secure-nwfcu.0436316234378.online Open in urlscan Pro
2a02:4780:b:1094:0:3b0f:90dc:2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure-nwfcu.0436316234378.online/
Submission: On May 15 via automatic, source certstream-suspicious (May 15th 2023, 8:39:33 pm UTC) — Scanned from DE

Summary HTTP 140 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 24 domains to perform 140 HTTP transactions. The main IP is 2a02:4780:b:1094:0:3b0f:90dc:2, located in Phoenix, United States and belongs to AS-HOSTINGER, CY. The main domain is secure-nwfcu.0436316234378.online.
TLS certificate: Issued by R3 on May 15th 2023. Valid for: 3 months.

This is the only time secure-nwfcu.0436316234378.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	2a02:4780:b:1... 2a02:4780:b:1094:0:3b0f:90dc:2	47583 (AS-HOSTINGER) (AS-HOSTINGER)
3	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:5200:6:107a:b040:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2600:9000:21f... 2600:9000:21f3:2200:1a:3af:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	148.62.54.20 148.62.54.20	33070 (RMH-14) (RMH-14)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	107.21.59.206 107.21.59.206	14618 (AMAZON-AES) (AMAZON-AES)
4	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
6	2600:1901:0:2... 2600:1901:0:2954::	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
6	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:c... 2600:1901:0:cb53::	15169 (GOOGLE) (GOOGLE)
1 1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2016	15169 (GOOGLE) (GOOGLE)
2	52.10.187.193 52.10.187.193	16509 (AMAZON-02) (AMAZON-02)
8	35.160.57.224 35.160.57.224	16509 (AMAZON-02) (AMAZON-02)
2	2600:1901:0:7... 2600:1901:0:7abc::	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:2... 2600:1901:0:24e1::	15169 (GOOGLE) (GOOGLE)
2	52.50.49.218 52.50.49.218	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
9	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
2	52.24.147.221 52.24.147.221	16509 (AMAZON-02) (AMAZON-02)
1	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
1	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:236... 2600:9000:236e:5800:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:600:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:211... 2600:9000:211e:6a00:1f:7c97:a480:93a1	16509 (AMAZON-02) (AMAZON-02)
140	40

32 2a02:4780:b:1094:0:3b0f:90dc:2 (Phoenix, United States)

ASN47583 (AS-HOSTINGER, CY)

secure-nwfcu.0436316234378.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:5200:6:107a:b040:93a1 (United States)

ASN16509 (AMAZON-02, US)

embed.scheduleengine.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:21f3:2200:1a:3af:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

connect.podium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 148.62.54.20 (United States)

ASN33070 (RMH-14, US)

mgstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.21.59.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-59-206.compute-1.amazonaws.com

api.scheduleengine.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1901:0:2954:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

w3.mp.lura.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:cb53:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

access.mp.lura.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.10.187.193 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-187-193.us-west-2.compute.amazonaws.com

lab.analyticspodium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.160.57.224 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-160-57-224.us-west-2.compute.amazonaws.com

mind-flayer.podium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:7abc:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

tkx.mp.lura.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:24e1:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

dcs-vod.mp.lura.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.49.218 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-49-218.eu-west-1.compute.amazonaws.com

secure-us.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-dcr.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

h104216-pcdn.mp.lura.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.24.147.221 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-24-147-221.us-west-2.compute.amazonaws.com

api2.analyticspodium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

segment.psg.nexstardigital.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:236e:5800:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:600:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

osoicvhjhvdccksnain6f47md9jbr1684183163.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:6a00:1f:7c97:a480:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.podium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	0436316234378.online secure-nwfcu.0436316234378.online	1 MB
19	lura.live w3.mp.lura.live — Cisco Umbrella Rank: 12716 access.mp.lura.live — Cisco Umbrella Rank: 15193 tkx.mp.lura.live — Cisco Umbrella Rank: 13826 dcs-vod.mp.lura.live — Cisco Umbrella Rank: 14339 h104216-pcdn.mp.lura.live — Cisco Umbrella Rank: 159227	2 MB
16	podium.com connect.podium.com — Cisco Umbrella Rank: 27415 mind-flayer.podium.com — Cisco Umbrella Rank: 25537 assets.podium.com — Cisco Umbrella Rank: 45588	587 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	454 KB
8	youtube.com www.youtube.com — Cisco Umbrella Rank: 85	920 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 50 jnn-pa.googleapis.com — Cisco Umbrella Rank: 233 imasdk.googleapis.com — Cisco Umbrella Rank: 468	380 KB
6	imrworldwide.com secure-us.imrworldwide.com — Cisco Umbrella Rank: 2252 cdn-gl.imrworldwide.com — Cisco Umbrella Rank: 2966 secure-dcr.imrworldwide.com — Cisco Umbrella Rank: 2688 osoicvhjhvdccksnain6f47md9jbr1684183163.nuid.imrworldwide.com	69 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2	43 KB
5	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 stats.g.doubleclick.net — Cisco Umbrella Rank: 91 static.doubleclick.net — Cisco Umbrella Rank: 272	3 KB
4	analyticspodium.com lab.analyticspodium.com — Cisco Umbrella Rank: 25691 api2.analyticspodium.com — Cisco Umbrella Rank: 31209	4 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39 region1.google-analytics.com — Cisco Umbrella Rank: 2495	41 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 161	223 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5171	673 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	198 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	247 B
2	mgstatic.net mgstatic.net	6 KB
2	scheduleengine.net embed.scheduleengine.net — Cisco Umbrella Rank: 154693 api.scheduleengine.net — Cisco Umbrella Rank: 102176	5 KB
1	segment.com cdn.segment.com — Cisco Umbrella Rank: 1613	64 KB
1	nexstardigital.net segment.psg.nexstardigital.net — Cisco Umbrella Rank: 15924	35 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 311	17 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 104	27 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 224	3 KB
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 179	426 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 379	9 KB
140	24

	Domain	Requested by
32	secure-nwfcu.0436316234378.online	secure-nwfcu.0436316234378.online
9	h104216-pcdn.mp.lura.live	secure-nwfcu.0436316234378.online
8	mind-flayer.podium.com	connect.podium.com
8	www.youtube.com	secure-nwfcu.0436316234378.online www.youtube.com
7	connect.podium.com	secure-nwfcu.0436316234378.online connect.podium.com
6	www.google.com	secure-nwfcu.0436316234378.online www.youtube.com connect.podium.com www.gstatic.com www.google.com
6	www.gstatic.com	www.googletagmanager.com www.gstatic.com www.google.com
6	w3.mp.lura.live	secure-nwfcu.0436316234378.online w3.mp.lura.live
5	fonts.gstatic.com	fonts.googleapis.com www.youtube.com www.google.com
4	jnn-pa.googleapis.com	www.youtube.com
4	connect.facebook.net	secure-nwfcu.0436316234378.online connect.facebook.net
3	cdn-gl.imrworldwide.com	secure-us.imrworldwide.com cdn-gl.imrworldwide.com
3	www.google.de	secure-nwfcu.0436316234378.online
3	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com www.youtube.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com w3.mp.lura.live
3	www.googletagmanager.com	secure-nwfcu.0436316234378.online www.googletagmanager.com
2	api2.analyticspodium.com	connect.podium.com
2	imasdk.googleapis.com	w3.mp.lura.live imasdk.googleapis.com
2	tkx.mp.lura.live	w3.mp.lura.live
2	lab.analyticspodium.com	connect.podium.com
2	www.facebook.com	secure-nwfcu.0436316234378.online
2	fonts.googleapis.com	secure-nwfcu.0436316234378.online
2	mgstatic.net	secure-nwfcu.0436316234378.online
1	assets.podium.com	secure-nwfcu.0436316234378.online
1	osoicvhjhvdccksnain6f47md9jbr1684183163.nuid.imrworldwide.com	secure-nwfcu.0436316234378.online
1	secure-dcr.imrworldwide.com	secure-nwfcu.0436316234378.online
1	cdn.segment.com	segment.psg.nexstardigital.net
1	segment.psg.nexstardigital.net	w3.mp.lura.live
1	s0.2mdn.net	imasdk.googleapis.com
1	secure-us.imrworldwide.com	w3.mp.lura.live
1	dcs-vod.mp.lura.live	w3.mp.lura.live
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	www.googleadservices.com	1 redirects
1	access.mp.lura.live	w3.mp.lura.live
1	stats.g.doubleclick.net	www.google-analytics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	api.scheduleengine.net	embed.scheduleengine.net
1	cdn.jsdelivr.net	secure-nwfcu.0436316234378.online
1	embed.scheduleengine.net	secure-nwfcu.0436316234378.online
140	41

This site contains links to these domains. Also see Links.

Domain
www.google.com
www.trane.com
www.yelp.com
www.expertise.com
threebestrated.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
secure-nwfcu.0436316234378.online R3	`2023-05-15` - `2023-08-13`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.scheduleengine.net Amazon RSA 2048 M02	`2023-03-01` - `2024-01-11`	10 months	crt.sh
*.podium.com Amazon RSA 2048 M02	`2023-03-01` - `2023-07-22`	5 months	crt.sh
mgstatic.net R3	`2023-04-01` - `2023-06-30`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-22` - `2023-05-23`	3 months	crt.sh
*.mp.lura.live Sectigo RSA Domain Validation Secure Server CA	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.analyticspodium.com Amazon RSA 2048 M01	`2023-01-26` - `2024-02-24`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-03` - `2024-02-03`	a year	crt.sh
*.psg.nexstardigital.net R3	`2023-04-19` - `2023-07-18`	3 months	crt.sh
*.segment.com Amazon RSA 2048 M01	`2023-02-24` - `2024-01-12`	a year	crt.sh
*.nuid.imrworldwide.com Amazon RSA 2048 M01	`2023-04-12` - `2024-05-10`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://secure-nwfcu.0436316234378.online/
Frame ID: E193DFFEC5253FD7DA151CB56BA62D00
Requests: 71 HTTP requests in this frame

Frame: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
Frame ID: C1A2DF2740B57AA1DBAF7B95D678B917
Requests: 29 HTTP requests in this frame

Frame: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
Frame ID: 61CC2482A1756D43B824CDB031B9FC2C
Requests: 18 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: E35DB92AAE06EF34773FA11F4D0CF2A3
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQHmAhAAAAAMwGWLTBEA_sxYSUMRiijIIqBlP6&co=aHR0cHM6Ly9zZWN1cmUtbndmY3UuMDQzNjMxNjIzNDM3OC5vbmxpbmU6NDQz&hl=de&v=wqcyhEwminqmAoT8QO_BkXCr&size=invisible&cb=eknevjhypv1z
Frame ID: BECDFA22C13B7DB3DB4296D6E8946A06
Requests: 7 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.573.0_en.html
Frame ID: 18529BAEE5C406C39AA982872FCEA989
Requests: 1 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 4F8612AC17C98C14EE273FC4AEC883D6
Requests: 3 HTTP requests in this frame

Frame: https://connect.podium.com/styles.css
Frame ID: C656E45D6F0EE34229D42CD1E50EDC63
Requests: 3 HTTP requests in this frame

Frame: https://connect.podium.com/styles.css
Frame ID: 985C674E651CC44178A063E04FE2FF06
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Air Conditioning Repair Service | HVAC Contractor | Sacramento, CA

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

140
Requests

99 %
HTTPS

75 %
IPv6

24
Domains

41
Subdomains

40
IPs

4
Countries

5962 kB
Transfer

14362 kB
Size

12
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.google.com/maps/contrib/111684728535677125891/reviews
Title: G Earl

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/contrib/109037947383820008627/reviews
Title: melissa reichard

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/contrib/114334122305436437991/reviews
Title: Sean Kinlock

Search URL Search Domain Scan URL

URL: https://www.trane.com/residential/en/dealers/jaguar-heating-and-air-sacramento-ca/?utm_misc=988680&utm_source=dealertransfer

Search URL Search Domain Scan URL

URL: https://www.google.com/search?q=jauar+heating+and+air+reviews&oq=jauar+heating+and+air+reviews&aqs=chrome..69i57j0.5481j0j7&sourceid=chrome&ie=UTF-8#lrd=0x809ad65faadc23f9:0xffc4456ea9266639,1,,,

Search URL Search Domain Scan URL

URL: https://www.yelp.com/biz/jaguar-heating-and-air-sacramento

Search URL Search Domain Scan URL

URL: https://www.expertise.com/ca/sacramento/hvac

Search URL Search Domain Scan URL

URL: https://threebestrated.com/hvac-services-in-sacramento-ca

Search URL Search Domain Scan URL

URL: https://www.facebook.com/JaguarHeatingandAir/
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC8ChdQ1dYvOt0eR0Eh6NZPQ
Title: youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://www.googleadservices.com/pagead/conversion/804431367/wcm?cc=ZZ&dn=9162564447&cl=AU3jCK3DzIIBEIfMyv8C&ct_eid=2 HTTP 302
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=9162564447&cl=AU3jCK3DzIIBEIfMyv8C

Request Chain 73

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

140 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
secure-nwfcu.0436316234378.online/ 68 KB
17 KB 602ms
166ms Document
text/html 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

624d804a6a829543720ef03077e94a8ef192a873afdfabae9c8542c1f63ae5ca

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 17067
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Mon, 15 May 2023 20:39:19 GMT
etag: "10f11-64629816-b918db10a555d295;br"
last-modified: Mon, 15 May 2023 20:37:42 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding

GET
H2 200 autoptimize_single_757cca90cfced5d5a45afa1550354bae.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 42 KB
4 KB 167ms
165ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_757cca90cfced5d5a45afa1550354bae.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

bde45659d6d7f19d4b596713699b9579306a45ad7255653f88a837fadd7c7b7f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "a91e-64629816-41983acaa49ff191;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3774
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 autoptimize_single_be0759d1a3f749c2496daa7f8b0304d4.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 145 KB
14 KB 183ms
182ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_be0759d1a3f749c2496daa7f8b0304d4.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

