billing.klouser.app Open in urlscan Pro
2600:9000:20ae:aa00:1c:1f84:2200:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://billing.klouser.app/
Submission: On August 20 via automatic, source certstream-suspicious (August 20th 2024, 7:15:44 am UTC) — Scanned from DE

Summary HTTP 42 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 23 IPs in 4 countries across 16 domains to perform 42 HTTP transactions. The main IP is 2600:9000:20ae:aa00:1c:1f84:2200:93a1, located in United States and belongs to AMAZON-02, US. The main domain is billing.klouser.app.
TLS certificate: Issued by Amazon RSA 2048 M01 on September 20th 2023. Valid for: a year.

This is the only time billing.klouser.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2600:9000:20a... 2600:9000:20ae:aa00:1c:1f84:2200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	104.21.234.234 104.21.234.234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.230.228.26 54.230.228.26	16509 (AMAZON-02) (AMAZON-02)
4	52.2.144.69 52.2.144.69	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
4	151.101.67.9 151.101.67.9	54113 (FASTLY) (FASTLY)
2	3.33.182.45 3.33.182.45	16509 (AMAZON-02) (AMAZON-02)
2	3.223.63.250 3.223.63.250	14618 (AMAZON-AES) (AMAZON-AES)
1	18.173.154.70 18.173.154.70	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2620:1ec:29:1... 2620:1ec:29:1::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:1f18:24e... 2600:1f18:24e6:b901:75de:220c:b2a8:42b7	14618 (AMAZON-AES) (AMAZON-AES)
1	54.230.228.64 54.230.228.64	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c02::9b	15169 (GOOGLE) (GOOGLE)
1	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
1	2600:1f18:24e... 2600:1f18:24e6:b900:1933:3aac:154f:f044	14618 (AMAZON-AES) (AMAZON-AES)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	51.8.44.252 51.8.44.252	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.173.187.102 18.173.187.102	16509 (AMAZON-02) (AMAZON-02)
1	15.197.170.90 15.197.170.90	16509 (AMAZON-02) (AMAZON-02)
42	23

4 2600:9000:20ae:aa00:1c:1f84:2200:93a1 (United States)

ASN16509 (AMAZON-02, US)

billing.klouser.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.234.234 (None, )

ASN13335 (CLOUDFLARENET, US)

rsms.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-26.muc50.r.cloudfront.net

www.mercadopago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.2.144.69 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-144-69.compute-1.amazonaws.com

api.mercadopago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.67.9 (San Francisco, United States)

ASN54113 (FASTLY, US)

sdk.split.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.182.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: a35f64fceb718ad27.awsglobalaccelerator.com

www.mercadolibre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.223.63.250 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-223-63-250.compute-1.amazonaws.com

auth.split.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.154.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-70.muc50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:29:1::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:24e6:b901:75de:220c:b2a8:42b7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

session-replay.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-64.muc50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c02::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:24e6:b900:1933:3aac:154f:f044 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.8.44.252 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

f.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.187.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-102.muc50.r.cloudfront.net

www.mercadolivre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.170.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: a35f64fceb718ad27.awsglobalaccelerator.com

www.mercadolibre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	split.io sdk.split.io — Cisco Umbrella Rank: 3177 auth.split.io — Cisco Umbrella Rank: 3740	15 KB
5	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 1114 f.clarity.ms — Cisco Umbrella Rank: 17935	28 KB
5	mercadopago.com www.mercadopago.com — Cisco Umbrella Rank: 105578 api.mercadopago.com — Cisco Umbrella Rank: 28281	18 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	377 KB
4	klouser.app billing.klouser.app	547 KB
3	mercadolibre.com www.mercadolibre.com — Cisco Umbrella Rank: 35642	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	4 KB
2	browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com — Cisco Umbrella Rank: 15941 rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 4625	296 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	75 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1335 script.hotjar.com — Cisco Umbrella Rank: 2017	61 KB
1	mercadolivre.com www.mercadolivre.com — Cisco Umbrella Rank: 165361	2 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6716	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	257 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3773
1	rsms.me rsms.me — Cisco Umbrella Rank: 24298	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
42	16

	Domain	Requested by
4	sdk.split.io	billing.klouser.app
4	www.googletagmanager.com	billing.klouser.app www.googletagmanager.com
4	api.mercadopago.com	www.mercadopago.com billing.klouser.app
4	billing.klouser.app	billing.klouser.app
3	f.clarity.ms	billing.klouser.app
3	www.mercadolibre.com	billing.klouser.app
2	www.facebook.com	billing.klouser.app
2	www.clarity.ms	billing.klouser.app www.clarity.ms
2	connect.facebook.net	billing.klouser.app connect.facebook.net
2	auth.split.io	billing.klouser.app
1	www.mercadolivre.com
1	rum.browser-intake-datadoghq.com	billing.klouser.app
1	www.google.de	billing.klouser.app
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	billing.klouser.app
1	script.hotjar.com	static.hotjar.com
1	session-replay.browser-intake-datadoghq.com	billing.klouser.app
1	static.hotjar.com	www.googletagmanager.com
1	www.mercadopago.com	billing.klouser.app
1	rsms.me	billing.klouser.app
1	fonts.googleapis.com	billing.klouser.app
42	21

This site contains links to these domains. Also see Links.

