Submitted URL: https://rusticrootsimagesaz.com/
Effective URL: https://www.rusticrootsimagesaz.com/
Submission Tags: phishingrod
Submission: On November 28 via api from DE — Scanned from DE

Summary

This website contacted 13 IPs in 2 countries across 5 domains to perform 41 HTTP transactions. The main IP is 18.235.135.157, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.rusticrootsimagesaz.com.
TLS certificate: Issued by R3 on September 20th 2023. Valid for: 3 months.
This is the only time www.rusticrootsimagesaz.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
16 gstatic.com
fonts.gstatic.com
www.gstatic.com
725 KB
11 photobiz.com
image10.photobiz.com — Cisco Umbrella Rank: 450832
image8.photobiz.com — Cisco Umbrella Rank: 439314
image9.photobiz.com — Cisco Umbrella Rank: 450834
image11.photobiz.com — Cisco Umbrella Rank: 466874
image13.photobiz.com — Cisco Umbrella Rank: 487778
image14.photobiz.com — Cisco Umbrella Rank: 487779
image4.photobiz.com — Cisco Umbrella Rank: 452002
image6.photobiz.com — Cisco Umbrella Rank: 483363
6 MB
7 rusticrootsimagesaz.com
rusticrootsimagesaz.com
www.rusticrootsimagesaz.com
157 KB
6 google.com
www.google.com — Cisco Umbrella Rank: 2
96 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 KB
41 5
Domain Requested by
9 www.gstatic.com www.google.com
www.gstatic.com
7 fonts.gstatic.com fonts.googleapis.com
www.google.com
6 www.google.com www.rusticrootsimagesaz.com
www.gstatic.com
www.google.com
6 www.rusticrootsimagesaz.com www.rusticrootsimagesaz.com
3 image4.photobiz.com www.rusticrootsimagesaz.com
2 image8.photobiz.com www.rusticrootsimagesaz.com
2 fonts.googleapis.com www.rusticrootsimagesaz.com
1 image6.photobiz.com www.rusticrootsimagesaz.com
1 image14.photobiz.com www.rusticrootsimagesaz.com
1 image13.photobiz.com www.rusticrootsimagesaz.com
1 image11.photobiz.com www.rusticrootsimagesaz.com
1 image9.photobiz.com www.rusticrootsimagesaz.com
1 image10.photobiz.com www.rusticrootsimagesaz.com
1 rusticrootsimagesaz.com 1 redirects
41 14
Subject Issuer Validity Valid
www.rusticrootsimagesaz.com
R3
2023-09-20 -
2023-12-19
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.photobiz.com
Amazon RSA 2048 M01
2023-07-02 -
2024-07-30
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
www.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.rusticrootsimagesaz.com/
Frame ID: 73E99093A244F248C4D58120593AF249
Requests: 23 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
Frame ID: B612FE765070BCDB7C24C870A7BCB8E9
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
Frame ID: FB9FC2A0CB848AE6D7AE7C2540114050
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Rustic Roots Images

Page URL History Show full URLs

  1. https://rusticrootsimagesaz.com/ HTTP 301
    https://www.rusticrootsimagesaz.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