18a23260b5955f50eb02509c542fc32452e43d429801d09b1854d9ea937397f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "24570-64629816-9e5d1bd918e94e30;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 13830
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 font-awesome.min.css
secure-nwfcu.0436316234378.online/wp-content/plugins/everest-google-places-reviews/assets/backend/css/font-awesome/ 30 KB
7 KB 185ms
183ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/plugins/everest-google-places-reviews/assets/backend/css/font-awesome/font-awesome.min.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

1eeda2cbccde77dba773c200d1ed8ef9d4fdf62f33657f7f23737711f8bc0dc1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "7903-64629816-d04fe740faca1dad;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 6616
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 autoptimize_single_6068454b51270d13f3a819d6a1b50c1e.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 3 KB
832 B 185ms
184ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_6068454b51270d13f3a819d6a1b50c1e.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

20964a605d0b8d6081a35c90083afc33f562778d1f9c7d8ff470e4bb5ad06d6a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "d1e-64629816-86ad39ba914f99bb;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 769
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 autoptimize_single_90f3c6e723e1d2b93b5471e7ffff32bb.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 55 KB
4 KB 187ms
185ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_90f3c6e723e1d2b93b5471e7ffff32bb.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

64e946bfa9f77cd5d043de00fb8163ae1b8da603b29e179162db73f8da7fcfba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "dc2b-64629816-6f5e061511121d7f;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3666
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 autoptimize_single_02d64d437e3cb06e3aa45b6009bc0a4a.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 3 KB
996 B 189ms
188ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_02d64d437e3cb06e3aa45b6009bc0a4a.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

5518c433a8d4a0fd38fd62f99bddcbfa6c66f2a680bf919668793cde3d44fa84

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "d32-64629816-9aaac0b651b8c8fb;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 933
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 mg-public.css
secure-nwfcu.0436316234378.online/wp-content/plugins/mg/public/css/ 98 B
158 B 191ms
189ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/plugins/mg/public/css/mg-public.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "62-64629816-39e696e685b739d3;;;"
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 98
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 autoptimize_single_11ef7ca744675858bb94aa8eb86a2067.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 3 KB
818 B 192ms
191ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_11ef7ca744675858bb94aa8eb86a2067.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

50cbc4fe4d4865dbc4ae75cf4deb2059ea1e137e10440fc571a7f6660a127ea4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "a30-64629816-cb3ff6bab7bae6ba;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 755
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 345 KB
48 KB 194ms
192ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

85daf30b2866d34d80bab8e48611b28c70627c3f413be83fbe303b0c3eb50aa7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "5656d-64629816-fb6374bcce64e2ca;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 49557
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 formreset.min.css
secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/ 4 KB
400 B 195ms
193ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/formreset.min.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

d70d9853ff87464d69a8174e3a76633bf29e45aaafcbccb214c10722b2b9714c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "f14-64629816-2686fc557ab6a009;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 337
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 formsmain.min.css
secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/ 79 KB
11 KB 351ms
350ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

3a1072fc5e60a404c249f32eef7ebbeec0722a2fc6ecce393926a39ba8075293

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "13aba-64629816-859d180a901d7eab;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 11318
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 readyclass.min.css
secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/ 30 KB
3 KB 352ms
351ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/readyclass.min.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

7536f0df059eb4232aeb10fa05bd89b6da621240062499542da570d39fb833ba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "781d-64629816-17be908e77986349;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3149
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 browsers.min.css
secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/ 8 KB
1 KB 353ms
352ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/plugins/gravityforms/legacy/css/browsers.min.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

81556f38ccd763884270a287d8602759ecca85ec4f93548631550b4514393d46

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "20d7-64629816-895bea97c9993061;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 1043
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 jquery.min.js Show response
secure-nwfcu.0436316234378.online/wp-includes/js/jquery/ 87 KB
29 KB 354ms
353ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-includes/js/jquery/jquery.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "15db1-64629816-2e7467b9eaec2356;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 30027
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 170 KB
62 KB 87ms
37ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119866447-1

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

32c1a77261f24564e5cc997fea9be3d66e2952cdf087a6b64449003624e27b7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 63291
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 15 May 2023 20:39:20 GMT

GET
H2 200 schedule-engine-v3.js Show response
embed.scheduleengine.net/ 13 KB
5 KB 89ms
23ms Script
text/javascript 2600:9000:2156:5200:6:107a:b040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.scheduleengine.net/schedule-engine-v3.js
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5200:6:107a:b040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab173fbdeb26280b42db9bf82f9bc3f073649f1265a8ab837d87ae974e63b1be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: ntnOceTBHccnZ7TI3xu6kwTPAW81aaTX
content-encoding: gzip
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
date: Mon, 15 May 2023 20:36:21 GMT
last-modified: Thu, 30 Mar 2023 15:30:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 181
x-amz-server-side-encryption: AES256
etag: W/"0cc300f7904645657e81dc03ef743e0a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=300
x-amz-cf-id: qKXk5Etw3L3ne0RH8h_oQbRzv6XNjLs6SiZLtDeAcGFSmA7T0oG66g==

GET
H3 200 jaguar-heat-air-logo.png
secure-nwfcu.0436316234378.online/wp-content/uploads/2022/02/ 8 KB
8 KB 200ms
198ms Image
image/png 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/uploads/2022/02/jaguar-heat-air-logo.png

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

0bcf8593bd967e3cbf34b57858901fb6c9d8e7d5254b5b24798f14260c9127e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "1ef3-64629816-a394f91899f1e141;;;"
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 7923
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 widget.js Show response
connect.podium.com/ 655 KB
192 KB 106ms
23ms Script
application/javascript 2600:9000:21f3:2200:1a:3af:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect.podium.com/widget.js
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2200:1a:3af:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d9d9d8bfa0d5c8366e7955cd7cca1587e3fad8acdec8e25abb7f2032c5b190b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:07:12 GMT
content-encoding: gzip
via: 1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
last-modified: Tue, 09 May 2023 16:06:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 1929
etag: "6e93037025be0ab03c987767fa2b8d9b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 195581
x-amz-cf-id: uD-The9wHmiOs87gL7ohZtGQeBOBilZDYuMK_6j1w7WPma-npDQREA==

GET
H3 200 autoptimize_single_6bb5545318038a2cfb38a19581c581f9.css
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/ 28 KB
2 KB 159ms
159ms Stylesheet
text/css 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_6bb5545318038a2cfb38a19581c581f9.css

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8695f5fc64d65593f9763a5b28d14bc34e3cf802317e1ffad2125a7c8fedfafe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "705d-64629816-95d352aabc981f59;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1745
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 ada.js Show response
mgstatic.net/wp/js/ 7 KB
2 KB 142ms
142ms Script
application/javascript 148.62.54.20
RMH-14

General

Check archive.org

Show headers Download Go to

Full URL: https://mgstatic.net/wp/js/ada.js
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 148.62.54.20 , United States, ASN33070 (RMH-14, US),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: 50885f3b48f3051eb54aedc5ceacbff40db351b90550ee83ea6d21eef5f80f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: gzip
last-modified: Thu, 02 Mar 2023 20:28:55 GMT
server: nginx/1.20.2
etag: W/"64010707-1b8c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
expires: Wed, 14 Jun 2023 20:39:20 GMT

GET
H3 200 regenerator-runtime.min.js Show response
secure-nwfcu.0436316234378.online/wp-includes/js/dist/vendor/ 6 KB
2 KB 159ms
158ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-includes/js/dist/vendor/regenerator-runtime.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "194b-64629816-109ebdfee558eb47;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 2349
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 wp-polyfill.min.js Show response
secure-nwfcu.0436316234378.online/wp-includes/js/dist/vendor/ 19 KB
7 KB 160ms
159ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "4ac6-64629816-a6ff9b9c71b9b34a;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 6828
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 dom-ready.min.js Show response
secure-nwfcu.0436316234378.online/wp-includes/js/dist/ 498 B
332 B 169ms
165ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-includes/js/dist/dom-ready.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "1f2-64629816-faf446d94a8a2b4b;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 281
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 hooks.min.js Show response
secure-nwfcu.0436316234378.online/wp-includes/js/dist/ 5 KB
2 KB 169ms
166ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-includes/js/dist/hooks.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "132e-64629816-232d90ab58f26a6;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 1574
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 i18n.min.js Show response
secure-nwfcu.0436316234378.online/wp-includes/js/dist/ 10 KB
4 KB 171ms
168ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-includes/js/dist/i18n.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

1dc4b29dd0acbed77ec2fd81036c33efd4ab5989e8182705a30615a00a0117f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "27ee-64629816-5d0a24ae726321bf;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3711
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 a11y.min.js Show response
secure-nwfcu.0436316234378.online/wp-includes/js/dist/ 2 KB
912 B 197ms
194ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-includes/js/dist/a11y.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

5df2942db2352e49e00bcf3393b875a71d0acee986e48fbdcc5879846f5c3689

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "9cc-64629816-e712022269aa663b;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 860
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 bootstrap-native.min.js Show response
cdn.jsdelivr.net/npm/bootstrap.native@3.0.0/dist/ 27 KB
9 KB 691ms
223ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap.native@3.0.0/dist/bootstrap-native.min.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bb113b603e9610cc1d88469ef1b09e3615d79193def3e9ffc40130a30d0c4639

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2990799
x-jsd-version: 3.0.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9118
x-served-by: cache-fra-eddf8230073-FRA, cache-gig2250067-GIG
x-jsd-version-type: version
etag: W/"6d81-QFfadKOBv3gElryPvG07wv7cP3M"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 autoptimize_743f7d52a16f6319c0515fa8b0a3695f.js Show response
secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/js/ 170 KB
45 KB 237ms
235ms Script
application/x-javascript 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/js/autoptimize_743f7d52a16f6319c0515fa8b0a3695f.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

01bd3be3620c1e3b8390b7eb08798f0cac597049bd2276d0b531010fe9910962

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "2a72f-64629816-f298f7b02ccb909f;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 46145
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 28 KB
2 KB 87ms
33ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_be0759d1a3f749c2496daa7f8b0304d4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dc143132f10a2b1a8ddde03dae84d252768c2d3e30bf21704dd376c3f05704fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:39:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:39:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 85ms
31ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans|PT+Sans|Yanone+Kaffeesatz:400,400i,600,600i,700,700i

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_be0759d1a3f749c2496daa7f8b0304d4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0436dd67c8f1197066c08cda1ab938c4e53f30b9bff3740d36725abddfc82397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:39:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:39:20 GMT

GET
H2 200 default-styles-3.0.min.css
mgstatic.net/wp/css/ 14 KB
4 KB 451ms
142ms Stylesheet
text/css 148.62.54.20
RMH-14

General

Check archive.org

Show headers Download Go to

Full URL: https://mgstatic.net/wp/css/default-styles-3.0.min.css
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 148.62.54.20 , United States, ASN33070 (RMH-14, US),
Reverse DNS
Software: nginx/1.20.2 /
Resource Hash: ed0623e70b742bd75c74f1524c9b73409f3132aec7cda49ffd6727ea7550fcdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: gzip
last-modified: Thu, 02 Mar 2023 17:42:37 GMT
server: nginx/1.20.2
etag: W/"6400e00d-3795"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
expires: Wed, 14 Jun 2023 20:39:20 GMT

GET
H2 200 embed Show response
api.scheduleengine.net/se-web-api/v1/config/widget/ 117 B
339 B 732ms
498ms Fetch
application/json 107.21.59.206
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.scheduleengine.net/se-web-api/v1/config/widget/embed?api_key=ckz7m9p62005007o4chjl583t
Requested by: Host: embed.scheduleengine.net
URL: https://embed.scheduleengine.net/schedule-engine-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.59.206 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-59-206.compute-1.amazonaws.com
Software: / Express
Resource Hash: e1782111a7bf98ad5d09f5930095f7d640337c3c2ef2f17878acba818092d538

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
via: kong/0.13.0
x-powered-by: Express
etag: W/"75-BbbnChKgINaD7PML0srwhSYajck"
x-kong-proxy-latency: 0
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-kong-upstream-latency: 24
content-length: 117
expires: -1

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 64ms
21ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8dcee59828f1423ecefd552dd353e25bd4ac38a9557ee084604ee7c2d41d9b98

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 15 May 2023 20:39:20 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27538
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: JPUvvNa+7ydzpboC+gpbQ4B5Xrbno2VC+QkalJG+fF995ZfSHfcs4OvBF/0HTGKbzgtyMJcfMortZNRo/BEILA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), bluetooth=(), hid=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 hero-lg.jpg
secure-nwfcu.0436316234378.online/wp-content/uploads/2022/02/ 246 KB
246 KB 4611ms
4611ms Image
image/jpeg 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/uploads/2022/02/hero-lg.jpg

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8038dc724e4275d5c5b52b94fb45b205652be3d939a45bc61c74f3f161f8edf9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "3d726-64629816-267d9f8ebc0e380e;;;"
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 251686
expires: Mon, 22 May 2023 20:39:20 GMT

GET
DATA 200
OK truncated
/ 232 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6830e1d7fe50cf6357510318f5a0f3811f8cb13d89b4c6533f13ea3203b94ed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8477ab6a5f6365f967d615950452e5f7221c1bbd54ddcb82da963b5b0c7a5e0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 ac-techs.jpg
secure-nwfcu.0436316234378.online/wp-content/uploads/2021/01/ 140 KB
141 KB 4673ms
4672ms Image
image/jpeg 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/uploads/2021/01/ac-techs.jpg

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

be0d9d388a386c84cf9f28fbb1ee01a630eefcdef95472b627739960fba2e3b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "23109-64629816-53f0e5fc5c70e192;;;"
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 143625
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 happy-family-in-kitchen.jpg
secure-nwfcu.0436316234378.online/wp-content/uploads/2021/02/ 79 KB
79 KB 4675ms
4675ms Image
image/jpeg 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/uploads/2021/02/happy-family-in-kitchen.jpg

