes
cf-ray: 65f5055ced87d709-FRA

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame B5B4 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.fakeflighttickets.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.fakeflighttickets.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fakeflighttickets.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 331147
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 14 Jun 2021 16:44:01 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
92 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-30171436-17&cid=1468073727.1623689041&jid=2035712568&gjid=374741885&_gid=1537054136.1623689041&_u=aEBAAUAAAAAAAC~&z=1853402114

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/component---src-layouts-index-js-696717e53abf5711c707.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 14 Jun 2021 16:44:01 GMT
content-type: text/plain
access-control-allow-origin: https://www.fakeflighttickets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 path---referrals-df703831dd1f09342de3.js Show response
www.fakeflighttickets.com/ 176 B
819 B 180ms
180ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/path---referrals-df703831dd1f09342de3.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d120bba4f5f5f07736f81ad95bc905e49b40a5a132d974c54de241a7f0ae897

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /path---referrals-df703831dd1f09342de3.js
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 5a336ef1-ce47-4348-a9ed-fcdb5fbcd5ee
date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01ae520000d709a21a3000000001
server: cloudflare
x-frame-options: DENY
etag: W/"9d7a88e9de527dbb414b53b42a65ac7c-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YxYeB6Hgp1sLLBylzB3Hd4B7a6jJxv1bSjFfR4xUgBn7Cl%2BxUNkLpjM0lUzvjv1cgP0rE3l%2BCk%2Bo86f8WO0nMZt%2F4JlbColojjlF8MbFOVSYur3Az7gw3aTKfaYBz2Sj0ykWHdYP4fDzofClnGusSBDEbw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f5055d4e90d709-FRA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/874844064/ 2 KB
1 KB 19ms
16ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/874844064/?random=1623689041492&cv=9&fst=1623689041492&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&ig=1&data=event%3Dpage_view%3Bpage_path%3D%2F&frm=0&url=https%3A%2F%2Fwww.fakeflighttickets.com%2F&tiba=Fake%20Flight%20Tickets%20%E2%80%94%20Generate%20Proof%20of%20Onward%20Travel&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb19908006dfc0f0482e5b5d6359f8bc3ffa916b3764699b9c75ec97b83b06fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1074
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index-c456b1a6ebc647ce3961b938c679c5e5.html Show response
checkout.stripe.com/m/v3/ Frame F76D 11 KB
2 KB 707ms
706ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4c9e518366a8baa87d6101557cfdf13757657afa333f31fb03fa9869fd725782

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: checkout.stripe.com
:scheme: https
:path: /m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fakeflighttickets.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fakeflighttickets.com/

Response headers

x-amz-id-2: YU/64f7f/2BmBSrFG1NkJchWoNAyzS3SVw2iQgG+QdeTMa7uRW527Grsyw3zo07VtVbn6dggI9g=
x-amz-request-id: 3DGNXQH4BGA5CB8P
last-modified: Fri, 07 May 2021 17:55:04 GMT
etag: "c456b1a6ebc647ce3961b938c679c5e5"
cache-control: public, max-age=300
content-type: text/html; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:02 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cdg20725-CDG
x-cache: HIT
x-cache-hits: 1
x-timer: S1623689042.964970,VS0,VE681
vary: Accept-Encoding
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
content-length: 1707

GET
H2 200 /
q.stripe.com/ 43 B
285 B 305ms
181ms Image
image/gif 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.stripe.com/?event=checkout.outer.manhattanStatus&rf=www.fakeflighttickets.com&isEnabled=true&distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9&eventId=9487f1d5-4575-acdc-3a58-462ef93d8de8&option-key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&h=1200&w=1600&lsid=56e6f03a-7d7a-463f-ad53-95456a0e8f2d&cid=ef90b360-93b9-4371-b75d-cd5279c50cfc&i=1623689041823

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:02 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: image/gif
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-length: 43
expires: 0

GET
H2 200 index-c456b1a6ebc647ce3961b938c679c5e5.html Show response
checkout.stripe.com/m/v3/ Frame 6E83 11 KB
2 KB 706ms
706ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4c9e518366a8baa87d6101557cfdf13757657afa333f31fb03fa9869fd725782

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: checkout.stripe.com
:scheme: https
:path: /m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fakeflighttickets.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fakeflighttickets.com/

Response headers

x-amz-id-2: YU/64f7f/2BmBSrFG1NkJchWoNAyzS3SVw2iQgG+QdeTMa7uRW527Grsyw3zo07VtVbn6dggI9g=
x-amz-request-id: 3DGNXQH4BGA5CB8P
last-modified: Fri, 07 May 2021 17:55:04 GMT
etag: "c456b1a6ebc647ce3961b938c679c5e5"
cache-control: public, max-age=300
content-type: text/html; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:02 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cdg20725-CDG
x-cache: MISS
x-cache-hits: 1
x-timer: S1623689042.964936,VS0,VE681
vary: Accept-Encoding
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
content-length: 1707

GET
H2 200 /
q.stripe.com/ 43 B
285 B 300ms
181ms Image
image/gif 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.stripe.com/?event=checkout.outer.manhattanStatus&rf=www.fakeflighttickets.com&isEnabled=true&distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9&eventId=685ce8a4-e610-4907-21ab-ed018eaf9903&option-key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&h=1200&w=1600&lsid=fad61932-3e2c-44e5-83cf-314353a9aa03&cid=f409c0e7-1a24-4539-bf32-c3a50d9f66bf&i=1623689041827

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:02 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: image/gif
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-length: 43
expires: 0