41
Requests

100 %
HTTPS

92 %
IPv6

5
Domains

14
Subdomains

13
IPs

2
Countries

6953 kB
Transfer

8464 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rusticrootsimagesaz.com/ HTTP 301
    https://www.rusticrootsimagesaz.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.rusticrootsimagesaz.com/
Redirect Chain
  • https://rusticrootsimagesaz.com/
  • https://www.rusticrootsimagesaz.com/
87 KB
15 KB
Document
General
Full URL
https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.235.135.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-135-157.compute-1.amazonaws.com
Software
Apache /
Resource Hash
9aaba254858d6a5522abbb5da869e20ce6d01235ab37a1eece9f5016e034d2d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Tue, 28 Nov 2023 18:34:20 GMT
server
Apache
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Tue, 28 Nov 2023 18:34:19 GMT
location
https://www.rusticrootsimagesaz.com
server
Apache
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-xss-protection
1; mode=block
main-e6f823db.css
www.rusticrootsimagesaz.com/system/apps/sites/dist/css/
267 KB
31 KB
Stylesheet
General
Full URL
https://www.rusticrootsimagesaz.com/system/apps/sites/dist/css/main-e6f823db.css
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.235.135.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-135-157.compute-1.amazonaws.com
Software
Apache /
Resource Hash
bf51d22996771bea8bf1367bba6dec04567cd1c8d96c5dfc69593a5cbc7c41dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 28 Nov 2023 13:53:07 GMT
server
Apache
etag
W/"273249-1701179587703-gzip"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
max-age=31536000
accept-ranges
bytes
content-length
30920
x-xss-protection
1; mode=block
expires
Wed, 27 Nov 2024 18:34:20 GMT
css
fonts.googleapis.com/
1 KB
893 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?display=swap&family=Quicksand
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6a7427bea5c0131cb43aedf9a5d1ed685fcca4e4f6a0cb7376e15db7bb6b5ce2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 28 Nov 2023 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:30:48 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Nov 2023 18:34:20 GMT
css
fonts.googleapis.com/
2 KB
642 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?display=swap&family=Raleway
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
28893081d019169c217045909cee1dd584e455005767fc2cf62b41c267846055
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 28 Nov 2023 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:25:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Nov 2023 18:34:20 GMT
main-acfeaace.js
www.rusticrootsimagesaz.com/system/apps/sites/dist/js/
367 KB
100 KB
Script
General
Full URL
https://www.rusticrootsimagesaz.com/system/apps/sites/dist/js/main-acfeaace.js
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.235.135.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-135-157.compute-1.amazonaws.com
Software
Apache /
Resource Hash
902a3ad2067d23eb27fd0dcc2b2f1ced65582b5a30e2fcd47669649582a82b77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 11 Jul 2022 13:47:30 GMT
server
Apache
etag
W/"375691-1657547250726-gzip"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
x-xss-protection
1; mode=block
expires
Wed, 27 Nov 2024 18:34:20 GMT
7_20200102105609_11053797_large.jpg
image10.photobiz.com/4939/
40 KB
40 KB
Image
General
Full URL
https://image10.photobiz.com/4939/7_20200102105609_11053797_large.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:e800:6:e86d:4680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f5206aebd6f9ebcc0fa59849ea862d6b387856edd05fb1118f8a10ad311e505