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

4404bfed5e96de9d7f63a1b04ecb94c2e61af2b2fadb76c43a266aaf551c9685

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "13b20-64629816-ac7e5b4f66e64b8c;;;"
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 80672
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 fa-solid-900.woff2
secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/ 138 KB
138 KB 257ms
257ms Font
font/woff2 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/fa-solid-900.woff2

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "226c4-64629816-33485984820b5d18;;;"
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 140996
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 fa-regular-400.woff2
secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/ 170 KB
170 KB 3001ms
3001ms Font
font/woff2 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/fa-regular-400.woff2

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

4e4cc2d5669ad1bb831c050c273dbf760a070eb5f413458cf5cd7625c594a583

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "2a61c-64629816-65890bf5543db3ec;;;"
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 173596
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H3 200 fa-light-300.woff2
secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/ 185 KB
186 KB 3583ms
3583ms Font
font/woff2 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/fa-light-300.woff2

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

a96c21672b34a2f47197f6d5ae5ae4b6012d6fac6cfca1c851f66901c9c8abf4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "2e4d0-64629816-e20b591260177725;;;"
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 189648
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 anvload.html Show response
w3.mp.lura.live/player/prod/v3/ Frame C1A2 562 B
779 B 95ms
27ms Document
text/html 2600:1901:0:2954::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:2954:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 789c6f081d2f9e3e635192bb087967e078b7f9952e8214c4e747f7ecc51680f7

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=14400
content-encoding: gzip
content-length: 292
content-type: text/html
date: Mon, 15 May 2023 20:35:11 GMT
etag: "9b18b22469021c876b39921399a606b8"
last-modified: Wed, 29 Mar 2023 20:38:57 GMT
server: UploadServer
vary: Accept-Encoding
via: 1.1 google
x-goog-generation: 1680122337372108
x-goog-hash: crc32c=SZOECA== md5=mxiyJGkCHIdrOZITmaYGuA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 292
x-guploader-uploadid: ADPycdsfnBvuf5NcVyvt8Wn9bfz0O9RWmYoFY2pAQc9rxQhLJfGS6Po5-8W42XJD802NvJJMoNwyA6vmOCIzdJwfVpYeSw

GET
H2 200 AVtu_CKyTdI Show response
www.youtube.com/embed/ Frame 61CC 76 KB
33 KB 173ms
96ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bce69b99a25990319b4467248aabd7fe198c1febe6faefa162158ff40c0fd70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:39:21 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 family-2.jpg
secure-nwfcu.0436316234378.online/wp-content/uploads/2021/01/ 59 KB
59 KB 6037ms
6037ms Image
image/jpeg 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/uploads/2021/01/family-2.jpg

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

501169d421b29fbad700ef2e6bfd688f92078a081759607e4275bd036dd8c05b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "eccf-64629816-ebb7a77661f54f3c;;;"
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 60623
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 35ms
34ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6f618ce23b07768d4d148b78d336504c4d634d3b823514b50a0c14f73e5b3343

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 15 May 2023 20:39:20 GMT
content-md5: ZwCsv6A4EL/iHxwWxrzIXQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: GU0YbAzJdv0z7pq1Ko6cXh2xHY+7HuNP1gRJ+X5iOWdrq30cjEuMIo3NFQH5PTOC0bkpA+lAoWVZJ6XvV9Mznw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
x-fb-content-md5: f693ff911be83ec1759a3548268ef68e
cross-origin-opener-policy: same-origin-allow-popups
etag: "9cf590b2dccae21c2ba2fb467793d1f5"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), usb=()
x-frame-options: DENY
timing-allow-origin: *
expires: Mon, 15 May 2023 20:51:50 GMT

GET
H3 200 fa-brands-400.woff2
secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/ 77 KB
77 KB 4125ms
4125ms Font
font/woff2 2a02:4780:b:1094:0:3b0f:90dc:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://secure-nwfcu.0436316234378.online/wp-content/themes/picostrap-child/static/fonts/font-awesome/fa-brands-400.woff2

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:b:1094:0:3b0f:90dc:2 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://secure-nwfcu.0436316234378.online/wp-content/cache/autoptimize/css/autoptimize_single_53fc1133c90f0e2a08e6d4ac89bccc92.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 15 May 2023 20:37:42 GMT
server: LiteSpeed
etag: "13280-64629816-c747497a7594f6af;;;"
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 78464
expires: Mon, 22 May 2023 20:39:20 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
16 KB 71ms
21ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 18:48:29 GMT
x-content-type-options: nosniff
age: 179451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15700
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 18:48:29 GMT

GET
H2 200 1063376620487790 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 161ms
160ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1063376620487790?v=2.9.104&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

be65582299218fb5a711433237048116d34f0a16c20fab607866493a35b48077

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 15 May 2023 20:39:21 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: vEToihHrtX4sL+DGqOKrRcb9UOfMKcG7A00kIY9nR9FbcOjJudpxttAAjZvIIz8PKXbCTBN4TQmBy+TiU4ld1A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), bluetooth=(), hid=(), magnetometer=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 43ms
21ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=9979c6d402da2a987be8871175f24a91

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

482a4b79b73038ec4106830b6c2eee3c112ff427c0880e038114cb7743faf110

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 15 May 2023 20:39:20 GMT
content-md5: 8D2LKhVGl9sswYGvEyfEtA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87159
x-fb-rlafr: 0
x-fb-debug: CyQXXOqpws2Z2lHuu3285BmSaopQaoK3Hhs1OXKZPTf0KKIr5A67q6x3SrP2XvxMmMR0UI7YpgXW7LasGfzKiw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 91939e994924b954825476265a99d5fc
cross-origin-opener-policy: same-origin-allow-popups
etag: "e0fda3b95ba84f8b999ac3cebdea6cf7"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), bluetooth=(), magnetometer=(), screen-wake-lock=(), serial=(), usb=()
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Tue, 14 May 2024 19:58:01 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 247 KB
84 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-885Q0S9Y9J&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119866447-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

05de632d93371037df3a75de88d391cdef399a47c98636b832839650a0ef33c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85580
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 15 May 2023 20:39:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 72ms
21ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119866447-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 15 May 2023 20:35:39 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 222
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Mon, 15 May 2023 22:35:39 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 135 KB
52 KB 39ms
39ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-804431367&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119866447-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

87b0f773eead8e55975865702443ff2aa67b8af899ba9b3510eaacc47445ec8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53063
x-xss-protection: 0
last-modified: Mon, 15 May 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 15 May 2023 20:39:20 GMT

GET
H2 200 anvplayer.min.js Show response
w3.mp.lura.live/player/prod/v3/11b37c58/scripts/ Frame C1A2 2 MB
703 KB 24ms
23ms Script
text/javascript 2600:1901:0:2954::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:2954:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: fb4bcb2b518dee77366120aa3f970e7075bac4b890008828d057e650e9b775f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:00:37 GMT
content-encoding: gzip
via: 1.1 google
age: 13123
x-guploader-uploadid: ADPycdtwNGSsal9aj-nyezj8vcL0GD6Fl-0oaTGQ8x9NWAAfdha7xrTrgjtCOV_73LUic0Kukk4q764dMy_igR9s8-f2xQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 719605
last-modified: Wed, 29 Mar 2023 20:38:56 GMT
server: UploadServer
etag: "899e7c4d085ad77bbdac4a4d959034ce"
vary: Accept-Encoding
x-goog-generation: 1680122336518118
x-goog-hash: crc32c=OV1q6w==, md5=iZ58TQha13u9rEpNlZA0zg==
content-type: text/javascript
access-control-allow-origin: *
cache-control: public,max-age=14400
x-goog-stored-content-length: 719605
accept-ranges: bytes

GET
H2 200 anvhtml5.css
w3.mp.lura.live/player/prod/v3/ Frame C1A2 48 KB
9 KB 98ms
98ms Stylesheet
text/css 2600:1901:0:2954::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w3.mp.lura.live/player/prod/v3/anvhtml5.css
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:2954:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2a2950830dd45881c784a4a8e6ee4c38ff9dafb9cb831a551224ae096ad6aebb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 16:40:06 GMT
content-encoding: gzip
via: 1.1 google
age: 14354
x-guploader-uploadid: ADPycdtwbkg48UTdUhwE1AUpDGm0X9yUH6-M45T5xANf71JncL2h0lz9cZD1N4rvWunqoSZRBInOocADgZCjPi92kC7YxA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9252
last-modified: Wed, 29 Mar 2023 20:38:57 GMT
server: UploadServer
etag: "da063214c9e63cdd30b4b08bf7487282"
vary: Accept-Encoding
x-goog-generation: 1680122337227406
x-goog-hash: crc32c=Wzcbng==, md5=2gYyFMnmPN0wtLCL90hygg==
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-age=14400
x-goog-stored-content-length: 9252
accept-ranges: bytes

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/804431367/ 3 KB
2 KB 86ms
35ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/804431367/?random=1684183161028&cv=11&fst=1684183161028&bg=ffffff&guid=ON&async=1&gtm=45be35a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure-nwfcu.0436316234378.online%2F&hn=www.googleadservices.com&frm=0&tiba=Air%20Conditioning%20Repair%20Service%20%7C%20HVAC%20Contractor%20%7C%20Sacramento%2C%20CA&auid=763993906.1684183161&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-804431367&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0ebb690b8d09650336ec7a8fa9a6a4acac01fd95326468457ba0dee09a5ac26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1253
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.js Show response
www.gstatic.com/wcm/ 3 KB
2 KB 72ms
22ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/wcm/loader.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-804431367&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:06:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1978
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1339
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 16:45:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 15 May 2023 21:06:23 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
258 B 80ms
29ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-885Q0S9Y9J&gtm=45je35a0&_p=224187996&cid=133886190.1684183161&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1684183161&sct=1&seg=0&dl=https%3A%2F%2Fsecure-nwfcu.0436316234378.online%2F&dt=Air%20Conditioning%20Repair%20Service%20%7C%20HVAC%20Contractor%20%7C%20Sacramento%2C%20CA&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-885Q0S9Y9J&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/cfa9e7cb/ Frame 61CC 405 KB
48 KB 24ms
22ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eccf57b62dbae261e99c42c11f1d643aa66362fc72a0696be044a75466ba5202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48645
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:37:08 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
220 B 28ms
28ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=224187996&t=pageview&_s=1&dl=https%3A%2F%2Fsecure-nwfcu.0436316234378.online%2F&ul=en-us&de=UTF-8&dt=Air%20Conditioning%20Repair%20Service%20%7C%20HVAC%20Contractor%20%7C%20Sacramento%2C%20CA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=67412727&gjid=316569032&cid=133886190.1684183161&tid=UA-119866447-1&_gid=1888424430.1684183161&_r=1&gtm=457e35a0&jsscut=1&z=874926535

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 61CC 15 KB
15 KB 23ms
21ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 22:24:03 GMT
x-content-type-options: nosniff
age: 166518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 22:24:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 61CC 15 KB
15 KB 29ms
27ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 22:41:31 GMT
x-content-type-options: nosniff
age: 165470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 22:41:31 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/ Frame 61CC 338 KB
95 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48a391f29bc14459aa881d701beed00820c0b7ef72aa0a85fc08d6e21d169ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97217
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:38:16 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 61CC 2 MB
733 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4eb5fefb8416c598f01847e5b53605cc6d3ffb3784067dba4185954a19ef2fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 750263
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:41 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/ Frame 61CC 9 KB
3 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 888
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2604
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:24:33 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
362 B 88ms
29ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-119866447-1&cid=133886190.1684183161&jid=67412727&gjid=316569032&_gid=1888424430.1684183161&_u=YADAAUAAAAAAACAAI~&z=672825469

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 call-tracking_7.js Show response
www.gstatic.com/call-tracking/ 54 KB
21 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/call-tracking/call-tracking_7.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 20:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173496
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21020
x-xss-protection: 0
last-modified: Wed, 03 Feb 2021 22:45:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-telephony"
vary: Accept-Encoding
report-to: {"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 May 2024 20:27:45 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 63ms
21ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1063376620487790&ev=PageView&dl=https%3A%2F%2Fsecure-nwfcu.0436316234378.online%2F&rl=&if=false&ts=1684183161152&sw=1600&sh=1200&v=2.9.104&r=stable&ec=0&o=30&fbp=fb.1.1684183161151.1314579758&cs_est=true&it=1684183160917&coo=false&rqm=GET

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 15 May 2023 20:39:21 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/804431367/ 42 B
455 B 84ms
33ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/804431367/?random=1684183161028&cv=11&fst=1684180800000&bg=ffffff&guid=ON&async=1&gtm=45be35a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure-nwfcu.0436316234378.online%2F&frm=0&tiba=Air%20Conditioning%20Repair%20Service%20%7C%20HVAC%20Contractor%20%7C%20Sacramento%2C%20CA&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1041700418&rmt_tld=0&ipr=y

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:21 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/804431367/ 42 B
455 B 85ms
33ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/804431367/?random=1684183161028&cv=11&fst=1684180800000&bg=ffffff&guid=ON&async=1&gtm=45be35a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure-nwfcu.0436316234378.online%2F&frm=0&tiba=Air%20Conditioning%20Repair%20Service%20%7C%20HVAC%20Contractor%20%7C%20Sacramento%2C%20CA&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1041700418&rmt_tld=1&ipr=y

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:21 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 q261XAmg8gMmZC1p7bI9VSYmO1kyPmMB Show response
access.mp.lura.live/anvacks/ Frame C1A2 887 B
1 KB 480ms
420ms XHR
application/json 2600:1901:0:cb53::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://access.mp.lura.live/anvacks/q261XAmg8gMmZC1p7bI9VSYmO1kyPmMB?apikey=3hwbSuqqT690uxjNYBktSQpa5ZrpYYR0Iofx7NcJHyA
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:cb53:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 4bb12ea6da4a34d39e8cd0dcd4ffb612335d841d6b1796a73d49543e514ae1d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
via: 1.1 google
server: nginx
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 887

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 59ms
58ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-119866447-1&cid=133886190.1684183161&jid=67412727&_u=YADAAUAAAAAAACAAI~&z=686207780