GET
H2 200 m-outer-b8cbec1166aab48d1e5a12e8ab272ac1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 5F8B 1 KB
818 B 27ms
27ms Script
application/javascript 151.101.112.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-b8cbec1166aab48d1e5a12e8ab272ac1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-ff599b5032b79ea1f89ba5416bea26e6.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

691b9a514dcd9541c4d3fa26dc23c391eaf00535415d84f9cda5f910fe721840

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://js.stripe.com/v3/m-outer-ff599b5032b79ea1f89ba5416bea26e6.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: br
vary: Accept-Encoding
age: 21
via: 1.1 varnish
x-cache: HIT
content-length: 637
x-amz-id-2: 7a+5crxn5dEqb9yCv+ULS8dfY4HbOCxCj4TrourABXca37xiWRqQ9tjH1ox41l6lRZiegPzyHV8=
x-served-by: cache-hhn4076-HHN
timing-allow-origin: *
last-modified: Tue, 01 Jun 2021 22:25:35 GMT
server: AmazonS3
etag: "78581b5abad6c4e7b59c0f8ee45a8134"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: J93YCFA0N7H6E5N7
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 84

GET
H2 200 /
www.google.com/pagead/1p-user-list/874844064/ 42 B
108 B 24ms
23ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/874844064/?random=1623689041492&cv=9&fst=1623686400000&num=1&bg=ffffff&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&data=event%3Dpage_view%3Bpage_path%3D%2F&frm=0&url=https%3A%2F%2Fwww.fakeflighttickets.com%2F&tiba=Fake%20Flight%20Tickets%20%E2%80%94%20Generate%20Proof%20of%20Onward%20Travel&async=1&fmt=3&is_vtc=1&random=35455001&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/874844064/ 42 B
108 B 19ms
19ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/874844064/?random=1623689041492&cv=9&fst=1623686400000&num=1&bg=ffffff&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&data=event%3Dpage_view%3Bpage_path%3D%2F&frm=0&url=https%3A%2F%2Fwww.fakeflighttickets.com%2F&tiba=Fake%20Flight%20Tickets%20%E2%80%94%20Generate%20Proof%20of%20Onward%20Travel&async=1&fmt=3&is_vtc=1&random=35455001&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 component---src-pages-referrals-js-b02d5530a8cbecaf8d6e.js Show response
www.fakeflighttickets.com/ 2 KB
2 KB 109ms
108ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/component---src-pages-referrals-js-b02d5530a8cbecaf8d6e.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae8353be8ad6190545f62013a53d77c8a2d57cc6e00ae17fd95e7f7d4394f8a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /component---src-pages-referrals-js-b02d5530a8cbecaf8d6e.js
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 1806ee53-8e3b-4d19-a975-4955039d31d6
date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01b03e0000d709963de000000001
server: cloudflare
x-frame-options: DENY
etag: W/"65b97d12fa602d3763dd8cf2b16ecfaa-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mNhqb8pfKxcvnr5HSGY98MywuqaGwhb%2F5RKN4bQqHa2OStFgXH8Yagbmo1pqmsgYcY9BYm%2BIsohMNt9nXw9fOo16bROHfjpvxseU%2BuU99bBzKLMPuXfthedHSV5ri5M6emGF7W3gN%2BF6xyKv7HSPy1uo2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505605e91d709-FRA

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame 0335 18 B
248 B 28ms
28ms Fetch
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html?frameId=2d908919-f821-47cd-a02e-7d74c7159991&propertyId=8GTZRJ95JBTGU-1&flow=visitor-info&variant=analytics&mrid=8GTZRJ95JBTGU&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=2d908919-f821-47cd-a02e-7d74c7159991&propertyId=8GTZRJ95JBTGU-1&flow=visitor-info&variant=analytics&mrid=8GTZRJ95JBTGU&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: 9bbb41dc7dbd3
x-cache-hits: 21677, 39
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 38
x-served-by: cache-sjc10047-SJC, cache-hhn4022-HHN
last-modified: Sat, 13 Feb 2021 00:26:56 GMT
x-timer: S1623689042.043511,VS0,VE0
etag: "60271cd0-12"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-client-location: FR

GET
H2 200 settings Show response
syndication.twitter.com/ Frame B5B4 256 B
441 B 188ms
133ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=5ed253568439c327df774161804eb6b0f04fdd8c

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.fakeflighttickets.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:01 GMT
content-encoding: gzip
last-modified: Mon, 14 Jun 2021 16:44:02 GMT
server: tsa_f
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 85d0bb7fa79ea19e01cfbea6ec5d7b6a29d01c618dc9528e52fd38bad7af58bf
content-length: 176

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 16DF 932 B
1005 B 17ms
16ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-b8cbec1166aab48d1e5a12e8ab272ac1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

52fb9ace8bb7e59f6fc283763ce819175a60e566d7248f5de82b4d00d6b14c7d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: m.stripe.network
:scheme: https
:path: /inner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.stripe.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js.stripe.com/

Response headers

server: nginx
content-type: text/html; charset=utf-8
last-modified: Thu, 20 May 2021 17:57:41 GMT
etag: W/"60a6a315-3a4"
strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: public, max-age=300
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:02 GMT
age: 11
x-served-by: cache-sea4448-SEA, cache-cdg20725-CDG
x-cache: HIT, HIT
x-cache-hits: 1, 32
x-timer: S1623689042.077269,VS0,VE0
vary: Accept-Encoding
content-length: 537