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:21 GMT
x-amz-version-id
cAyuNwvigVlGOHpKadVK9JkNn.kpnEPf
via
1.1 3a31afbebc94940fbd5e1e63050bb58a.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jan 2020 16:56:10 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
etag
"57cedf332ceab1e665f529a1d6c02c63"
x-cache
Miss from cloudfront
cache-control
max-age=31536000, immutable
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
40861
x-amz-cf-id
mcognTu7yBI5WCt099qWnODGP2fElclFO3nmiYbs9HQbhgok9_nL9A==
placeholder_1px.png
www.rusticrootsimagesaz.com/global/images/
175 B
432 B
Image
General
Full URL
https://www.rusticrootsimagesaz.com/global/images/placeholder_1px.png
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.235.135.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-135-157.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ed5bb9ea302414a1ad9f250d5cd5b5da08f55fe43b18020db13f74966e4bc0f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:20 GMT
x-content-type-options
nosniff
last-modified
Wed, 12 Jun 2019 16:49:12 GMT
server
Apache
etag
W/"175-1560358152000"
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
175
x-xss-protection
1; mode=block
expires
Wed, 27 Nov 2024 18:34:20 GMT
cffp.js
www.rusticrootsimagesaz.com/cfformprotect/js/
3 KB
2 KB
Script
General
Full URL
https://www.rusticrootsimagesaz.com/cfformprotect/js/cffp.js
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.235.135.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-135-157.compute-1.amazonaws.com
Software
Apache /
Resource Hash
b413c7e0c3364aef8eb5f7c7fdd1d791afb1a4be74ccea2e46a31d6cadcc170f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 05 Mar 2014 14:55:13 GMT
server
Apache
etag
W/"3312-1394031313000-gzip"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1446
x-xss-protection
1; mode=block
expires
Wed, 27 Nov 2024 18:34:20 GMT
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v29/
22 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/raleway/v29/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?display=swap&family=Raleway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.rusticrootsimagesaz.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 21:20:22 GMT
x-content-type-options
nosniff
age
508438
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22420
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:56:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 21 Nov 2024 21:20:22 GMT
sites-icon-font-classic.woff2
www.rusticrootsimagesaz.com/system/apps/sites/src/css/fonts/sites-icon-font-classic/fonts/
9 KB
10 KB
Font
General
Full URL
https://www.rusticrootsimagesaz.com/system/apps/sites/src/css/fonts/sites-icon-font-classic/fonts/sites-icon-font-classic.woff2?15zu11
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.235.135.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-135-157.compute-1.amazonaws.com
Software
Apache /
Resource Hash
b9fd1aff4b167256e9231e4cc7ccfc86367c587da35ea0d756ae437479c60b7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.rusticrootsimagesaz.com/
Origin
https://www.rusticrootsimagesaz.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 05 May 2020 13:39:33 GMT
server
Apache
etag
W/"9664-1588685973000-gzip"
vary
Accept-Encoding,User-Agent
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
content-length
9687
x-xss-protection
1; mode=block
expires
Wed, 27 Nov 2024 18:34:20 GMT
6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2
fonts.gstatic.com/s/quicksand/v31/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/quicksand/v31/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?display=swap&family=Quicksand
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73b8057c918765ed1a41c6ca23e2c0530b51d396e12ce63071297c5a04178504
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.rusticrootsimagesaz.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 19:04:28 GMT
x-content-type-options
nosniff
age
430192
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15788
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:17:53 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Nov 2024 19:04:28 GMT
api.js
www.google.com/recaptcha/
1 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=pbizRecaptchaReady&render=explicit&hl=en
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/system/apps/sites/dist/js/main-acfeaace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7fb1f124ea4fa0c7ce94ccba23266a088d31a6ae46d39a689447fae882ae3b55
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Tue, 28 Nov 2023 18:34:20 GMT
7_20210929124852_11819864_xlarge.jpg
image8.photobiz.com/8585/
402 KB
403 KB
Image
General
Full URL
https://image8.photobiz.com/8585/7_20210929124852_11819864_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:6a00:c:258c:3f80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
060d14495bebf51f32ba8e3020c0fb77a43e035775d76ab1303f7ed3b570926b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
xbE0LA1QuAe0XM5XLKdlpePGeUN53Moi
via
1.1 7949f2957c23173b6f2b16db26ab42f6.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 17:48:53 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
etag
"0457a9a703d24399757cff2ed68b1b5a"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
411989
x-amz-cf-id
7PdBLmlJBGIh3KdM9pt-TcQYLrYgFvYKGQmw5VxT7nmFamXiy2iNYw==
7_20220814191814_12369497_xlarge.jpg
image9.photobiz.com/8584/
313 KB
314 KB
Image
General
Full URL
https://image9.photobiz.com/8584/7_20220814191814_12369497_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:7e00:1:e307:5840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c633f8dec5bd3b97563c5b55731adfff79ff8766757e9c7be26413f296c130ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
wVEzWXK1JoOf3v4NJ_roYbVsMrSc8QBv
via
1.1 57ba1933a852bdb178dbe4a1e2e3a5fa.cloudfront.net (CloudFront)
last-modified
Mon, 15 Aug 2022 00:18:15 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P7