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 59ms
59ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-119866447-1&cid=133886190.1684183161&jid=67412727&_u=YADAAUAAAAAAACAAI~&z=686207780

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

wcm Show response
www.google.de/pagead/attribution/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/804431367/wcm?cc=ZZ&dn=9162564447&cl=AU3jCK3DzIIBEIfMyv8C&ct_eid=2
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=9162564447&cl=AU3jCK3DzIIBEIfMyv8C

80 B
111 B

30ms
30ms

XHR
application/json

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=9162564447&cl=AU3jCK3DzIIBEIfMyv8C

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: null
content-type: application/json; charset=UTF-8
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87
x-xss-protection: 0

Redirect headers

date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=9162564447&cl=AU3jCK3DzIIBEIfMyv8C
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 61CC
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

29ms
28ms

XHR
application/json

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00eec35078bca2f5620072245d004fab9d08cf0176e3ae749f52e731c84fb1f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 61CC 29 B
495 B 189ms
21ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:24:24 GMT
x-content-type-options: nosniff
age: 897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 May 2023 20:39:24 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 176ms
29ms Preflight
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:39:21 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 61CC 68 KB
31 KB 37ms
37ms XHR
application/json+protobuf 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d328e9bd93120a74bad43d6e4c60e0b4da8b85f4f5d41d5b300aad1d807c14d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31613
x-xss-protection: 0

GET
H3 200 jMc2Q0-mmfv53EZuCPXoiRrLnbOh_FqSvHrAaKV98PI.js Show response
www.google.com/js/th/ Frame 61CC 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/jMc2Q0-mmfv53EZuCPXoiRrLnbOh_FqSvHrAaKV98PI.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cc736434fa699fbf9dc466e08f5e8891acb9db3a1fc5a92bc7ac068a57df0f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 09 May 2023 09:41:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 May 2024 09:41:24 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 61CC 29 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

642a400039a41170589c933fd106710a2100d06d2c0d5e8150d21a5d89f30ce8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 16:37:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 360099
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8308
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 10 May 2024 16:37:42 GMT

GET
DATA 200
OK truncated
/ Frame 61CC 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AGIKgqMr2xQpv0A_cudGUkFAWx6t5YFkTHZCYhd46AuW=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 61CC 3 KB
3 KB 157ms
47ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AGIKgqMr2xQpv0A_cudGUkFAWx6t5YFkTHZCYhd46AuW=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

235918ff124abb3cfaffaf3f211761ef02b20a7edc855f7e5f9e7104eda2b4d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
server: fife
etag: "v3d"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3154
x-xss-protection: 0
expires: Tue, 16 May 2023 20:39:21 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/AVtu_CKyTdI/ Frame 61CC 26 KB
27 KB 177ms
68ms Image
image/jpeg 2a00:1450:4001:812::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/AVtu_CKyTdI/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGBMgQCh_MA8=&rs=AOn4CLDVSzgIex2K3zFC1JRMii8fieektw

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

461555d507bd6ca4cde79db14a279e6aeada8e8fe6994741fe2415a9d36b89d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26976
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 15 May 2023 22:39:21 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 61CC 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?23EKbA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 28ms
28ms Preflight
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:39:21 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 61CC 90 B
134 B 32ms
32ms XHR
application/json+protobuf 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

70dead5d386331dae8635aa50e338b73459abfea230db76536dca64c8a715603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H2 200 vardata
lab.analyticspodium.com/sdk/ Frame 0
0 608ms
212ms Preflight 52.10.187.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://lab.analyticspodium.com/sdk/vardata

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.187.193 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-187-193.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-amp-exp-user
Access-Control-Request-Method: GET
Origin: https://secure-nwfcu.0436316234378.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-amp-exp-user
access-control-allow-methods: GET,POST,HEAD
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
access-control-max-age: 1800
apigw-requestid: E-zDIj1vPHcEMww=
content-length: 0
date: Mon, 15 May 2023 20:39:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin
x-amzn-trace-id: Self=1-6462987a-0bb92fdc50eea71371da13a4;Root=1-6462987a-0eb70a8001bdfcc3735bf738
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-bfi-kbfi7400084-BFI
x-timer: S1684183162.172178,VS0,VE10

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 884 B
607 B 29ms
29ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfQHmAhAAAAAMwGWLTBEA_sxYSUMRiijIIqBlP6

Requested by

Host: connect.podium.com
URL: https://connect.podium.com/widget.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e5922f45d51b849a101d681ef7381916fee5ff968ebf4936622d9452523335be

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 586
x-xss-protection: 1; mode=block
expires: Mon, 15 May 2023 20:39:21 GMT

GET
H2 200 vardata Show response
lab.analyticspodium.com/sdk/ 3 KB
3 KB 259ms
258ms Fetch
application/json 52.10.187.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://lab.analyticspodium.com/sdk/vardata

Requested by

Host: connect.podium.com
URL: https://connect.podium.com/widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.10.187.193 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-10-187-193.us-west-2.compute.amazonaws.com

Software

Resource Hash

3c7e82cf32b6d4453a2fa7389cf2b341b98d7831a108fe96b5373a3a59f28a5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
Authorization: Api-Key client-Ouo1GRXThh3LlgIkIlMGrdQTd3m9VBlY
X-Amp-Exp-User: eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS43LjMiLCJsYW5ndWFnZSI6ImVuLVVTIiwicGxhdGZvcm0iOiJXZWIiLCJvcyI6IkNocm9tZSAxMTMiLCJkZXZpY2VfbW9kZWwiOiJXaW5kb3dzIiwiZGV2aWNlX2lkIjoiZDE3MjZiNWMtZmRmMi00Mzg3LThhYWItNzkwODI3ZjUxYTc0IiwidXNlcl9wcm9wZXJ0aWVzIjp7fX0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 2807
apigw-requestid: E-zDKi2pPHcEMUw=
x-served-by: cache-bfi-kbfi7400069-BFI
x-timer: S1684183162.385990,VS0,VE56
x-amzn-trace-id: Self=1-6462987a-6d43891348e0aa2c57864f86;Root=1-6462987a-00a965fb3879772c719cd680
vary: Origin, Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H/1.1 200
OK graphql
mind-flayer.podium.com// Frame 0
0 787ms
189ms Preflight 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://secure-nwfcu.0436316234378.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
access-control-allow-credentials: true
access-control-allow-headers: accept, content-type, authorization, socket-id, origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
date: Mon, 15 May 2023 20:39:22 GMT
server: Cowboy
vary: origin
x-request-id: F19rqbpdl-hiNVkFU8BS
x-robots-tag: noindex

POST
H/1.1 200
OK graphql Show response
mind-flayer.podium.com// 59 B
459 B 206ms
205ms XHR
application/json 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/widget.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash: acb5776aac95fee6d653c9bc4528d6380620f45957ea21d42f14e08139abd2a3

Request headers

Accept: application/json
Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
server: Cowboy
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
x-robots-tag: noindex
Content-Length: 59
x-request-id: F19rqcXLXCLQ29gKil8C

POST
H2 200 / Show response
www.facebook.com/tr/ Frame E35D 0
62 B 20ms
20ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://secure-nwfcu.0436316234378.online
Referer: https://secure-nwfcu.0436316234378.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:39:21 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/ 411 KB
164 KB 66ms
22ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfQHmAhAAAAAMwGWLTBEA_sxYSUMRiijIIqBlP6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6996e2a02589f4ffe5d4279d5e2441ba1213a47957c1882a755b1403a0ea67d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:52:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 168053
x-xss-protection: 0
last-modified: Mon, 08 May 2023 04:06:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 17:52:18 GMT

GET
H2 200 server_time Show response
tkx.mp.lura.live/rest/v2/ Frame C1A2 28 B
228 B 194ms
134ms XHR
application/json 2600:1901:0:7abc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tkx.mp.lura.live/rest/v2/server_time?anvack=q261XAmg8gMmZC1p7bI9VSYmO1kyPmMB&anvtrid=w11b37c58b455471558a8782095fbe2fe
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7abc:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: d57f694fd6b588fb29855a79d22a56f9f1785cb73491fa24959fc25e01fe3477

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:21 GMT
via: 1.1 google
server: nginx
content-type: application/json
access-control-allow-origin: https://w3.mp.lura.live
access-control-allow-credentials: true
x-onetkx-ver: ~~~us-central1-c~602020581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame BECD 50 KB
27 KB 46ms
45ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQHmAhAAAAAMwGWLTBEA_sxYSUMRiijIIqBlP6&co=aHR0cHM6Ly9zZWN1cmUtbndmY3UuMDQzNjMxNjIzNDM3OC5vbmxpbmU6NDQz&hl=de&v=wqcyhEwminqmAoT8QO_BkXCr&size=invisible&cb=eknevjhypv1z

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

21bca20dfb4289bac90893b9cd94b577e90b3621d7aaf70d0a7db3aec11ecf39

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BKJrVSp9XteEzWc1tyRpmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure-nwfcu.0436316234378.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 27597
content-security-policy: script-src 'report-sample' 'nonce-BKJrVSp9XteEzWc1tyRpmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:39:21 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/ Frame BECD 55 KB
24 KB 20ms
20ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQHmAhAAAAAMwGWLTBEA_sxYSUMRiijIIqBlP6&co=aHR0cHM6Ly9zZWN1cmUtbndmY3UuMDQzNjMxNjIzNDM3OC5vbmxpbmU6NDQz&hl=de&v=wqcyhEwminqmAoT8QO_BkXCr&size=invisible&cb=eknevjhypv1z

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 14:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 08 May 2023 04:06:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 14:42:12 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/ Frame BECD 411 KB
164 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6996e2a02589f4ffe5d4279d5e2441ba1213a47957c1882a755b1403a0ea67d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:52:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 168053
x-xss-protection: 0
last-modified: Mon, 08 May 2023 04:06:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 17:52:18 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame C1A2 359 KB
120 KB 155ms
92ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8158ef9b95cd261be4d1ae9495472c1ce8e470c43d1a782367ae24d0d5aac39a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122506
x-xss-protection: 0
expires: Mon, 15 May 2023 20:39:22 GMT

POST
H2 200 6805380 Show response
tkx.mp.lura.live/rest/v2/mcp/video/ Frame C1A2 9 KB
9 KB 173ms
173ms XHR
application/x-javascript 2600:1901:0:7abc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tkx.mp.lura.live/rest/v2/mcp/video/6805380?anvack=q261XAmg8gMmZC1p7bI9VSYmO1kyPmMB&anvtrid=w11b37c58517a3576d0d29f499c3c43c9&rtyp=fp&X-Anvato-Adst-Auth=ZKOkkU7JNtXSbpA1xMuie2B3FVMZkDHnIKD4RSsuWrxwkZ8OzSSV4BDlRG1g10yeY7Z0Xtvsz78xR159WR3KxA%3D%3D
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7abc:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 4ef6c96d67c9121b13da6f6996852e69d37bb4dd2e43383ea31fea9afee384ad

Request headers

Referer: https://w3.mp.lura.live/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
via: 1.1 google
server: nginx
content-type: application/x-javascript
access-control-allow-origin: https://w3.mp.lura.live
access-control-allow-credentials: true
x-onetkx-ver: ~~~us-east4-b~601686751
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame BECD 2 KB
2 KB 20ms
20ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/wqcyhEwminqmAoT8QO_BkXCr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 22:52:35 GMT
x-content-type-options: nosniff
age: 164807
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 20 May 2023 22:52:35 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BECD 15 KB
15 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 22:24:03 GMT
x-content-type-options: nosniff
age: 166519
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 22:24:03 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BECD 15 KB
15 KB 22ms
21ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 22:41:31 GMT
x-content-type-options: nosniff
age: 165471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 22:41:31 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame BECD 102 B
132 B 30ms
29ms Other
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=wqcyhEwminqmAoT8QO_BkXCr

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b9b41bbb484aeedab598c24291942c8c2d0af98bdba3b430bf8fcd2cb709198a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQHmAhAAAAAMwGWLTBEA_sxYSUMRiijIIqBlP6&co=aHR0cHM6Ly9zZWN1cmUtbndmY3UuMDQzNjMxNjIzNDM3OC5vbmxpbmU6NDQz&hl=de&v=wqcyhEwminqmAoT8QO_BkXCr&size=invisible&cb=eknevjhypv1z
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 1; mode=block
expires: Mon, 15 May 2023 20:39:22 GMT

GET
H2 200 master.m3u8 Show response
dcs-vod.mp.lura.live/vod/p/ Frame C1A2 353 B
528 B 503ms
441ms XHR
application/json 2600:1901:0:24e1::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dcs-vod.mp.lura.live/vod/p/master.m3u8?encp=W2cdyf5GMKN11Q_Pj7jbFQ:azP7UYu6Z-Pa9zhylXfZ75-3XJvc9cpKFJAXWpvt3yYrX_vDX6dCHzQA3fe3YtKECHe1MVBWGklIZ80ap5gXQfZvoEUQ0dSdwQquTPeq9nPJf9iH_f1OxKWQRD6bEgLUIrt74ztE-nu4T0o6HRdpY5csprhrsJD074NaACfXHFPfofn2omWQrOo_MRlgqBYL_CNtkDF3ULfTjlhhoXNvAkT7dO21rYQfjuwkKHRVff_Tl-lv4JgeNiQgNH2ufnp_elcqshdVt0H-GeoYu8nfvgtT7CZL3V-uPw86_in_4GcLmWuuAJtq8gruM_dH7mM0M-itOQh05M_Qc3XUz6oORB68eG7qaSsPner9qKq1KgbhyLZu322EXhXNJicvkqdZ2-fWwSrCFYJYfzFwUge3NIk4-Zv3y4X-1Jal0QG5h7oUmhuMdMWwBEXPaItpc9NNjzZ80PbRmdq1QQzDXP-row&anvtrid=52aadddd77eb6b455ffbe89a43cec5f2&anvauth=tb=0~te=1684183252~sgn=fa4ad5bfa54d4f45f5ba7fb775328e119a08806a3b86b867736da5f40a6e5ada&t=1684183162&_vpng=0
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:24e1:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 1af5c9b99eb04677c251b0fd92deb051c18a0c302193b8303f421d4797ce9d24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
x-anv-ver: ~~
vary: Accept-Encoding
x-anv-auth-status: valid
access-control-allow-origin: https://w3.mp.lura.live
vmap-check-t-tracking: 0
content-type: application/json
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
vmap-check-d-tracking: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 ggcmb500.js Show response
secure-us.imrworldwide.com/novms/js/2/ Frame C1A2 2 KB
1 KB 205ms
49ms Script
application/javascript 52.50.49.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-us.imrworldwide.com/novms/js/2/ggcmb500.js
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.49.218 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-49-218.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1804940bab9497accd774bf71ed5777ac803859c10efc54e312c4457fc616427