GET
H2 200 c5781b81bf1ac0b74005.chunk.js Show response
www.paypalobjects.com/muse/analytics/chunk/ Frame 0335 6 KB
3 KB 28ms
28ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/chunk/c5781b81bf1ac0b74005.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d2498f8b2f447eb86f9bbb3c9cf9f649059a44beefde64cba37e895e75510af5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=2d908919-f821-47cd-a02e-7d74c7159991&propertyId=8GTZRJ95JBTGU-1&flow=visitor-info&variant=analytics&mrid=8GTZRJ95JBTGU&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: 3ea7098c4296c
dc: phx-origin-www-3.paypal.com
vary: Accept-Encoding
content-length: 2793
x-served-by: cache-sjc10057-SJC, cache-hhn4022-HHN
last-modified: Tue, 01 Jun 2021 23:03:04 GMT
x-timer: S1623689042.086710,VS0,VE0
etag: W/"60b6bca8-19cd"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 19442, 79

GET
H3-29 200 path---faq-954a1dc41656333d2379.js Show response
www.fakeflighttickets.com/ 221 B
852 B 180ms
179ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/path---faq-954a1dc41656333d2379.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6faf5dbf81e6280dc8b4ab50d89b501e186913a5fa1413d6f291d0a4936b2c74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /path---faq-954a1dc41656333d2379.js
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 82839f41-e465-43f0-af04-e15f44813e06
date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01b0a00000d709a4a27000000001
server: cloudflare
x-frame-options: DENY
etag: W/"a45c3b7897bef11b307de2dd788ddfe4-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TB8sBVzrEAY59ocrBq9gMHTJ9ogJ%2FSkPIAtSHSrlCOEDoYu2%2FxcH2%2FSULX8e7eXxo%2FA0MArNX9CmbbPyHJonitPh32At%2Fl3GmkJQUlm4f2HFGcrCnZTgtjThBhjCElyCxYZMIJfeaNqaqFd6gLkscOxnmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f50560fffcd709-FRA

GET
H2 200 out-4.5.35.js Show response
m.stripe.network/ Frame 16DF 85 KB
18 KB 23ms
22ms Script
application/x-javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.35.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

847a624eddae67f7b34622fa6e6329228d5ce6dbd5ccb13f993969a63f53b6bb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"60a6a315-153a9"
age: 300
x-cache: HIT, HIT
content-length: 18319
x-served-by: cache-sea4455-SEA, cache-cdg20725-CDG
last-modified: Thu, 20 May 2021 17:57:41 GMT
server: nginx
x-timer: S1623689042.103955,VS0,VE0
date: Mon, 14 Jun 2021 16:44:02 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 4

GET
H2 200 ts
t.paypal.com/ 42 B
487 B 185ms
185ms Image
image/gif 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A8GTZRJ95JBTGU-1&page=muse%3Aoffer%3A%3A%3A8GTZRJ95JBTGU-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=efdf3ee9-c470-42d7-817e-220f8a88fd21&es=visitorInfoFlowStarted&mrid=8GTZRJ95JBTGU&code=UNDEFINED&partner_name=UNDEFINED&pt=Fake%20Flight%20Tickets%20%E2%80%94%20Generate%20Proof%20of%20Onward%20Travel&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1623689042105&g=-120&completeurl=https%3A%2F%2Fwww.fakeflighttickets.com%2F
Requested by: Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:02 GMT
via: 1.1 varnish, 1.1 varnish
server: akka-http/10.1.11
x-timer: S1623689042.113613,VS0,VE169
x-cache: MISS, MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slcb.slc
expires: Mon, 14 Jun 2021 16:44:02 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0, 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-lhr7376-LHR, cache-cdg20735-CDG

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame 0335 435 B
2 KB 498ms
498ms Fetch
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/chunk/c5781b81bf1ac0b74005.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2cf2c473fb9e043ac1aa5e25b1c86c062d3916ef34404972148736ccaa9bbb2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-PQY4r4VH2E7IRHqIfAzhohhHAdn+cE3gBc6DMMP4asRymycZ' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-PQY4r4VH2E7IRHqIfAzhohhHAdn+cE3gBc6DMMP4asRymycZ' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
x-cache: MISS, MISS
paypal-debug-id: 78d0b9b30377b
date: Mon, 14 Jun 2021 16:44:02 GMT
dc: phx-origin-www-3.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-lhr6626-LHR, cache-cdg20755-CDG
x-timer: S1623689042.351303,VS0,VE481
x-frame-options: SAMEORIGIN
etag: W/"1b3-tmCFXJhbj0TFTI14E3aDGrgeTtE"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0, 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 235ms
200ms Preflight 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 14414573a4471
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 14 Jun 2021 16:44:02 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-lhr7360-LHR, cache-cdg20756-CDG
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1623689042.151383,VS0,VE184

GET
H/1.1 200
OK button.5573c974dc31bbdab5ea7923a0bd5cf3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668D) /
Resource Hash: e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 14 Jun 2021 16:44:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/668D)
Age: 331146
Etag: "382be2960021b88f6ce982d997cdbd01+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

POST
H2 200 6 Show response
m.stripe.com/ Frame 16DF 156 B
520 B 655ms
191ms XHR
text/plain 52.42.231.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.35.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.42.231.203 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d782230fc9284d310e7a0fadf02a3254a75777bd864f69b0807a9d361ac43072

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

GET
H3-29 200 component---src-pages-faq-js-dc483a2ff5f271746467.js Show response
www.fakeflighttickets.com/ 8 KB
3 KB 33ms
33ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/component---src-pages-faq-js-dc483a2ff5f271746467.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