etag
"709ecbb7f619c3a911c0f3b0cb240fee"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
321015
x-amz-cf-id
mDMNATY3Qsl9Mv5SBrwpBZ5qQ9PM0wy6CGpEIEfDJTm_bPkD58qDYA==
7_20210929124402_11819857_xlarge.jpg
image11.photobiz.com/8586/
506 KB
507 KB
Image
General
Full URL
https://image11.photobiz.com/8586/7_20210929124402_11819857_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:5c00:15:ca3d:dcc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
69ebe3ae291b17c28f590d7f98fee4ef2a48943d213bd97da9459293ceeb5fc9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
vQopaX8Ljfb.gOQ8XsThZU9GRhZIdSdE
via
1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 17:44:04 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
"2f4c40f24fd706b6b2ddbd2809ee4a58"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
517937
x-amz-cf-id
b7CnUay-dNIUphT7FB_uorkZBSKUDBvfCIbLFLZymkMHsvG6Y3Ulww==
7_20220814191913_12369499_xlarge.jpg
image13.photobiz.com/10309/
604 KB
605 KB
Image
General
Full URL
https://image13.photobiz.com/10309/7_20220814191913_12369499_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:8c00:6:87ae:7200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
121e9efead19e51aeffd4fa3ca652ab6debc0defd8002fba3aaba418efb105e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
8JsZZQbPSyTAXHuZ7XJ7RwU4dNM8PyCA
via
1.1 7949f2957c23173b6f2b16db26ab42f6.cloudfront.net (CloudFront)
last-modified
Mon, 15 Aug 2022 00:19:14 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
etag
"ac35008f0b24dae6f2a7b65f8294e0fd"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
618169
x-amz-cf-id
VigwH6ZHJhHz0YXpgHv-J6R4kENUhjZIOa6H6squpDmU-tEOkA-qPw==
7_20220814191842_12369498_xlarge.jpg
image8.photobiz.com/8585/
991 KB
992 KB
Image
General
Full URL
https://image8.photobiz.com/8585/7_20220814191842_12369498_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:6a00:c:258c:3f80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c061586af5334fc01bdd75dfafdb95b97705296ef132c87296ac69aa0c907f93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
VGeGSujO..xQycNPHclLL3Kf_qmByeoP
via
1.1 7949f2957c23173b6f2b16db26ab42f6.cloudfront.net (CloudFront)
last-modified
Mon, 15 Aug 2022 00:18:44 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
etag
"6a6c6d0c906a2c3bb4d77e513cb22687"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
1014557
x-amz-cf-id
q4kQ9lEuVAFFBtVs2n17ftEnQ4hvSIVgW5XS6vN8-Mds7XGlQ4jk_g==
7_20210929124449_11819859_xlarge.jpg
image14.photobiz.com/10152/
317 KB
318 KB
Image
General
Full URL
https://image14.photobiz.com/10152/7_20210929124449_11819859_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:0:1d:471b:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31a0eba85c9f32d5515b962f8177f83a6b1e7e25e8abacad18031b34e17e4bef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
9IVWS8axWolMOPhlFHYFMDEVpOCuo2fg
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 17:44:50 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P5
etag
"52da860b3514d61505975ba1635433a7"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
324914
x-amz-cf-id
lBP8ASG-fh5Khm_Poo3CfrtQtSIodRE__3KNoCnxgeYmD4GC-3JrBw==
7_20210929124717_11819862_xlarge.jpg
image4.photobiz.com/8911/
437 KB
438 KB
Image
General
Full URL
https://image4.photobiz.com/8911/7_20210929124717_11819862_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:d800:1c:8223:4200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e0bce98532ae3f3d746224a157ee1c879e8d50fae1d66613b4055a8c634665c7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
tIeVgkeU0zqRqWEAzodOc5aKcYOEkCAl
via
1.1 66e1af4a9e82225c770ca97b3baaf86e.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 17:47:18 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
etag
"4233bff014bf696aecd91600b45d871a"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
447589
x-amz-cf-id
slZDjkbfTR3KmpccyNvum8I8wLjgYVxEa1mANk4eMoKnmlJUwkkAUg==
7_20210929124804_11819863_xlarge.jpg
image6.photobiz.com/8933/
921 KB
923 KB
Image
General
Full URL
https://image6.photobiz.com/8933/7_20210929124804_11819863_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:200:11:796e:ad00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8ac452e105ebaf837ab5f57fece98779d96fb9da65c3f37afc75846e0afd8d5e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
iB55tUF7QOY6mrOeV1v7P4gUfl7bLlFc
via
1.1 918459d66ab0cca4258acacb6d3f6edc.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 17:48:06 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
etag
"3f8ff47d0da0889a54b1b1895c3fd01e"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
943448
x-amz-cf-id
BeHljoSL5IZ1PY-v1GswLGDPQ6Qk3JKnv_7-iqjan_AbJ-1IWn63ow==
7_20200917153058_11278300_xlarge.jpg
image4.photobiz.com/8827/
1 MB
1 MB
Image
General
Full URL
https://image4.photobiz.com/8827/7_20200917153058_11278300_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:d800:1c:8223:4200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d0fcb605087b634f526fe117434b51a779c9e33f28b2c2e9d1fffcf45d4eaac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
JG2.2C1jWMz.Tsb53FcnL.lTBt.mmClD
via
1.1 66e1af4a9e82225c770ca97b3baaf86e.cloudfront.net (CloudFront)
last-modified
Thu, 17 Sep 2020 20:31:00 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
etag
"de15285837064c1447a22d91bebee256"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
1089989
x-amz-cf-id
RlxbpB-CCsGOUx54IMq95CYFD-2vIpWUv8-6cJOdLfIxjF6MZ8i42w==
7_20200917152804_11278292_xlarge.jpg
image4.photobiz.com/8823/
366 KB
366 KB
Image
General
Full URL
https://image4.photobiz.com/8823/7_20200917152804_11278292_xlarge.jpg
Requested by
Host: www.rusticrootsimagesaz.com
URL: https://www.rusticrootsimagesaz.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:d800:1c:8223:4200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2006d159b77b56132dab1727375535574443669065e53e334a287cf907bf130