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 16:15:03 GMT
server: nginx
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
etag: "6442b687-353"
access-control-allow-methods: POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 851

GET
H3 200 anvatoextension.js Show response
w3.mp.lura.live/player/prod/v3/11b37c58/lib/ Frame C1A2 288 B
225 B 22ms
22ms Script
text/javascript 2600:1901:0:2954::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/lib/anvatoextension.js
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:2954:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b510a882c697c69a11442c364a3e878dd12729f27c01c3b8054c643456034932

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:53:22 GMT
content-encoding: gzip
via: 1.1 google
age: 9960
x-guploader-uploadid: ADPycduGVmAiEw6pLMZ7ZyBDmpPXvoZj3k_9Ksy_32j5UrLhrJ4umqSipMDr6sHgqlHIkQkbFYIo24MT8tzqZjtabh2d
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 195
last-modified: Wed, 29 Mar 2023 20:38:52 GMT
server: UploadServer
etag: "c0f7627f876a25d88e180c31bc323499"
vary: Accept-Encoding
x-goog-generation: 1680122332656893
x-goog-hash: crc32c=jNMWQA==, md5=wPdif4dqJdiOGAwxvDI0mQ==
content-type: text/javascript
access-control-allow-origin: *
cache-control: public,max-age=14400
x-goog-stored-content-length: 195
accept-ranges: bytes

GET
H3 200 streamsense.4.1412.05.min.js Show response
w3.mp.lura.live/player/prod/v3/11b37c58/lib/ Frame C1A2 28 KB
9 KB 23ms
23ms Script
text/javascript 2600:1901:0:2954::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/lib/streamsense.4.1412.05.min.js
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:2954:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: a58e3a7f70f9ff30b74124150cfdd6ecf164baffe00eea93cb1c3f26f5d058b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:18:27 GMT
content-encoding: gzip
via: 1.1 google
age: 8455
x-guploader-uploadid: ADPycdvyP5iPYjzG25iJJ9DdAGJPKgVdi2RlaH5Mwl7y3mIBLhAPZkQdp7Y9_AMjjng8RMyUGmX5uZLj7SnGwXMrBdwVg6GoQyhL
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8915
last-modified: Wed, 29 Mar 2023 20:38:54 GMT
server: UploadServer
etag: "bd563f22eed856825ad192f8a37b20ff"
vary: Accept-Encoding
x-goog-generation: 1680122334097731
x-goog-hash: crc32c=aXGSaw==, md5=vVY/Iu7YVoJa0ZL4o3sg/w==
content-type: text/javascript
access-control-allow-origin: *
cache-control: public,max-age=14400
x-goog-stored-content-length: 8915
accept-ranges: bytes

GET
H2 200 bridge3.573.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 1852 707 KB
226 KB 22ms
21ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.573.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d874ba7d932f73df5bc8501b80fdc1afeef566768248b7f06e392571f562b8ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://w3.mp.lura.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 229882
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 231088
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Sat, 13 May 2023 04:48:00 GMT
expires: Sun, 12 May 2024 04:48:00 GMT
last-modified: Sat, 13 May 2023 04:42:04 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame C1A2 44 KB
17 KB 154ms
76ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 May 2023 20:39:22 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame C1A2 51 KB
20 KB 20ms
20ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 15 May 2023 20:35:39 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 223
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Mon, 15 May 2023 22:35:39 GMT

GET
DATA 200
OK truncated
/ Frame C1A2 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame C1A2 19 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 993c58ad3f0e7d5344de2eb67b12ea9b747a6200c990b88e0b7922a211966bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK F75D2C091A904A7D96AEA24AEFD551A2.jpg
h104216-pcdn.mp.lura.live/iupl_lin/F75/D2C/ Frame C1A2 203 KB
204 KB 133ms
25ms Image
image/jpeg 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/iupl_lin/F75/D2C/F75D2C091A904A7D96AEA24AEFD551A2.jpg?aktaexp=1684186762&aktasgn=91bca292d9a4dbcd490a41583dc411de
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: 7d8b502818ec040c60ab47cc5c46df3364c1a8deef2350a11e46c318e8aad6c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:22 GMT
X-GUploader-UploadID: ADPycduw_mzkogNk8fMw3gMaQTPNNB1tpA696Hg-nFoNJXdP0-tGbHs3N5Tzt2Agz35-QMkMLk7rMbKnwyIrl9zG7Os22RicZrPa
x-goog-storage-class: COLDLINE
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1626239863086286
Connection: Keep-Alive
Content-Length: 208132
Last-Modified: Wed, 20 Apr 2022 06:03:56 GMT
Server: UploadServer
ETag: "1253442255c762eba255cf7c794ee688"
x-goog-generation: 1650434636192298
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=6m6OAw==, md5=ElNEIlXHYuuiVc98eU7miA==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183162.dop272.fr8.t,1684183162.cds155.fr8.shn,1684183162.dop272.fr8.t,1684183162.cds239.fr8.c
x-goog-stored-content-length: 208132
Accept-Ranges: bytes

POST
H2 200 httpapi Show response
api2.analyticspodium.com/2/ 94 B
344 B 199ms
199ms Fetch
application/json 52.24.147.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.analyticspodium.com/2/httpapi

Requested by

Host: connect.podium.com
URL: https://connect.podium.com/widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.24.147.221 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-24-147-221.us-west-2.compute.amazonaws.com

Software

Resource Hash

0ae7ad1e96fa3a686276d5b6696a4704ee8c1594a974392b784dcd5889380d59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept: */*
Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:39:23 GMT
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST
content-type: application/json
access-control-allow-origin: *
trace-id: Self=1-6462987b-5c939c1d208eb1916386b686;Root=1-6462987b-35fdc1535b460694758f07f4
content-length: 94
apigw-requestid: E-zDUjEaPHcEP_g=

OPTIONS
H2 200 httpapi
api2.analyticspodium.com/2/ Frame 0
0 585ms
195ms Preflight 52.24.147.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.analyticspodium.com/2/httpapi

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.24.147.221 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-24-147-221.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://secure-nwfcu.0436316234378.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: *
apigw-requestid: E-zDSiKOPHcEP8A=
content-length: 0
date: Mon, 15 May 2023 20:39:23 GMT
strict-transport-security: max-age=15768000

GET
H3 200 comscoreplugin.min.js Show response
w3.mp.lura.live/player/prod/v3/plugins/comscore/ Frame C1A2 187 KB
54 KB 22ms
22ms Script
text/javascript 2600:1901:0:2954::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w3.mp.lura.live/player/prod/v3/plugins/comscore/comscoreplugin.min.js
Requested by: Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:2954:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 71111465c15a7fb991a78f7f412f36274d84f585ddb217feb1ba9e984b5ab2c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/player/prod/v3/anvload.html?key=eyJtIjoiTElOIiwidiI6IjY4MDUzODAiLCJhbnZhY2siOiJxMjYxWEFtZzhnTW1aQzFwN2JJOVZTWW1PMWt5UG1NQiIsInNoYXJlTGluayI6Imh0dHBzOi8vZm94NDAuY29tL25ld3MvbG9jYWwtbmV3cy9pLWZlZWwtYmFkLWZvci1jdXN0b21lcnMtYWMtcGFydHMtaW4tc2hvcnQtc3VwcGx5LWR1cmluZy1yZWNvcmQtYnJlYWtpbmctaGVhdC8iLCJwbHVnaW5zIjp7ImNvbXNjb3JlIjp7ImNsaWVudElkIjoiNjAzNjQzOSIsImMzIjoiZm94NDAuY29tIiwic2NyaXB0IjoiLy93My5tcC5sdXJhLmxpdmUvcGxheWVyL3Byb2QvdjMvcGx1Z2lucy9jb21zY29yZS9jb21zY29yZXBsdWdpbi5taW4uanMiLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsidmlkZW8iOnsiYzMiOiJmb3g0MC5jb20iLCJuc19zdF9zdCI6Imt0eGwiLCJuc19zdF9wdSI6Ik5leHN0YXIiLCJuc19zdF9nZSI6IkxvY2FsIE5ld3MiLCJjc191Y2ZyIjoiIn0sImFkIjp7ImMzIjoiZm94NDAuY29tIiwibnNfc3Rfc3QiOiJrdHhsIiwibnNfc3RfcHUiOiJOZXhzdGFyIiwibnNfc3RfZ2UiOiJMb2NhbCBOZXdzIiwiY3NfdWNmciI6IiJ9fX0sImRmcCI6eyJjbGllbnRTaWRlIjp7ImFkVGFnVXJsIjoiaHR0cHM6Ly9wdWJhZHMuZy5kb3VibGVjbGljay5uZXQvZ2FtcGFkL2Fkcz9zej0xeDEwMDAmaXU9LzU2Nzgvbngua3R4bC9uZXdzL2xvY2FsX25ld3MmaW1wbD1zJmdkZnBfcmVxPTEmZW52PXZwJm91dHB1dD12bWFwJnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmYWRfcnVsZT0xJmRlc2NyaXB0aW9uX3VybD1odHRwczovL2ZveDQwLmNvbS9uZXdzL2xvY2FsLW5ld3MvaS1mZWVsLWJhZC1mb3ItY3VzdG9tZXJzLWFjLXBhcnRzLWluLXNob3J0LXN1cHBseS1kdXJpbmctcmVjb3JkLWJyZWFraW5nLWhlYXQvJnZjb25wPTImY3VzdF9wYXJhbXM9dmlkJTNENjgwNTM4MCUyNmNtc2lkJTNEODcxODM0JTI2cGlkJTNEODcxODM0JTI2cGVyc19jaWQlM0RueHN0cmliLTEzLWFydGljbGUtODcxODM0JTI2dmlkY2F0JTNEJTJGbmV3cyUyRmxvY2FsX25ld3MlMjZib2JfY2slM0QlNUJib2JfY2tfdmFsJTVEJTI2ZF9jb2RlJTNEbmEwMDMlMjZwYWdldHlwZSUzRHN0b3J5JTI2cGxheWVyd2lkdGglM0QxMzE3JTI2cGxheWVyaGVpZ2h0JTNENzQxJTI2dXBpZCUzRGU4N2RjMTQ1LTU5MjQtNDkzMC05MTQ5LTUzZjAxMTdmOTMzNiJ9fSwibmllbHNlbiI6eyJhcGlkIjoiUENDRjU5RUQwLUYyNjktNEMwQy05MDlBLTI5QkY5NDdBNjhBMyIsInNmY29kZSI6ImRjciIsInR5cGUiOiJkY3IiLCJhcG4iOiJBbnZhdG8iLCJlbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJ1c2VEZXJpdmVkTWV0YWRhdGEiOnRydWUsIm1hcHBpbmciOnsiYWRsb2FkdHlwZSI6MiwiYWRNb2RlbCI6Mn0sIm9wdE91dCI6ZmFsc2V9LCJzZWdtZW50Q3VzdG9tIjp7InNjcmlwdCI6Imh0dHBzOi8vc2VnbWVudC5wc2cubmV4c3RhcmRpZ2l0YWwubmV0L2FudmF0by5qcyIsIndyaXRlS2V5IjoiTUZjVEpIdFdOUDNKRmFBdXhVMmh1dGZVTDdWNnJ0Nm4iLCJwbHVnaW5zTG9hZGluZ1RpbWVvdXQiOjEyfSwiZ29vZ2xlQW5hbHl0aWNzIjp7InRyYWNraW5nSWQiOiJVQS0zNDEzMzg4NC04IiwiZXZlbnRzIjp7IkFEX1NUQVJURUQiOnsiYWxpYXMiOiJWaWRlby1BZCIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19TVEFSVEVEIjp7ImFsaWFzIjoiVmlkZW8tUGxheSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19GSVJTVF9RVUFSVElMRSI6eyJhbGlhcyI6IlZpZGVvLTI1JSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJWSURFT19NSURfUE9JTlQiOnsiYWxpYXMiOiJWaWRlby01MCUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fVEhJUkRfUVVBUlRJTEUiOnsiYWxpYXMiOiJWaWRlby03NSUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVklERU9fQ09NUExFVEVEIjp7ImFsaWFzIjoiVmlkZW8tMTAwJSIsImNhdGVnb3J5IjoiVmlkZW8iLCJsYWJlbCI6IltbVElUTEVdXSJ9LCJVU0VSX1BBVVNFIjp7ImFsaWFzIjoiUGF1c2UiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifSwiVVNFUl9SRVNVTUUiOnsiYWxpYXMiOiJSZXN1bWUiLCJjYXRlZ29yeSI6IlZpZGVvIiwibGFiZWwiOiJbW1RJVExFXV0ifX19fSwiaHRtbDUiOnRydWUsInRva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKSVV6STFOaUo5LmV5SjJhV1FpT2lJMk9EQTFNemd3SWl3aWFYTnpJam9pY1RJMk1WaEJiV2M0WjAxdFdrTXhjRGRpU1RsV1UxbHRUekZyZVZCdFRVSWlMQ0psZUhBaU9qRTJOREV5TXpFME1UaDkuZ2lOWlpPZDhWYkVFbVJBcldLMGYzQU9ZQk9EOTA0RVZGaERoZXowLWlVQSJ9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 19:08:32 GMT
content-encoding: gzip
via: 1.1 google
age: 5450
x-guploader-uploadid: ADPycdtdoAIxG6ymYaUl29pEv3kzOhhQV6J8YcF-OUJVmZjFgyWdMGOwpYp68W0H560-mBxSys4RsvK3zwdUdYqbfjZKSA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55040
last-modified: Wed, 29 Mar 2023 20:39:02 GMT
server: UploadServer
etag: "c16e9e4ebabbec6b8d6c56ab222829df"
vary: Accept-Encoding
x-goog-generation: 1680122342680667
x-goog-hash: crc32c=yT7jbA==, md5=wW6eTrq77GuNbFarIigp3w==
content-type: text/javascript
access-control-allow-origin: *
cache-control: public,max-age=14400
x-goog-stored-content-length: 55040
accept-ranges: bytes