235bb5f49a169f1c735a88a7250537ce7967ba34ff4bf1dc217eff70cef2717c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /component---src-pages-faq-js-dc483a2ff5f271746467.js
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 42c9ee75-89ad-4163-b451-8efd3490e3ef
date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01b1c50000d709df1c6000000001
server: cloudflare
x-frame-options: DENY
etag: W/"9d2c79fb8a5da69980671ee6e61895c8-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3R6IfHiTb57AvzrcDprbXL8ff8IHvvMNjmfwjZgON5dHh%2BLMUcf1VU1bzwzkzR0XQLQRUQIwURC6qBNAg%2FTojzRU8u595fIzIMX%2FYGqnfYe9i6n3BRLEkplH4d9ZNk60WNNdbovreTJk7sgGc14i1FLceA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f50562dbc7d709-FRA

GET
H/1.1 200
OK tweet_button.06c6ee58c3810956b7509218508c7b56.en.html Show response
platform.twitter.com/widgets/ Frame 5FF5 32 KB
12 KB 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668D) /
Resource Hash: 483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.fakeflighttickets.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fakeflighttickets.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 331148
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 14 Jun 2021 16:44:02 GMT
Etag: "a87932e0f094e1fb4cced05f7d97ab94+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668D)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12228

GET
DATA 200
OK truncated
/ Frame 5FF5 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 path---terms-3d6d658712d4e1ad9fef.js Show response
www.fakeflighttickets.com/ 225 B
850 B 36ms
36ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/path---terms-3d6d658712d4e1ad9fef.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d82470c8f97f2ae1c90f02bd5ba7d0a9eae228ffd838fb096f57610149ae1713

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /path---terms-3d6d658712d4e1ad9fef.js
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 50f14921-7e6c-427a-97af-9b48f34d2a13
date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01b1ec0000d709c68da000000001
server: cloudflare
x-frame-options: DENY
etag: W/"45308f303450905462a1f8ec302360b9-ssl"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=G19BngERi19kLwwiXqvqIseG9w%2BrV%2FxyZHThkwGcA76PNe7h91eil6k%2B%2FkQfI18fo6M54Bi6eObegK4qxJvCq8LIgJIkQWCpDGNNjeAyf8vRaW0ZaD%2FsNYwVrRE1BPFeMGhG0gktTFwXxlB4udtgKS3ANQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505631c32d709-FRA

GET
H3-29 200 component---src-pages-terms-js-dadc88f76b93f74b9312.js Show response
www.fakeflighttickets.com/ 5 KB
2 KB 25ms
24ms Script
application/javascript 2606:4700:3033::6815:3c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fakeflighttickets.com/component---src-pages-terms-js-dadc88f76b93f74b9312.js

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/commons-53bdce3148e7f3d4e267.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::6815:3c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee137e97519ee835e0dfbd0e283f85e4afe98dca462871d8d9ec17e8872a5141

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /component---src-pages-terms-js-dadc88f76b93f74b9312.js
pragma: no-cache
cookie: _ga=GA1.2.1468073727.1623689041; _gid=GA1.2.1537054136.1623689041; _gat_gtag_UA_30171436_17=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.fakeflighttickets.com
referer: https://www.fakeflighttickets.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 6183c7e2-1c80-4423-a8ca-f94584b2da78
date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aad01b2160000d7097a2d1000000001
server: cloudflare
x-frame-options: DENY
etag: W/"49d5673c5ce2a0e264cb28015c068c57-ssl-df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l1n5bAGCS2xhE7jRG1EpjNSCYc5fnuMYF%2F0oWj%2BtHswdLBAnYRj%2FxabGcbQwoHzeTvUW6buE1D62I8L05dgbMXV9aVOSq%2FkemOTqO8Yuw0lIKjke0KSR3l58PwtmgNtfCb3xpp3S1wmOr9Fymo3Z595SiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400, must-revalidate
cf-ray: 65f505635ce4d709-FRA

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
352 B 138ms
137ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.fakeflighttickets.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1623689042478%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 14 Jun 2021 16:44:02 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 85d0bb7fa79ea19e01cfbea6ec5d7b6a29d01c618dc9528e52fd38bad7af58bf
x-transaction: 949c3c28954ee104
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 inner-3824cd4d1dfb09abc0054c83a69b719c.css
checkout.stripe.com/m/lib/ Frame 6E83 86 KB
14 KB 17ms
16ms Stylesheet
text/css 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/m/lib/inner-3824cd4d1dfb09abc0054c83a69b719c.css

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bccf4cb52c63e96da6d189511fa0dc998b7235b1947854b55939c8ff6b3ed2be

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 222
x-cache: HIT
content-length: 14003
x-amz-id-2: nzJpgthzRC5epeZBVwZU6+8qBlQ4GjWekiO0JKBXRFevHl1PvMChpygBgyyJsJCLF/vhpGVQ8BA=
x-served-by: cache-cdg20725-CDG
last-modified: Wed, 06 May 2020 21:34:29 GMT
server: AmazonS3
x-timer: S1623689043.816851,VS0,VE0
etag: "3824cd4d1dfb09abc0054c83a69b719c"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: PN1FY6HKF92K5J37
via: 1.1 varnish
cache-control: public, max-age=300
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
content-type: text/css
x-cache-hits: 4

GET
H2 200 / Show response
js.stripe.com/v2/ Frame 6E83 62 KB
20 KB 31ms
30ms Script
application/javascript 151.101.112.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v2/

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cc1967c55b7815465d4e44e67c18f1bacf8e0a8bf732e390d97c15da6177d0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: br
vary: Accept-Encoding
age: 184
via: 1.1 varnish
x-cache: HIT
content-length: 19860
x-amz-id-2: gfnjRARxuhqGZrvUyNw+aSPJxUM5eNcE0YJ/aDWwhEcAJRPJKsR+ekKoloYz1lc9u0zuNn3KEKc=
x-served-by: cache-hhn4076-HHN
timing-allow-origin: *
last-modified: Wed, 14 Apr 2021 16:51:13 GMT
server: AmazonS3
etag: "63806a255b9cebe70a4a260da446de65"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: 5Y3A4KVYS00NVBSJ
access-control-allow-origin: *
cache-control: public, max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 94