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.rusticrootsimagesaz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
x-amz-version-id
xR0HmOOyfsDZLjGmuJn4m4i8bXpQp2_y
via
1.1 66e1af4a9e82225c770ca97b3baaf86e.cloudfront.net (CloudFront)
last-modified
Thu, 17 Sep 2020 20:28:06 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
etag
"882c77c73bef91cc01f29bb677989f5e"
x-cache
Miss from cloudfront
content-type
image/jpeg
x-amz-storage-class
INTELLIGENT_TIERING
cache-control
max-age=31536000, immutable
accept-ranges
bytes
content-length
374278
x-amz-cf-id
tTzA1u3Oabw9ReBcsZpQlvPXGe9kIbLVjzM1kpu7kb6tUkUeyMOvcA==
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/
465 KB
187 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=pbizRecaptchaReady&render=explicit&hl=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.rusticrootsimagesaz.com/
Origin
https://www.rusticrootsimagesaz.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 17:15:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4704
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
190682
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Nov 2024 17:15:57 GMT
anchor
www.google.com/recaptcha/api2/ Frame B612
61 KB
35 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f0fd16d201faa71ef318e2513cdacee90d765a1c7e1fe9ba91dc88792fb2a68f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-_RD46HHty-ZhuQc3GPR_9w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.rusticrootsimagesaz.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-_RD46HHty-ZhuQc3GPR_9w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 28 Nov 2023 18:34:22 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame B612
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 08:31:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36164
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Nov 2024 08:31:38 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame B612
465 KB
186 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 17:15:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4705
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
190682
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Nov 2024 17:15:57 GMT
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B612
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 27 Nov 2023 20:04:28 GMT
x-content-type-options
nosniff
age
80994
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Mon, 04 Dec 2023 20:04:28 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B612
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 02:58:03 GMT
x-content-type-options
nosniff
age
315379
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 02:58:03 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B612
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 18:52:48 GMT
x-content-type-options
nosniff
age
344494
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 18:52:48 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame B612
102 B
135 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b62f36160407c81030404ab242125afd42fa0da6626ef11e5f406dda12acf144
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX&co=aHR0cHM6Ly93d3cucnVzdGljcm9vdHNpbWFnZXNhei5jb206NDQz&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=odqo0a5teej
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Tue, 28 Nov 2023 18:34:22 GMT
bframe
www.google.com/recaptcha/api2/ Frame FB9F
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
26e03516157f0f6c6902017bad43fb42ad78b031919815f42f7614cc1e844bcc
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-J5YovAR5WaOuiQnZRMsK5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.rusticrootsimagesaz.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-J5YovAR5WaOuiQnZRMsK5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 28 Nov 2023 18:34:22 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame FB9F
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 08:31:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36164
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Nov 2024 08:31:38 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame FB9F
465 KB
186 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 17:15:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4705
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
190682
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Nov 2024 17:15:57 GMT
reload
www.google.com/recaptcha/api2/ Frame FB9F
41 KB
25 KB
XHR
General
Full URL
https://www.google.com/recaptcha/api2/reload?k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a5637d671b718eac53f21ab407d678f6c0e355fc96d5718e150b7566898c54da
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/api2/bframe?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-protobuffer