OPTIONS
H/1.1 200
OK graphql
mind-flayer.podium.com// Frame 0
0 195ms
195ms Preflight 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://secure-nwfcu.0436316234378.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
access-control-allow-credentials: true
access-control-allow-headers: accept, content-type, authorization, socket-id, origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
date: Mon, 15 May 2023 20:39:22 GMT
server: Cowboy
vary: origin
x-request-id: F19rqdNS-mXyuvQKimii
x-robots-tag: noindex

POST
H/1.1 200
OK graphql Show response
mind-flayer.podium.com// 2 KB
2 KB 213ms
213ms XHR
application/json 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/widget.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash: f88d6ab196178ead75dd4c11c2eb354a88e5935fd365ca06b2215fe71aedd02c

Request headers

Accept: application/json
Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
server: Cowboy
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
x-robots-tag: noindex
Content-Length: 2092
x-request-id: F19rqd7aPR_nrTwGmVgh

GET
H2 200 anvato.js Show response
segment.psg.nexstardigital.net/ Frame C1A2 107 KB
35 KB 86ms
21ms Script
application/x-javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://segment.psg.nexstardigital.net/anvato.js

Requested by

Host: w3.mp.lura.live
URL: https://w3.mp.lura.live/player/prod/v3/11b37c58/scripts/anvplayer.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2ec52489f5e883826e163d5ca546f99763796e3f0d19d56a221625281d4325ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: FSP2H22S49NEFSTQ
age: 3285
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:564329123274:build/prod-frontend-segment:f270808a-6ea3-4826-8bf6-9111264cee10
x-cache: HIT
x-amz-meta-codebuild-content-md5: b3a67e3876b3ff54e00a2abd1e828fd6
content-length: 35508
x-amz-id-2: qO3WNyN7WlN0YdOIrnNEDpKqVidqmczI9shcYABqm7AsbkHmNZircisIONUMPZGkmXUyh+G+3XY=
x-served-by: cache-fra-etou8220076-FRA
last-modified: Thu, 11 May 2023 19:44:46 GMT
server: AmazonS3
x-timer: S1684183163.821049,VS0,VE0
etag: "ad2796d5141989600dc1ed47d12539de"
vary: Accept-Encoding
content-type: application/x-javascript
x-amz-meta-codebuild-content-sha256: 6b946b7e19fa6f6017b90a30052fd73af3c387879a11de4bbe4d2058c71ec02a
access-control-allow-origin: *
accept-ranges: bytes
x-cache-hits: 17

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/MFcTJHtWNP3JFaAuxU2hutfUL7V6rt6n/ Frame C1A2 355 KB
64 KB 679ms
609ms Script
text/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/MFcTJHtWNP3JFaAuxU2hutfUL7V6rt6n/analytics.min.js
Requested by: Host: segment.psg.nexstardigital.net
URL: https://segment.psg.nexstardigital.net/anvato.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 34752c76a7f92806401e7094fd793e7cfded5efbb902d6fdd3b98dd38a70cafe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: FoU3mdjq.mNF4m0sbt8cGknVuFp0Grf1
content-encoding: gzip
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
date: Mon, 15 May 2023 20:39:24 GMT
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 11 May 2023 21:56:56 GMT
server: AmazonS3
etag: W/"23f6080a82bfab18e1b289661cec4265"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: nDnnc2ubixzmlgCIzGTd-WWx-weq0jF0BXzpVv3G1hiCVAD32JU-zA==

GET
H2 200 PCCF59ED0-F269-4C0C-909A-29BF947A68A3.js Show response
cdn-gl.imrworldwide.com/conf/ Frame C1A2 32 KB
7 KB 95ms
21ms Script
application/javascript 2600:9000:236e:5800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/PCCF59ED0-F269-4C0C-909A-29BF947A68A3.js
Requested by: Host: secure-us.imrworldwide.com
URL: https://secure-us.imrworldwide.com/novms/js/2/ggcmb500.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:5800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: defc355936352f45cfca894208fc8806abb422e850598855785ff1240040d938

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: ETPeCWh71BK4UPP7d0rB3D5J2j009nyS
content-encoding: gzip
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
date: Mon, 15 May 2023 20:29:55 GMT
last-modified: Sun, 14 May 2023 23:19:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 568
x-amz-server-side-encryption: AES256
etag: W/"4eff833458a02d89804e9d520000835b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400,s-maxage=86400
x-amz-cf-id: YISF9xXM83nqSy5i4Il0sbXQjIk56nKz6q1KOC8B29FvSIGExYQpoA==

GET
H/1.1 200
OK F75D2C091A904A7D96AEA24AEFD551A2.jpg
h104216-pcdn.mp.lura.live/iupl_lin/F75/D2C/ Frame C1A2 203 KB
204 KB 21ms
21ms Image
image/jpeg 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/iupl_lin/F75/D2C/F75D2C091A904A7D96AEA24AEFD551A2.jpg?aktaexp=1684186762&aktasgn=91bca292d9a4dbcd490a41583dc411de
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: 7d8b502818ec040c60ab47cc5c46df3364c1a8deef2350a11e46c318e8aad6c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:22 GMT
X-GUploader-UploadID: ADPycduw_mzkogNk8fMw3gMaQTPNNB1tpA696Hg-nFoNJXdP0-tGbHs3N5Tzt2Agz35-QMkMLk7rMbKnwyIrl9zG7Os22RicZrPa
x-goog-storage-class: COLDLINE
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1626239863086286
Connection: Keep-Alive
Content-Length: 208132
Last-Modified: Wed, 20 Apr 2022 06:03:56 GMT
Server: UploadServer
ETag: "1253442255c762eba255cf7c794ee688"
x-goog-generation: 1650434636192298
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=6m6OAw==, md5=ElNEIlXHYuuiVc98eU7miA==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183162.dop272.fr8.t,1684183162.cds155.fr8.shn,1684183162.dop272.fr8.t,1684183162.cds239.fr8.c
x-goog-stored-content-length: 208132
Accept-Ranges: bytes

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ Frame C1A2 199 KB
56 KB 23ms
23ms Script
application/javascript 2600:9000:236e:5800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PCCF59ED0-F269-4C0C-909A-29BF947A68A3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:5800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a4727cf9cbdf4d3bd177c30cfd0ac711122aa967559147ca5d00356a25276007

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: JMCEEH0r3krLgtHHG2sUUB3oElxQgR_1
content-encoding: gzip
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
date: Mon, 15 May 2023 19:41:49 GMT
x-amz-cf-pop: FRA60-P1
age: 3454
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Wed, 03 May 2023 14:06:38 GMT
server: AmazonS3
etag: W/"ad16fca62498be2f4932a7fb978328f8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: EWV_0FN9YBOliwUpj2r_Kux9P6dAn7srIi8DZjshLweEklBecXZOng==

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame 4F86 12 KB
4 KB 21ms
20ms Document
text/html 2600:9000:236e:5800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:5800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Referer: https://w3.mp.lura.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1076
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Mon, 15 May 2023 20:21:28 GMT
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
last-modified: Wed, 03 May 2023 14:06:38 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
x-amz-cf-id: XfNMEAKCLIY9sfNhFddTXEcVkCmgrHyaFVYbfmA4D0JAOsjQpIjiqA==
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: sOPhBD6dNZnw_CngSlOMq0WoSUnYsXuP
x-cache: Hit from cloudfront

GET
H2 200 gn
secure-dcr.imrworldwide.com/cgi-bin/ Frame 4F86 44 B
720 B 58ms
50ms Image
image/gif 52.50.49.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PCCF59ED0-F269-4C0C-909A-29BF947A68A3&sessionId=osoicvhjhvdccksnain6f47md9jbr1684183163&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.662&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=&retry=0
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.49.218 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-49-218.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:39:23 GMT
server: nginx
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-dcr.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
osoicvhjhvdccksnain6f47md9jbr1684183163.nuid.imrworldwide.com/ Frame 4F86 35 B
350 B 123ms
22ms Image
image/gif 2600:9000:223f:600:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://osoicvhjhvdccksnain6f47md9jbr1684183163.nuid.imrworldwide.com/
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:600:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 04:01:28 GMT
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 59876
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 35
x-amz-cf-id: pWo0GU0e1pANhYQh_vjaytTYhUQUePhPt7IxQpgXk5tpIj0dsFSLAw==

POST
H/1.1 200
OK graphql Show response
mind-flayer.podium.com// 38 B
438 B 190ms
190ms XHR
application/json 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/widget.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash: 8a78824e0e4e78e9e0797e8b3e147d290c7e164e8715b6f983efc924214f9f76

Request headers

Accept: application/json
Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:39:22 GMT
server: Cowboy
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
x-robots-tag: noindex
Content-Length: 38
x-request-id: F19rqffsNPw4CA0C7WxC

OPTIONS
H/1.1 200
OK graphql
mind-flayer.podium.com// Frame 0
0 188ms
188ms Preflight 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://secure-nwfcu.0436316234378.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
access-control-allow-credentials: true
access-control-allow-headers: accept, content-type, authorization, socket-id, origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
date: Mon, 15 May 2023 20:39:23 GMT
server: Cowboy
vary: origin
x-request-id: F19rqeyupn-vLksFU92C
x-robots-tag: noindex

GET
H2 200 styles.css
connect.podium.com/ Frame C656 62 KB
10 KB 21ms
21ms Stylesheet
text/css 2600:9000:21f3:2200:1a:3af:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect.podium.com/styles.css
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2200:1a:3af:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 707e3c476b4285ad70e160c5b0f1654d64ac59c8ff09bd521f8a25d67c2a8d2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:07:20 GMT
content-encoding: gzip
via: 1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
last-modified: Tue, 09 May 2023 16:06:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 1924
etag: "2a3a4583301fde784f5b6d49b2d41f9a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=3600
content-length: 10223
x-amz-cf-id: FVSP_O4aBesTZE2ZitC1jqsaIaVRtadE27O5fq-z4OzZJC-WrNfG2A==

GET
H2 200 d2271df8467ecc4941f02087d61c1c1e.woff2
connect.podium.com/ Frame C656 34 KB
34 KB 246ms
204ms Font
binary/octet-stream 2600:9000:21f3:2200:1a:3af:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect.podium.com/d2271df8467ecc4941f02087d61c1c1e.woff2
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2200:1a:3af:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac6e8dbcf906b5d78b6538eea0df8d50e34fdd4ba6a3932bfbf38d4a085e2797

Request headers

Referer: https://connect.podium.com/styles.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:24 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
last-modified: Tue, 09 May 2023 16:06:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
etag: "1d077eb2f892e7f968f043b40b6ae557"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers
content-length: 34640
x-amz-cf-id: QYXIYqhUmH4-NkZx37l2xwE-e1_n8oiOAykdGQvUG-myhH6JbVT9ig==

GET
H2 200 434b2574637d4adc6a5a30864e8c6b3e.woff2
connect.podium.com/ Frame C656 30 KB
30 KB 333ms
292ms Font
binary/octet-stream 2600:9000:21f3:2200:1a:3af:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect.podium.com/434b2574637d4adc6a5a30864e8c6b3e.woff2
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2200:1a:3af:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1edbab3b32d1748ab14e6dfb9f30128ae7ea1e8188ff2afb35c0f6e225bb3a62

Request headers

Referer: https://connect.podium.com/styles.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:24 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
last-modified: Tue, 09 May 2023 16:06:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
etag: "c28f8beb02447597a13d138680f42e65"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers
content-length: 30548
x-amz-cf-id: jMPx9Q3Ug1vS09CPraxqw-3Tklcc9b8jNBYoT8Qelkc3pkQneD08uw==

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 61CC 28 B
54 B 35ms
35ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
X-Goog-Request-Time: 1684183163316
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/AVtu_CKyTdI?&controls=0
X-YouTube-Client-Version: 1.20230509.02.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: Cgs1eEEtZndNWW9tUSj4sIqjBg%3D%3D
X-YouTube-Ad-Signals: dt=1684183161157&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C637%2C358&vis=1&wgl=true&ca_type=image

Response headers

date: Mon, 15 May 2023 20:39:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0
expires: Mon, 15 May 2023 20:39:23 GMT

GET
H/1.1 200
OK 44BB988B8BE744CC98A79B1EA3262998_pvw-M0.jpg
h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/ Frame C1A2 81 KB
82 KB 910ms
910ms Image
image/jpeg 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/44BB988B8BE744CC98A79B1EA3262998_pvw-M0.jpg?aktaexp=1684186762&aktasgn=acb44e0f12b5ee80c1a1e1751d205d49
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: 2c85714fba6a3a836fc6fe45f45dba00f71b0060adc103082cc3a1986a32ece0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:25 GMT
X-GUploader-UploadID: ADPycdu9d9HGL61S9OkwPyDMt1GBqgPDGwfaMLbLK6-nM5LOxKBPWynIEJfMepAdT3d3s3lIk_DVP-BMO3WE5oUrYtq-0w
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1626240007024202
Connection: Keep-Alive
Content-Length: 82533
Last-Modified: Sun, 26 Sep 2021 23:05:02 GMT
Server: UploadServer
ETag: "0fbe7ff57f64c13c2f13ddbe3ae405a1"
x-goog-generation: 1632697502837995
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=kPDKog==, md5=D75/9X9kwTwvE92+OuQFoQ==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183162.dop272.fr8.t,1684183162.cds155.fr8.shn,1684183164.dop272.fr8.t,1684183165.cds318.fr8.c
x-goog-stored-content-length: 82533
Accept-Ranges: bytes