GET
H2 200 inner-d57926a03995cdb8f1d25ecaaa9fd137.js Show response
checkout.stripe.com/m/lib/ Frame 6E83 1 MB
301 KB 26ms
25ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/m/lib/inner-d57926a03995cdb8f1d25ecaaa9fd137.js

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

637d3c1d264e99f083ad9648736d74ed297b1f93f3c0cd1513be2c3aeb98be39

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 246
x-cache: HIT
content-length: 307666
x-amz-id-2: 3RK2Sk6jZoFpc8mVGvJCMi5gCbt2Pa/JElo0jP/tH4frbDvXBNviZHJ6SAoVYkjhaFV2D0uglEY=
x-served-by: cache-cdg20725-CDG
last-modified: Fri, 07 May 2021 17:55:04 GMT
server: AmazonS3
x-timer: S1623689043.817071,VS0,VE0
etag: "0915a17d5325d92015bbdc065469b854"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: T6DSWYNPRY89RM3V
via: 1.1 varnish
cache-control: public, max-age=300
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 3

GET
H2 200 inner-3824cd4d1dfb09abc0054c83a69b719c.css
checkout.stripe.com/m/lib/ Frame F76D 86 KB
14 KB 20ms
19ms Stylesheet
text/css 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/m/lib/inner-3824cd4d1dfb09abc0054c83a69b719c.css

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bccf4cb52c63e96da6d189511fa0dc998b7235b1947854b55939c8ff6b3ed2be

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 222
x-cache: HIT
content-length: 14003
x-amz-id-2: nzJpgthzRC5epeZBVwZU6+8qBlQ4GjWekiO0JKBXRFevHl1PvMChpygBgyyJsJCLF/vhpGVQ8BA=
x-served-by: cache-cdg20725-CDG
last-modified: Wed, 06 May 2020 21:34:29 GMT
server: AmazonS3
x-timer: S1623689043.816905,VS0,VE0
etag: "3824cd4d1dfb09abc0054c83a69b719c"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: PN1FY6HKF92K5J37
via: 1.1 varnish
cache-control: public, max-age=300
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
content-type: text/css
x-cache-hits: 5

GET
H2 200 / Show response
js.stripe.com/v2/ Frame F76D 62 KB
19 KB 31ms
30ms Script
application/javascript 151.101.112.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v2/

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cc1967c55b7815465d4e44e67c18f1bacf8e0a8bf732e390d97c15da6177d0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: br
vary: Accept-Encoding
age: 184
via: 1.1 varnish
x-cache: HIT
content-length: 19860
x-amz-id-2: gfnjRARxuhqGZrvUyNw+aSPJxUM5eNcE0YJ/aDWwhEcAJRPJKsR+ekKoloYz1lc9u0zuNn3KEKc=
x-served-by: cache-hhn4076-HHN
timing-allow-origin: *
last-modified: Wed, 14 Apr 2021 16:51:13 GMT
server: AmazonS3
etag: "63806a255b9cebe70a4a260da446de65"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: 5Y3A4KVYS00NVBSJ
access-control-allow-origin: *
cache-control: public, max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 93

GET
H2 200 inner-d57926a03995cdb8f1d25ecaaa9fd137.js Show response
checkout.stripe.com/m/lib/ Frame F76D 1 MB
301 KB 48ms
48ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/m/lib/inner-d57926a03995cdb8f1d25ecaaa9fd137.js

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

637d3c1d264e99f083ad9648736d74ed297b1f93f3c0cd1513be2c3aeb98be39

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 14 Jun 2021 16:44:02 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 246
x-cache: HIT
content-length: 307666
x-amz-id-2: 3RK2Sk6jZoFpc8mVGvJCMi5gCbt2Pa/JElo0jP/tH4frbDvXBNviZHJ6SAoVYkjhaFV2D0uglEY=
x-served-by: cache-cdg20725-CDG
last-modified: Fri, 07 May 2021 17:55:04 GMT
server: AmazonS3
x-timer: S1623689043.817067,VS0,VE0
etag: "0915a17d5325d92015bbdc065469b854"
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-amz-request-id: T6DSWYNPRY89RM3V
via: 1.1 varnish
cache-control: public, max-age=300
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 4

GET
H2 200 ts
t.paypal.com/ 42 B
159 B 168ms
168ms Image
image/gif 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3A8GTZRJ95JBTGU-1&page=muse%3Aoffer%3A%3A%3A8GTZRJ95JBTGU-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=efdf3ee9-c470-42d7-817e-220f8a88fd21&es=visitorInfo&mrid=8GTZRJ95JBTGU&code=UNDEFINED&partner_name=UNDEFINED&pt=Fake%20Flight%20Tickets%20%E2%80%94%20Generate%20Proof%20of%20Onward%20Travel&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1623689042874&g=-120&completeurl=https%3A%2F%2Fwww.fakeflighttickets.com%2F
Requested by: Host: www.fakeflighttickets.com
URL: https://www.fakeflighttickets.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://www.fakeflighttickets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Jun 2021 16:44:03 GMT
via: 1.1 varnish, 1.1 varnish
server: akka-http/10.1.11
x-timer: S1623689043.883061,VS0,VE152
x-cache: MISS, MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slcb.slc
expires: Mon, 14 Jun 2021 16:44:02 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0, 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-lhr7365-LHR, cache-cdg20735-CDG

GET
H2 200 outer.html Show response
js.stripe.com/v2/m/ Frame 76BC 718 B
518 B 28ms
27ms Document
text/html 151.101.112.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v2/m/outer.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7832e207be33df99c990b38381b506740fe48b3c9df9a8166a18fb43989fd478