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
private, max-age=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Tue, 28 Nov 2023 18:34:22 GMT
refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame FB9F
600 B
624 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 02:27:50 GMT
x-content-type-options
nosniff
age
317192
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Sat, 02 Dec 2023 02:27:50 GMT
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame FB9F
530 B
554 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/audio_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 06:58:17 GMT
x-content-type-options
nosniff
age
300965
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
530
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Sat, 02 Dec 2023 06:58:17 GMT
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame FB9F
665 B
689 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/info_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 10:00:32 GMT
x-content-type-options
nosniff
age
290030
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
665
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Sat, 02 Dec 2023 10:00:32 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FB9F
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 02:58:03 GMT
x-content-type-options
nosniff
age
315379
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 02:58:03 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FB9F
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 00:11:32 GMT
x-content-type-options
nosniff
age
325370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15340
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 00:11:32 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FB9F
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 18:52:48 GMT
x-content-type-options
nosniff
age
344494
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 18:52:48 GMT
payload
www.google.com/recaptcha/api2/ Frame FB9F
34 KB
34 KB
Image
General
Full URL
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA6M48dFIDaAtpb_KBMy7P36LDEx6mmfZqSHdIVVnatBs5sNm9Ir-qz7yB6WgRCvMrruZTs07_yshEBZ7JDIJgf2Gj1HptlkZWv3lzcrsgDisWnk-NOf07FPrxpyC-i_bu5vVmjQoK_11684_6MpJBba-brxilQU0Mo3_g9db40ilbT85JU8EZnLN9ie7-RHGwyXOZIiGrYqCxdRNarIa6-PD5iO8puQl0wayH70IyNTeitGkKk&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1414a176dd7269dbac972416937248a52615c432974fe7a891b4e57da0b0c4e5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/bframe?hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LfGbOEaAAAAAL4R-pY61DQO_4imuGQQRsWALaTX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:34:22 GMT
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=30
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Tue, 28 Nov 2023 18:34:22 GMT