GET
H/1.1 200
OK 44BB988B8BE744CC98A79B1EA3262998_pvw-M1.jpg
h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/ Frame C1A2 92 KB
93 KB 62ms
22ms Image
image/jpeg 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/44BB988B8BE744CC98A79B1EA3262998_pvw-M1.jpg?aktaexp=1684186762&aktasgn=998e6231dfca3aa388446812a26bbfff
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: 165f21b2d1dc8e0683940d9d969e7373e42f038795fe444867033190c6b60cfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:24 GMT
X-GUploader-UploadID: ADPycduZIWXhNMTj65PrmqY3G3Lzwbsus1H_9aidCMxhcA4ZlFct38IBLHXYztD36r0Dcha3BZ4l9AiBSGQm_OP0ME5ZWCKGXR6g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-meta-x-goog-reserved-source-generation: 1626240007213972
x-goog-stored-content-encoding: identity
Connection: Keep-Alive
Content-Length: 94132
Last-Modified: Sun, 26 Sep 2021 23:05:25 GMT
Server: UploadServer
ETag: "71e6cb9a9e2a2f7f67adce152090d813"
x-goog-generation: 1632697525730079
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=7kBnUw==, md5=cebLmp4qL39nrc4VIJDYEw==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183164.dop051.fr8.shc,1684183164.dop051.fr8.t,1684183164.cds243.fr8.c
x-goog-stored-content-length: 94132
Accept-Ranges: bytes

GET
H/1.1 200
OK 44BB988B8BE744CC98A79B1EA3262998_pvw-M2.jpg
h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/ Frame C1A2 67 KB
68 KB 66ms
24ms Image
image/jpeg 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/44BB988B8BE744CC98A79B1EA3262998_pvw-M2.jpg?aktaexp=1684186762&aktasgn=abe8282e371cc2dab09323f9696b0352
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: 2aa1f4cecd0d122366648e8d02cd2df085bf400df7f1a13271fbfce769b932e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:24 GMT
X-GUploader-UploadID: ADPycds0xoYHysqEl_2UPa1n6nzO3qSrz3e0ft5U828cEfvF7TY1jfyce7EoB6rYqpaNCeWkClOgFdHvnJkVnRWgp00CmJ5_GmQ_
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-meta-x-goog-reserved-source-generation: 1626240007399067
x-goog-stored-content-encoding: identity
Connection: Keep-Alive
Content-Length: 68536
Last-Modified: Sun, 26 Sep 2021 23:05:00 GMT
Server: UploadServer
ETag: "3801ee52f1bb7914c5dbb19f28618e0d"
x-goog-generation: 1632697500665988
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=USVV7g==, md5=OAHuUvG7eRTF27GfKGGODQ==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183164.dop120.fr8.shc,1684183164.dop120.fr8.t,1684183164.cds002.fr8.c
x-goog-stored-content-length: 68536
Accept-Ranges: bytes

GET
H/1.1 200
OK 44BB988B8BE744CC98A79B1EA3262998_pvw-M00.jpg
h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/ Frame C1A2 79 KB
80 KB 67ms
25ms Image
image/jpeg 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/44BB988B8BE744CC98A79B1EA3262998_pvw-M00.jpg?aktaexp=1684186762&aktasgn=f5134f8b25b7794fcb64ae12f251a2e3
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: eff61cc6d98ea25bf117b6ea6713ff5caa1f69f482a148c5be933a2497a98f57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:24 GMT
X-GUploader-UploadID: ADPycdvQbmEE7lgibxtOYbmSHz8njs4SpWacycZTzQlGP3ESodTrHR9-aQ5FEeiZYGJ7IV1K6UIdi8BtMMWA4wK1t9qhxYfEFBBr
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1626240007513271
Connection: Keep-Alive
Content-Length: 80869
Last-Modified: Sun, 26 Sep 2021 23:05:35 GMT
Server: UploadServer
ETag: "17b9a9cdd32ca5fa26f4590690947903"
x-goog-generation: 1632697535870089
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=ftJBJA==, md5=F7mpzdMspfom9FkGkJR5Aw==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183164.dop101.fr8.shc,1684183164.dop101.fr8.t,1684183164.cds330.fr8.c
x-goog-stored-content-length: 80869
Accept-Ranges: bytes

GET
H/1.1 200
OK 44BB988B8BE744CC98A79B1EA3262998_pvw-hi.bif
h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/ Frame C1A2 16 KB
16 KB 66ms
24ms Image
binary/octet-stream 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/44BB988B8BE744CC98A79B1EA3262998_pvw-hi.bif?aktaexp=1684186762&aktasgn=c5af8dcf141fc4803aad39b9dced639b
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:24 GMT
X-GUploader-UploadID: ADPycdtlgm6NQhPu23V9nZA68tBw_PMJBX9tRg9NB9puM3vWx8laKrKc14FGStAB8TTGC-13Cg4ttJrIfSGLq_3pAirGCg
x-goog-storage-class: COLDLINE
x-goog-metageneration: 1
x-goog-meta-x-goog-reserved-source-generation: 1626240007798272
x-goog-stored-content-encoding: identity
Connection: Keep-Alive
Content-Length: 4655239
Last-Modified: Sun, 26 Sep 2021 23:05:03 GMT
Server: UploadServer
ETag: "43ff04df7f30feb6b54e1b2c56161110"
x-goog-generation: 1672104655745691
Content-Type: binary/octet-stream
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=/KpYRQ==, md5=Q/8E338w/ra1ThssVhYREA==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183164.dop159.fr8.shc,1684183164.dop159.fr8.t,1684183164.cds133.fr8.c
x-goog-stored-content-length: 4655239
Accept-Ranges: bytes

GET
H/1.1 200
OK 44BB988B8BE744CC98A79B1EA3262998_pvw-med.bif
h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/ Frame C1A2 16 KB
16 KB 66ms
24ms Image
binary/octet-stream 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/44BB988B8BE744CC98A79B1EA3262998_pvw-med.bif?aktaexp=1684186762&aktasgn=b103de6c44b338d345f591eee3ef32a6
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:24 GMT
X-GUploader-UploadID: ADPycdtZk_a_ty2ZyBvgWl4yhEO9CZWpaLNdZIK81W8f8fBwuylY-sO7bTTj81LS6VIAUJUp9mjNfqYcuu4GdzOzkxXRjvK1usLr
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-meta-x-goog-reserved-source-generation: 1626240007924017
x-goog-stored-content-encoding: identity
Connection: Keep-Alive
Content-Length: 1443156
Last-Modified: Sun, 26 Sep 2021 23:05:23 GMT
Server: UploadServer
ETag: "66aef06bfb2d2af920a128406f939352"
x-goog-generation: 1632697523006112
Content-Type: binary/octet-stream
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=ndu90g==, md5=Zq7wa/stKvkgoShAb5OTUg==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183164.dop017.fr8.shc,1684183164.dop017.fr8.t,1684183164.cds287.fr8.c
x-goog-stored-content-length: 1443156
Accept-Ranges: bytes

GET
H/1.1 200
OK 44BB988B8BE744CC98A79B1EA3262998_pvw-lo.bif
h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/ Frame C1A2 16 KB
16 KB 50ms
25ms Image
binary/octet-stream 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h104216-pcdn.mp.lura.live/pvw_lin/44B/B98/44BB988B8BE744CC98A79B1EA3262998_pvw-lo.bif?aktaexp=1684186762&aktasgn=5d10f9fb1f219c77413017e786125ad9
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w3.mp.lura.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:39:24 GMT
X-GUploader-UploadID: ADPycdv5dubfhbuA7NhF6P93RXTytkC8ICxAYHFSCQ9u7onteCEi_IOB_3WokxWQSoWSXYcVeGKAaJ-4REeYaB8eTM3X0Q
x-goog-storage-class: COLDLINE
x-goog-metageneration: 1
x-goog-meta-x-goog-reserved-source-generation: 1626240008090561
x-goog-stored-content-encoding: identity
Connection: Keep-Alive
Content-Length: 462587
Last-Modified: Sun, 26 Sep 2021 09:48:53 GMT
Server: UploadServer
ETag: "79a52ab1635656d40cac5608135dd776"
x-goog-generation: 1672104656092859
Content-Type: binary/octet-stream
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=LecgKA==, md5=eaUqsWNWVtQMrFYIE13Xdg==
Access-Control-Expose-Headers: Content-Type, Range, Accept
Cache-Control: max-age=3600,public
X-HW: 1684183164.dop120.fr8.shc,1684183164.dop120.fr8.t,1684183164.cds101.fr8.c
x-goog-stored-content-length: 462587
Accept-Ranges: bytes

OPTIONS
H/1.1 200
OK graphql
mind-flayer.podium.com// Frame 0
0 193ms
193ms Preflight 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://secure-nwfcu.0436316234378.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
access-control-allow-credentials: true
access-control-allow-headers: accept, content-type, authorization, socket-id, origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
date: Mon, 15 May 2023 20:39:25 GMT
server: Cowboy
vary: origin
x-request-id: F19rqmQsOvdqg18Fb5fx
x-robots-tag: noindex

POST
H/1.1 200
OK graphql Show response
mind-flayer.podium.com// 38 B
438 B 191ms
190ms XHR
application/json 35.160.57.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mind-flayer.podium.com//graphql
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/widget.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.160.57.224 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-160-57-224.us-west-2.compute.amazonaws.com
Software: Cowboy /
Resource Hash: 8a78824e0e4e78e9e0797e8b3e147d290c7e164e8715b6f983efc924214f9f76

Request headers

Accept: application/json
Referer: https://secure-nwfcu.0436316234378.online/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:39:25 GMT
server: Cowboy
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure-nwfcu.0436316234378.online
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
x-robots-tag: noindex
Content-Length: 38
x-request-id: F19rqm9uG-s-L8kFVBji

GET
H2 200 styles.css
connect.podium.com/ Frame 985C 62 KB
10 KB 26ms
26ms Stylesheet
text/css 2600:9000:21f3:2200:1a:3af:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect.podium.com/styles.css
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2200:1a:3af:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 707e3c476b4285ad70e160c5b0f1654d64ac59c8ff09bd521f8a25d67c2a8d2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:07:20 GMT
content-encoding: gzip
via: 1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
last-modified: Tue, 09 May 2023 16:06:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 1926
etag: "2a3a4583301fde784f5b6d49b2d41f9a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=3600
content-length: 10223
x-amz-cf-id: l_TSteHXhahPB2kz-UVM-w0Ab0yC3n85EThG87hW_CAeRlW6f23f_g==

GET
H2 200 defaultWebchatPinkAvatar.png
assets.podium.com/images/ Frame 985C 241 KB
242 KB 105ms
26ms Image
image/png 2600:9000:211e:6a00:1f:7c97:a480:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.podium.com/images/defaultWebchatPinkAvatar.png
Requested by: Host: secure-nwfcu.0436316234378.online
URL: https://secure-nwfcu.0436316234378.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:6a00:1f:7c97:a480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28011ddd7bdae190a67367074378ddaabee0ffe3560b7fa40144e16e7984fce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-nwfcu.0436316234378.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: ht52AYtPtu_2..i0YhI1sBNTg142u2nN
date: Mon, 15 May 2023 19:48:44 GMT
via: 1.1 f891d17fa862cc74a05434e03fa58dca.cloudfront.net (CloudFront)
last-modified: Tue, 14 Feb 2023 18:03:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 3042
etag: "b22b5db1a91f838da14ed56b4683a8f7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
content-length: 247234
x-amz-cf-id: 9ige8sDWV3myL8cszV9GXyH_LFurNhG8FQDFMZsL4f5SNvrNw_j3kQ==

GET
H2 200 d2271df8467ecc4941f02087d61c1c1e.woff2
connect.podium.com/ Frame 985C 34 KB
34 KB 30ms
27ms Font
binary/octet-stream 2600:9000:21f3:2200:1a:3af:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect.podium.com/d2271df8467ecc4941f02087d61c1c1e.woff2
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2200:1a:3af:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac6e8dbcf906b5d78b6538eea0df8d50e34fdd4ba6a3932bfbf38d4a085e2797

Request headers

Referer: https://connect.podium.com/styles.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:24 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 2
x-cache: Hit from cloudfront
content-length: 34640
last-modified: Tue, 09 May 2023 16:06:44 GMT
server: AmazonS3
etag: "1d077eb2f892e7f968f043b40b6ae557"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers
x-amz-cf-id: wEnNs9OfrNPQb67LUZrMnruVQnwjl7baGkU8Z0sPqi7MkmynYsE7og==

GET
H2 200 434b2574637d4adc6a5a30864e8c6b3e.woff2
connect.podium.com/ Frame 985C 30 KB
30 KB 38ms
35ms Font
binary/octet-stream 2600:9000:21f3:2200:1a:3af:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://connect.podium.com/434b2574637d4adc6a5a30864e8c6b3e.woff2
Requested by: Host: connect.podium.com
URL: https://connect.podium.com/styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2200:1a:3af:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1edbab3b32d1748ab14e6dfb9f30128ae7ea1e8188ff2afb35c0f6e225bb3a62

Request headers

Referer: https://connect.podium.com/styles.css
Origin: https://secure-nwfcu.0436316234378.online
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:39:24 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 2
x-cache: Hit from cloudfront
content-length: 30548
last-modified: Tue, 09 May 2023 16:06:44 GMT
server: AmazonS3
etag: "c28f8beb02447597a13d138680f42e65"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers
x-amz-cf-id: 4EX3TkdrgoecCANP6biBcWS9vhsKEZPVIFIdgmp7IV4oopUdyoRUoA==