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v2/m/outer.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://checkout.stripe.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://checkout.stripe.com/

Response headers

x-amz-id-2: dqGo3V1D+R6TSgk4NHzsnfAZLQEdfpBIUhldEYKkrti8X+2oJUK0sMcDZhrjv1Q/Tc4okyy+3j4=
x-amz-request-id: 6THKQZ43T596WTRS
last-modified: Wed, 06 Sep 2017 17:40:34 GMT
etag: "51b76bd7931c50d2bf6d4c5a93d343f9"
cache-control: public, max-age=300
content-type: text/html; charset=utf-8
server: AmazonS3
content-encoding: br
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:03 GMT
via: 1.1 varnish
age: 202
x-served-by: cache-hhn4076-HHN
x-cache: HIT
x-cache-hits: 23
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-length: 294

GET
H2 200 outer.html Show response
js.stripe.com/v2/m/ Frame 180A 718 B
341 B 28ms
27ms Document
text/html 151.101.112.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v2/m/outer.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7832e207be33df99c990b38381b506740fe48b3c9df9a8166a18fb43989fd478

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v2/m/outer.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://checkout.stripe.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://checkout.stripe.com/

Response headers

x-amz-id-2: dqGo3V1D+R6TSgk4NHzsnfAZLQEdfpBIUhldEYKkrti8X+2oJUK0sMcDZhrjv1Q/Tc4okyy+3j4=
x-amz-request-id: 6THKQZ43T596WTRS
last-modified: Wed, 06 Sep 2017 17:40:34 GMT
etag: "51b76bd7931c50d2bf6d4c5a93d343f9"
cache-control: public, max-age=300
content-type: text/html; charset=utf-8
server: AmazonS3
content-encoding: br
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:03 GMT
via: 1.1 varnish
age: 202
x-served-by: cache-hhn4076-HHN
x-cache: HIT
x-cache-hits: 24
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-length: 294

GET
H2 200 bootstrap Show response
checkout.stripe.com/api/ Frame 6E83 9 KB
4 KB 667ms
666ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/api/bootstrap?key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&locale=en-US

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/lib/inner-d57926a03995cdb8f1d25ecaaa9fd137.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a2b7c00cf9d84b62b1a0576e241ac537c4fed1cee19875883812cf1bf494f4d0

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-cache: MISS
x-envoy-upstream-service-time: 1
x-cache-hits: 0
x-served-by: cache-cdg20725-CDG
pragma: no-cache
server: nginx
x-timer: S1623689043.317454,VS0,VE651
date: Mon, 14 Jun 2021 16:44:03 GMT
vary: Accept-Encoding
content-type: application/json
via: 1.1 varnish
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
expires: 0

GET
H2 200 bootstrap Show response
checkout.stripe.com/api/ Frame F76D 9 KB
3 KB 686ms
685ms Fetch
application/json 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.stripe.com/api/bootstrap?key=pk_live_51A6ETAGv7zk6xVtkuSm6kYOcQbKzFsNYMEC1Ovxu15dGfof9uaz6FaJpzNWh43a12f67qGQHlvtZhDHtkvSAAtEm0026RAn8KB&locale=en-US

Requested by

Host: checkout.stripe.com
URL: https://checkout.stripe.com/m/lib/inner-d57926a03995cdb8f1d25ecaaa9fd137.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0a6d9d04dc3de223d57eff185bbfd9d8c738a29d895a89f980a2c9bd4bd89700

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://checkout.stripe.com/m/v3/index-c456b1a6ebc647ce3961b938c679c5e5.html?distinct_id=adc2c858-c42d-115c-9688-96783cb6c1b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-cache: MISS
x-envoy-upstream-service-time: 1
x-cache-hits: 0
x-served-by: cache-cdg20725-CDG
pragma: no-cache
server: nginx
x-timer: S1623689043.350805,VS0,VE670
date: Mon, 14 Jun 2021 16:44:04 GMT
vary: Accept-Encoding
content-type: application/json
via: 1.1 varnish
cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
content-security-policy: connect-src 'self' https://api.stripe.com wss://verificator.stripe.com wss://verificator-main.stripe.com https://*.stripecdn.com https://errors.stripe.com; default-src 'self'; font-src 'none'; frame-src 'self' stripecheckout: bitcoin: https://*.stripecdn.com https://js.stripe.com; img-src * data: blob:; media-src 'none'; object-src 'self' https://*.stripecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.stripecdn.com https://stripecdn.com https://api.stripe.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.stripecdn.com
accept-ranges: bytes
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 956F 932 B
1021 B 16ms
15ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v2/m/outer.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

52fb9ace8bb7e59f6fc283763ce819175a60e566d7248f5de82b4d00d6b14c7d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: m.stripe.network
:scheme: https
:path: /inner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.stripe.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js.stripe.com/

Response headers

server: nginx
content-type: text/html; charset=utf-8
last-modified: Thu, 20 May 2021 17:57:41 GMT
etag: W/"60a6a315-3a4"
strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: public, max-age=300
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:03 GMT
age: 13
x-served-by: cache-sea4448-SEA, cache-cdg20725-CDG
x-cache: HIT, HIT
x-cache-hits: 1, 33
x-timer: S1623689043.414594,VS0,VE0
vary: Accept-Encoding
content-length: 537

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 2843 932 B
642 B 16ms
16ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v2/m/outer.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

52fb9ace8bb7e59f6fc283763ce819175a60e566d7248f5de82b4d00d6b14c7d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: m.stripe.network
:scheme: https
:path: /inner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.stripe.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js.stripe.com/