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| documentPictureInPicture object| pbizServer function| $ function| jQuery object| Modernizr function| Hammer object| Validator object| ParsleyConfig object| ParsleyExtend object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI object| pbizSites function| getInputElementsByClassName number| myInterval number| xPos number| yPos number| firstX number| firstY number| intervals function| getMousePos function| timedMousePos function| calcDistance number| keysPressed function| logKeys function| dummy function| pbizRecaptchaReady object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_52560

5 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09AGYuNuSu7GXSCfM1KdI8po8brH88R9zEixqo4PBcdS4aMSxW-trjKOODfc1hVTm5SZq9U_GHRlcYIGJ9DIe5HC8
www.rusticrootsimagesaz.com/ Name: SESSIONSTORAGE
Value: sessionStorageA1
www.rusticrootsimagesaz.com/ Name: SESSIONSTORAGEEXPIRATION
Value: %7Bts%20%272023-11-29%2012%3A34%3A20%27%7D
www.rusticrootsimagesaz.com/ Name: cfid
Value: 720ab2d4-db21-4ce0-bb8d-ee050d8a9467
www.rusticrootsimagesaz.com/ Name: cftoken
Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
image10.photobiz.com
image11.photobiz.com
image13.photobiz.com
image14.photobiz.com
image4.photobiz.com
image6.photobiz.com
image8.photobiz.com
image9.photobiz.com
rusticrootsimagesaz.com
www.google.com
www.gstatic.com
www.rusticrootsimagesaz.com
18.235.135.157
2600:9000:223f:0:1d:471b:a6c0:93a1
2600:9000:225e:5c00:15:ca3d:dcc0:93a1
2600:9000:2491:7e00:1:e307:5840:93a1
2600:9000:26da:6a00:c:258c:3f80:93a1
2600:9000:26da:8c00:6:87ae:7200:93a1
2600:9000:26da:e800:6:e86d:4680:93a1
2600:9000:26db:200:11:796e:ad00:93a1
2600:9000:26db:d800:1c:8223:4200:93a1
2a00:1450:4001:811::200a
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:831::2003
060d14495bebf51f32ba8e3020c0fb77a43e035775d76ab1303f7ed3b570926b
121e9efead19e51aeffd4fa3ca652ab6debc0defd8002fba3aaba418efb105e4
1414a176dd7269dbac972416937248a52615c432974fe7a891b4e57da0b0c4e5
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
26e03516157f0f6c6902017bad43fb42ad78b031919815f42f7614cc1e844bcc
28893081d019169c217045909cee1dd584e455005767fc2cf62b41c267846055
31a0eba85c9f32d5515b962f8177f83a6b1e7e25e8abacad18031b34e17e4bef
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
69ebe3ae291b17c28f590d7f98fee4ef2a48943d213bd97da9459293ceeb5fc9
6a7427bea5c0131cb43aedf9a5d1ed685fcca4e4f6a0cb7376e15db7bb6b5ce2
6d0fcb605087b634f526fe117434b51a779c9e33f28b2c2e9d1fffcf45d4eaac
6f5206aebd6f9ebcc0fa59849ea862d6b387856edd05fb1118f8a10ad311e505
73b8057c918765ed1a41c6ca23e2c0530b51d396e12ce63071297c5a04178504
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7fb1f124ea4fa0c7ce94ccba23266a088d31a6ae46d39a689447fae882ae3b55
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8ac452e105ebaf837ab5f57fece98779d96fb9da65c3f37afc75846e0afd8d5e
902a3ad2067d23eb27fd0dcc2b2f1ced65582b5a30e2fcd47669649582a82b77
9aaba254858d6a5522abbb5da869e20ce6d01235ab37a1eece9f5016e034d2d8
a5637d671b718eac53f21ab407d678f6c0e355fc96d5718e150b7566898c54da
b413c7e0c3364aef8eb5f7c7fdd1d791afb1a4be74ccea2e46a31d6cadcc170f
b62f36160407c81030404ab242125afd42fa0da6626ef11e5f406dda12acf144
b9fd1aff4b167256e9231e4cc7ccfc86367c587da35ea0d756ae437479c60b7b
bf51d22996771bea8bf1367bba6dec04567cd1c8d96c5dfc69593a5cbc7c41dd
c061586af5334fc01bdd75dfafdb95b97705296ef132c87296ac69aa0c907f93
c2006d159b77b56132dab1727375535574443669065e53e334a287cf907bf130
c633f8dec5bd3b97563c5b55731adfff79ff8766757e9c7be26413f296c130ee
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
e0bce98532ae3f3d746224a157ee1c879e8d50fae1d66613b4055a8c634665c7
ed5bb9ea302414a1ad9f250d5cd5b5da08f55fe43b18020db13f74966e4bc0f5
f0fd16d201faa71ef318e2513cdacee90d765a1c7e1fe9ba91dc88792fb2a68f