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.0436316234378.online/	1970-01-20 13:59:19	Name: _gcl_au Value: 1.1.763993906.1684183161
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 8fk2_zhpVgc
.youtube.com/	1970-01-20 16:08:55	Name: VISITOR_INFO1_LIVE Value: 5xA-fwMYomQ
.0436316234378.online/	1970-01-20 21:25:43	Name: _ga_885Q0S9Y9J Value: GS1.1.1684183161.1.0.1684183161.0.0.0
.0436316234378.online/	1970-01-20 21:25:43	Name: _ga Value: GA1.2.133886190.1684183161
.0436316234378.online/	1970-01-20 11:51:09	Name: _gid Value: GA1.2.1888424430.1684183161
.0436316234378.online/	1970-01-20 11:49:43	Name: _gat_gtag_UA_119866447_1 Value: 1
.doubleclick.net/	1970-01-20 11:49:44	Name: test_cookie Value: CheckForPermission
.0436316234378.online/	1970-01-20 13:59:19	Name: _fbp Value: fb.1.1684183161151.1314579758
.0436316234378.online/	1970-01-20 20:35:19	Name: AMP_MKTG_16a5c84b5b Value: JTdCJTdE
.0436316234378.online/	1970-01-20 20:35:19	Name: AMP_16a5c84b5b Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJkMTcyNmI1Yy1mZGYyLTQzODctOGFhYi03OTA4MjdmNTFhNzQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNjg0MTgzMTYxNjY0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTY4NDE4MzE2MTY3NCU3RA==
.imrworldwide.com/	1970-01-20 21:11:19	Name: IMRID Value: 933e0a41-f360-11ed-bcdf-d9609d1197ef

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

access.mp.lura.live
api.scheduleengine.net
api2.analyticspodium.com
assets.podium.com
cdn-gl.imrworldwide.com
cdn.jsdelivr.net
cdn.segment.com
connect.facebook.net
connect.podium.com
dcs-vod.mp.lura.live
embed.scheduleengine.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
h104216-pcdn.mp.lura.live
i.ytimg.com
imasdk.googleapis.com
jnn-pa.googleapis.com
lab.analyticspodium.com
mgstatic.net
mind-flayer.podium.com
osoicvhjhvdccksnain6f47md9jbr1684183163.nuid.imrworldwide.com
region1.google-analytics.com
s0.2mdn.net
secure-dcr.imrworldwide.com
secure-nwfcu.0436316234378.online
secure-us.imrworldwide.com
segment.psg.nexstardigital.net
static.doubleclick.net
stats.g.doubleclick.net
tkx.mp.lura.live
w3.mp.lura.live
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
107.21.59.206
142.250.186.162
148.62.54.20
151.101.2.133
2001:4860:4802:32::178
2001:4860:4802:34::36
2600:1901:0:24e1::
2600:1901:0:2954::
2600:1901:0:7abc::
2600:1901:0:cb53::
2600:9000:211e:6a00:1f:7c97:a480:93a1
2600:9000:2156:5200:6:107a:b040:93a1
2600:9000:21f3:2200:1a:3af:f5c0:93a1
2600:9000:223f:600:1d:667e:2a40:93a1
2600:9000:236e:5800:2:42d9:3100:93a1
2a00:1450:4001:800::200a
2a00:1450:4001:803::2003
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2001
2a00:1450:4001:811::2006
2a00:1450:4001:812::2016
2a00:1450:4001:813::2006
2a00:1450:4001:827::2003
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200a
2a00:1450:400c:c0c::9a
2a02:4780:b:1094:0:3b0f:90dc:2
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:400::485
35.160.57.224
52.10.187.193
52.24.147.221
52.50.49.218
69.16.175.42
99.86.8.175
00eec35078bca2f5620072245d004fab9d08cf0176e3ae749f52e731c84fb1f3
01bd3be3620c1e3b8390b7eb08798f0cac597049bd2276d0b531010fe9910962
0436dd67c8f1197066c08cda1ab938c4e53f30b9bff3740d36725abddfc82397
05de632d93371037df3a75de88d391cdef399a47c98636b832839650a0ef33c7
0ae7ad1e96fa3a686276d5b6696a4704ee8c1594a974392b784dcd5889380d59
0bcf8593bd967e3cbf34b57858901fb6c9d8e7d5254b5b24798f14260c9127e5
165f21b2d1dc8e0683940d9d969e7373e42f038795fe444867033190c6b60cfa
166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0
1804940bab9497accd774bf71ed5777ac803859c10efc54e312c4457fc616427
18a23260b5955f50eb02509c542fc32452e43d429801d09b1854d9ea937397f2
1af5c9b99eb04677c251b0fd92deb051c18a0c302193b8303f421d4797ce9d24
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d9d9d8bfa0d5c8366e7955cd7cca1587e3fad8acdec8e25abb7f2032c5b190b
1dc4b29dd0acbed77ec2fd81036c33efd4ab5989e8182705a30615a00a0117f7
1edbab3b32d1748ab14e6dfb9f30128ae7ea1e8188ff2afb35c0f6e225bb3a62
1eeda2cbccde77dba773c200d1ed8ef9d4fdf62f33657f7f23737711f8bc0dc1
20964a605d0b8d6081a35c90083afc33f562778d1f9c7d8ff470e4bb5ad06d6a
21bca20dfb4289bac90893b9cd94b577e90b3621d7aaf70d0a7db3aec11ecf39
235918ff124abb3cfaffaf3f211761ef02b20a7edc855f7e5f9e7104eda2b4d0
28011ddd7bdae190a67367074378ddaabee0ffe3560b7fa40144e16e7984fce1
2a2950830dd45881c784a4a8e6ee4c38ff9dafb9cb831a551224ae096ad6aebb
2aa1f4cecd0d122366648e8d02cd2df085bf400df7f1a13271fbfce769b932e6
2c85714fba6a3a836fc6fe45f45dba00f71b0060adc103082cc3a1986a32ece0
2ec52489f5e883826e163d5ca546f99763796e3f0d19d56a221625281d4325ad
32c1a77261f24564e5cc997fea9be3d66e2952cdf087a6b64449003624e27b7d
34752c76a7f92806401e7094fd793e7cfded5efbb902d6fdd3b98dd38a70cafe
3a1072fc5e60a404c249f32eef7ebbeec0722a2fc6ecce393926a39ba8075293
3c7e82cf32b6d4453a2fa7389cf2b341b98d7831a108fe96b5373a3a59f28a5e
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4404bfed5e96de9d7f63a1b04ecb94c2e61af2b2fadb76c43a266aaf551c9685
461555d507bd6ca4cde79db14a279e6aeada8e8fe6994741fe2415a9d36b89d4
482a4b79b73038ec4106830b6c2eee3c112ff427c0880e038114cb7743faf110
48a391f29bc14459aa881d701beed00820c0b7ef72aa0a85fc08d6e21d169ec1
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4bb12ea6da4a34d39e8cd0dcd4ffb612335d841d6b1796a73d49543e514ae1d9
4e4cc2d5669ad1bb831c050c273dbf760a070eb5f413458cf5cd7625c594a583
4eb5fefb8416c598f01847e5b53605cc6d3ffb3784067dba4185954a19ef2fe5
4ef6c96d67c9121b13da6f6996852e69d37bb4dd2e43383ea31fea9afee384ad
501169d421b29fbad700ef2e6bfd688f92078a081759607e4275bd036dd8c05b
50885f3b48f3051eb54aedc5ceacbff40db351b90550ee83ea6d21eef5f80f98
50cbc4fe4d4865dbc4ae75cf4deb2059ea1e137e10440fc571a7f6660a127ea4
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
5518c433a8d4a0fd38fd62f99bddcbfa6c66f2a680bf919668793cde3d44fa84
59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5df2942db2352e49e00bcf3393b875a71d0acee986e48fbdcc5879846f5c3689
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
624d804a6a829543720ef03077e94a8ef192a873afdfabae9c8542c1f63ae5ca
642a400039a41170589c933fd106710a2100d06d2c0d5e8150d21a5d89f30ce8
64e946bfa9f77cd5d043de00fb8163ae1b8da603b29e179162db73f8da7fcfba
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6996e2a02589f4ffe5d4279d5e2441ba1213a47957c1882a755b1403a0ea67d9
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
6f618ce23b07768d4d148b78d336504c4d634d3b823514b50a0c14f73e5b3343
6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf
707e3c476b4285ad70e160c5b0f1654d64ac59c8ff09bd521f8a25d67c2a8d2b
70dead5d386331dae8635aa50e338b73459abfea230db76536dca64c8a715603
71111465c15a7fb991a78f7f412f36274d84f585ddb217feb1ba9e984b5ab2c3
7536f0df059eb4232aeb10fa05bd89b6da621240062499542da570d39fb833ba
789c6f081d2f9e3e635192bb087967e078b7f9952e8214c4e747f7ecc51680f7
7d8b502818ec040c60ab47cc5c46df3364c1a8deef2350a11e46c318e8aad6c8
8038dc724e4275d5c5b52b94fb45b205652be3d939a45bc61c74f3f161f8edf9
81556f38ccd763884270a287d8602759ecca85ec4f93548631550b4514393d46
8158ef9b95cd261be4d1ae9495472c1ce8e470c43d1a782367ae24d0d5aac39a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85daf30b2866d34d80bab8e48611b28c70627c3f413be83fbe303b0c3eb50aa7
8695f5fc64d65593f9763a5b28d14bc34e3cf802317e1ffad2125a7c8fedfafe
87b0f773eead8e55975865702443ff2aa67b8af899ba9b3510eaacc47445ec8a
8a78824e0e4e78e9e0797e8b3e147d290c7e164e8715b6f983efc924214f9f76
8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2
8cc736434fa699fbf9dc466e08f5e8891acb9db3a1fc5a92bc7ac068a57df0f2
8dcee59828f1423ecefd552dd353e25bd4ac38a9557ee084604ee7c2d41d9b98
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
993c58ad3f0e7d5344de2eb67b12ea9b747a6200c990b88e0b7922a211966bc4
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
a4727cf9cbdf4d3bd177c30cfd0ac711122aa967559147ca5d00356a25276007
a58e3a7f70f9ff30b74124150cfdd6ecf164baffe00eea93cb1c3f26f5d058b9
a96c21672b34a2f47197f6d5ae5ae4b6012d6fac6cfca1c851f66901c9c8abf4
ab173fbdeb26280b42db9bf82f9bc3f073649f1265a8ab837d87ae974e63b1be
ac6e8dbcf906b5d78b6538eea0df8d50e34fdd4ba6a3932bfbf38d4a085e2797
acb5776aac95fee6d653c9bc4528d6380620f45957ea21d42f14e08139abd2a3
b510a882c697c69a11442c364a3e878dd12729f27c01c3b8054c643456034932
b9b41bbb484aeedab598c24291942c8c2d0af98bdba3b430bf8fcd2cb709198a
bb113b603e9610cc1d88469ef1b09e3615d79193def3e9ffc40130a30d0c4639
bce69b99a25990319b4467248aabd7fe198c1febe6faefa162158ff40c0fd70d
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bde45659d6d7f19d4b596713699b9579306a45ad7255653f88a837fadd7c7b7f
be0d9d388a386c84cf9f28fbb1ee01a630eefcdef95472b627739960fba2e3b0
be65582299218fb5a711433237048116d34f0a16c20fab607866493a35b48077
c0ebb690b8d09650336ec7a8fa9a6a4acac01fd95326468457ba0dee09a5ac26
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d328e9bd93120a74bad43d6e4c60e0b4da8b85f4f5d41d5b300aad1d807c14d6
d57f694fd6b588fb29855a79d22a56f9f1785cb73491fa24959fc25e01fe3477
d70d9853ff87464d69a8174e3a76633bf29e45aaafcbccb214c10722b2b9714c
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d874ba7d932f73df5bc8501b80fdc1afeef566768248b7f06e392571f562b8ad
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
dc143132f10a2b1a8ddde03dae84d252768c2d3e30bf21704dd376c3f05704fe
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
defc355936352f45cfca894208fc8806abb422e850598855785ff1240040d938
e1782111a7bf98ad5d09f5930095f7d640337c3c2ef2f17878acba818092d538
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5922f45d51b849a101d681ef7381916fee5ff968ebf4936622d9452523335be
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
eccf57b62dbae261e99c42c11f1d643aa66362fc72a0696be044a75466ba5202
ed0623e70b742bd75c74f1524c9b73409f3132aec7cda49ffd6727ea7550fcdc
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff61cc6d98ea25bf117b6ea6713ff5caa1f69f482a148c5be933a2497a98f57
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
f6830e1d7fe50cf6357510318f5a0f3811f8cb13d89b4c6533f13ea3203b94ed
f8477ab6a5f6365f967d615950452e5f7221c1bbd54ddcb82da963b5b0c7a5e0
f88d6ab196178ead75dd4c11c2eb354a88e5935fd365ca06b2215fe71aedd02c
fb4bcb2b518dee77366120aa3f970e7075bac4b890008828d057e650e9b775f2
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df

secure-nwfcu.0436316234378.online Open in urlscan Pro 2a02:4780:b:1094:0:3b0f:90dc:2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

140 Requests

99 %HTTPS

75 %IPv6

24 Domains

41 Subdomains

40 IPs

4 Countries

5962 kBTransfer

14362 kBSize

12 Cookies

10 Outgoing links

Redirected requests

140 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

secure-nwfcu.0436316234378.online Open in urlscan Pro
2a02:4780:b:1094:0:3b0f:90dc:2 Public Scan

Screenshot
Live screenshot

Full Image

140
Requests

99 %
HTTPS

75 %
IPv6

24
Domains

41
Subdomains

40
IPs

4
Countries

5962 kB
Transfer

14362 kB
Size

12
Cookies

140 HTTP transactions
5 data transactions