Response headers

server: nginx
content-type: text/html; charset=utf-8
last-modified: Thu, 20 May 2021 17:57:41 GMT
etag: W/"60a6a315-3a4"
strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: public, max-age=300
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 14 Jun 2021 16:44:03 GMT
age: 13
x-served-by: cache-sea4448-SEA, cache-cdg20725-CDG
x-cache: HIT, HIT
x-cache-hits: 1, 34
x-timer: S1623689043.422820,VS0,VE0
vary: Accept-Encoding
content-length: 537

GET
H2 200 out-4.5.35.js Show response
m.stripe.network/ Frame 956F 85 KB
18 KB 16ms
16ms Script
application/x-javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.35.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

847a624eddae67f7b34622fa6e6329228d5ce6dbd5ccb13f993969a63f53b6bb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"60a6a315-153a9"
age: 1
x-cache: HIT, HIT
content-length: 18319
x-served-by: cache-sea4455-SEA, cache-cdg20725-CDG
last-modified: Thu, 20 May 2021 17:57:41 GMT
server: nginx
x-timer: S1623689043.445315,VS0,VE0
date: Mon, 14 Jun 2021 16:44:03 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 2

GET
H2 200 out-4.5.35.js Show response
m.stripe.network/ Frame 2843 85 KB
18 KB 16ms
16ms Script
application/x-javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.35.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

847a624eddae67f7b34622fa6e6329228d5ce6dbd5ccb13f993969a63f53b6bb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
etag: W/"60a6a315-153a9"
age: 1
x-cache: HIT, HIT
content-length: 18319
x-served-by: cache-sea4455-SEA, cache-cdg20725-CDG
last-modified: Thu, 20 May 2021 17:57:41 GMT
server: nginx
x-timer: S1623689043.451232,VS0,VE0
date: Mon, 14 Jun 2021 16:44:03 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 3

POST
H2 200 6 Show response
m.stripe.com/ Frame 956F 156 B
516 B 284ms
284ms XHR
text/plain 52.42.231.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.35.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.42.231.203 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11ab25fb907a8a96ee8274c5bbd14ea27023ed9a3763c13bf60f26f6bc83bff6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 14 Jun 2021 16:44:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

POST
H2 200 6 Show response
m.stripe.com/ Frame 2843 156 B
516 B 244ms
244ms XHR
text/plain 52.42.231.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.35.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.42.231.203 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3e602e1ed0b2acf8d381e6868d664ac83f92c7c5dcdd44233180d02c05d8870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 14 Jun 2021 16:44:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

POST
H2 200 6 Show response
m.stripe.com/ Frame 2843 156 B
517 B 887ms
886ms XHR
text/plain 52.42.231.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.35.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.42.231.203 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

03432a174da7808bcf19faabad43501a26d97350abb3d74ccee877ad8ff9e11f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 14 Jun 2021 16:44:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

POST
H2 200 6 Show response
m.stripe.com/ Frame 956F 156 B
516 B 192ms
192ms XHR
text/plain 52.42.231.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.35.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.42.231.203 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11ab25fb907a8a96ee8274c5bbd14ea27023ed9a3763c13bf60f26f6bc83bff6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 14 Jun 2021 16:44:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
strict-transport-security: max-age=31556926; includeSubDomains; preload
access-control-allow-headers: Content-Type

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.www.fakeflighttickets.com/	1970-01-19 19:01:30	Name: __stripe_sid Value: a3a8c876-7586-4d38-ae06-72bd507e423be46e9a
			.www.fakeflighttickets.com/	1970-01-20 03:47:05	Name: __stripe_mid Value: 1351b9d8-66a5-460d-84d6-f4e7a484d0b3178424

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.fakeflighttickets.com
checkout.stripe.com
d33wubrfki0l68.cloudfront.net
fakeflightticket.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
js.stripe.com
m.stripe.com
m.stripe.network
platform.twitter.com
q.stripe.com
stats.g.doubleclick.net
syndication.twitter.com
t.paypal.com
www.fakeflighttickets.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
104.244.42.136
142.250.186.162
143.204.101.223
151.101.112.176
151.101.114.133
151.101.129.35
151.101.192.176
151.101.193.21
2606:2800:234:59:254c:406:2366:268c
2606:4700:3031::ac43:a19a
2606:4700:3033::6815:3c8
2a00:1450:4001:800::2008
2a00:1450:4001:803::2008
2a00:1450:4001:80e::2002
2a00:1450:4001:812::2003
2a00:1450:4001:812::200e
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::2004
2a00:1450:400c:c00::9d
52.42.231.203
54.186.23.98
02666cecaf073d8b9ecd590e20d6072710b3a5bd631c485a6e992523d837293b
03432a174da7808bcf19faabad43501a26d97350abb3d74ccee877ad8ff9e11f
0633444a6632bec5f6a6768c39fc6f043bcd24db75c447caa8a3f7f19c3cbe3b
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
0a6d9d04dc3de223d57eff185bbfd9d8c738a29d895a89f980a2c9bd4bd89700
0f5ffb332c6b64f46bc5f783249eb21b494386f07815442142d7b5e046374d24
11ab25fb907a8a96ee8274c5bbd14ea27023ed9a3763c13bf60f26f6bc83bff6
20568af44ab9b900de7d9f4d286cb26181af272d5ca6d1bb0789ae5483003643
235bb5f49a169f1c735a88a7250537ce7967ba34ff4bf1dc217eff70cef2717c
2536a7b3f7bc5a9f74dda114e914dbee7a8d9ddbcf9ec60c941f962f1f7946cb
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cf2c473fb9e043ac1aa5e25b1c86c062d3916ef34404972148736ccaa9bbb2a
32d1453fe07b5aa57b7c1ec92215ebe9f1af8197fcac825529324940066a3a75
384cfd2dc5884808c78f9cf3dce6432512d676cd49128f9974c8bb0dd15119b8
434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3
483cc9a5ece5c92d5a2f1ea6e92e7f8bc29844a6c06bf36c0349d70334685dc7
4c9e518366a8baa87d6101557cfdf13757657afa333f31fb03fa9869fd725782
5168a9bf7957784feecf77b8febec26d3fbe59d7341d2210351a0122a2fc95bc
52fb9ace8bb7e59f6fc283763ce819175a60e566d7248f5de82b4d00d6b14c7d
544e7b0ddaba3404a327d068cfca2f3000e385102c042323909c636cf6bdca0e
57dd0b954432e4d6950458863a3b255a3898a5784c359578d834f119d6aac60e
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
637d3c1d264e99f083ad9648736d74ed297b1f93f3c0cd1513be2c3aeb98be39
691b9a514dcd9541c4d3fa26dc23c391eaf00535415d84f9cda5f910fe721840
6989ee41bfbf205e5633e08ff6d1d119a40468950793d6fa257fbb8ecb673f67
6a57f708aa8340612cf5123815b67aca32c33e831ff62421695815a9ad0186e6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6faf5dbf81e6280dc8b4ab50d89b501e186913a5fa1413d6f291d0a4936b2c74
71b6939c8d4061cd8b54da2f4bdf65b2858f4840dd3ff549d3a548682dc45413
7832e207be33df99c990b38381b506740fe48b3c9df9a8166a18fb43989fd478
78342a0905a72ce44da083dcb5d23b8ea0c16992ba2a82eece97e033d76ba3d3
7cfc4cec708b3ef2763009b293e7b21286f9e8e3e833486c9346653f3c64b4d1
7d120bba4f5f5f07736f81ad95bc905e49b40a5a132d974c54de241a7f0ae897
7ed6ea6b994f975e4ede747d96d2eb3f63ad55b3d5803615fdb115b487b461d1
847a624eddae67f7b34622fa6e6329228d5ce6dbd5ccb13f993969a63f53b6bb
8cc36d35fabf4e82de3c9085fe32e781d0f396791f3ea000d7f2a24159526f5d
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
905b7bec523c101be04d0699da0f95336daba913fe1cd28eb27aa9375313a437
95063fd1043212fb60483912ac33a0af88e8e20826ea4c07b4cc0e8a69a2040e
9736fd3d5a3b12ceb1a0a2aa51691ea208b9f83813edb756cba1ec4b38f60a3a
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a27a4a6562bd612eae0036fd1e1ba5fcaf47c14e24eb9adfe2959f5ce683a1c9
a2b7c00cf9d84b62b1a0576e241ac537c4fed1cee19875883812cf1bf494f4d0
aa5b87aa8ddf3cf3305f176f0ae0d51d7d8075616da8444155f7c55b3c464294
ab5365562797d4cb63c04ed8fac0399746471d2c6c5d7b26a219cfebc6a15068
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae8353be8ad6190545f62013a53d77c8a2d57cc6e00ae17fd95e7f7d4394f8a2
bb19908006dfc0f0482e5b5d6359f8bc3ffa916b3764699b9c75ec97b83b06fa
bccf4cb52c63e96da6d189511fa0dc998b7235b1947854b55939c8ff6b3ed2be
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
cb6c69478b39c524cf90cc4092a290e60046ce48108e94554e416b79dbd0ccf9
cc1967c55b7815465d4e44e67c18f1bacf8e0a8bf732e390d97c15da6177d0c1
ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db
ce5cf7770e199d1392756f052257e5ff5037b8ecef52894e6a949d8ab3ed0289
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2498f8b2f447eb86f9bbb3c9cf9f649059a44beefde64cba37e895e75510af5
d782230fc9284d310e7a0fadf02a3254a75777bd864f69b0807a9d361ac43072
d7fac6d2a9f260865d3898d5f0478c1c5526ca0c0ce58720e3818f0e67eb47c2
d82470c8f97f2ae1c90f02bd5ba7d0a9eae228ffd838fb096f57610149ae1713
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dff283d141954fba4112ed20c240b60d30dbf57c1cb97cac0c647af526b0de8e
e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88
e3e602e1ed0b2acf8d381e6868d664ac83f92c7c5dcdd44233180d02c05d8870
e5d4284fb349ce897a1cbbb8ef996c7ef8a7d5ce7098ad85baf05723e7bf9168
ea98e218e1aadbbb655fe976d1eeb8ee88a4254b88cd12cbe6d4b003d50d1b66
edec0d25952f9cb56e54c3aa8048c60c2837867384bf741bb2e379696c8d7259
ee137e97519ee835e0dfbd0e283f85e4afe98dca462871d8d9ec17e8872a5141
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6d02e2f649a2291db598c2f68e1ccb820ab5e0946164d67ad35fd8cbccace39

www.fakeflighttickets.com Open in urlscan Pro 2606:4700:3033::6815:3c8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

90 Requests

100 %HTTPS

55 %IPv6

16 Domains

23 Subdomains

22 IPs

3 Countries

1967 kBTransfer

6590 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

90 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fakeflighttickets.com Open in urlscan Pro
2606:4700:3033::6815:3c8 Public Scan

Screenshot
Live screenshot

Full Image

90
Requests

100 %
HTTPS

55 %
IPv6

16
Domains

23
Subdomains

22
IPs

3
Countries

1967 kB
Transfer

6590 kB
Size

2
Cookies

90 HTTP transactions
2 data transactions