Domain
rebill.com
www.rebill.com

Subject Issuer	Validity	Valid
*.klouser.app Amazon RSA 2048 M01	`2023-09-20` - `2024-10-18`	a year	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
rsms.me WE1	`2024-06-23` - `2024-09-21`	3 months	crt.sh
*.mercadopago.com Amazon RSA 2048 M02	`2023-12-07` - `2025-01-04`	a year	crt.sh
api.mercadopago.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-14` - `2025-02-13`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.split.io GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-04-04` - `2025-05-06`	a year	crt.sh
*.mercadolibre.com Amazon RSA 2048 M02	`2023-12-06` - `2025-01-04`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-29` - `2024-08-27`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.browser-intake-datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-14` - `2025-05-17`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.de WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
*.mercadolivre.com Amazon RSA 2048 M02	`2023-12-06` - `2025-01-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://billing.klouser.app/
Frame ID: CA744C402A0D08F661C51ADC20D91917
Requests: 36 HTTP requests in this frame

Frame: https://www.mercadolibre.com/jms/lgz/background?dps=armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc562.f11821e982577fa34c4f4b8c975b9c4a
Frame ID: 0A3415286A941413F240C88CB739EC6B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Rebill | Checkout

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Page Statistics

42
Requests

98 %
HTTPS

45 %
IPv6

16
Domains

21
Subdomains

23
IPs

4
Countries

1131 kB
Transfer

4399 kB
Size

14
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://rebill.com/?utm_source=checkout_landing
Title: © Rebill

Search URL Search Domain Scan URL

URL: https://www.rebill.com/terminos-y-condiciones-usuarios-finales
Title: Términos y Condiciones

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
billing.klouser.app/ 1 KB
1 KB 520ms
55ms Document
text/html 2600:9000:20ae:aa00:1c:1f84:2200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:aa00:1c:1f84:2200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

69e3071e263f93544e22af1c6a0765e52c1136b3dee33b2eb5525a78357c79d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age: 933
cache-control: no-store
content-encoding: gzip
content-type: text/html
date: Tue, 20 Aug 2024 06:59:58 GMT
etag: W/"1c6bc7b2a760c7c94418ff048b36ac82"
last-modified: Fri, 09 Aug 2024 15:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 b87d7a7588235c761c8602f922d332f4.cloudfront.net (CloudFront)
x-amz-cf-id: AKJg-i7XgASYs0bW7jCkaojh26G4CV427jvUqg9J4fywvaU6KAFlkw==
x-amz-cf-pop: MUC50-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: bqpqJ2uTk_rbu7EkXNf3GBQBzSxPPrBx
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 369ms
58ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro&display=swap

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3845d7a96aff3c44841ce546930e30c6083a6a89ae841e27099d7d9f9f72cba0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Aug 2024 07:15:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Aug 2024 06:36:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Aug 2024 07:15:30 GMT

GET
H3 200 inter.css
rsms.me/inter/ 7 KB
1 KB 309ms
75ms Stylesheet
text/css 104.21.234.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rsms.me/inter/inter.css
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.234.234 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fedfb7def1421aa9d58d1732be7164e33eec27b9c87193e010b9ddaa67b6a18

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits: 1
x-fastly-request-id: ff0a680a037d01e8b0930c2fc751dde00592cb18
date: Tue, 20 Aug 2024 07:15:30 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Tue, 20 Aug 2024 04:48:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 467
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 712
x-served-by: cache-fra-eddf8230031-FRA
last-modified: Mon, 25 Mar 2024 16:53:19 GMT
server: cloudflare
x-github-request-id: 95EE:0E80:89BDC6B:8C0DCFA:6601AC09
x-timer: S1711385625.802544,VS0,VE4
etag: W/"6601abff-1b8d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iqsBad3zDgFV0DpyXO07faMIqhntHOZ%2BGZaaAWuBlw9ElmQ%2BSeeB3Eg3tp1ZB0sLz%2FHTVf1H7Xzl0Dz%2FD5%2FwYZJMv0%2B6Gd4mXY9cKXLY%2BCZL%2ByEnsC17C1l3"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8b6097b5b94c9b39-FRA
x-proxy-cache: HIT

GET
H2 200 security.js Show response
www.mercadopago.com/v2/ 4 KB
3 KB 474ms
159ms Script
application/javascript 54.230.228.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mercadopago.com/v2/security.js

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.230.228.26 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-230-228-26.muc50.r.cloudfront.net

Software

Resource Hash

80e556ea92c4329fd3dc5ed0353ddb3a02e5778eab668c0302c896c0828aa94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-meli-trace-site: UNKNOWN
date: Tue, 20 Aug 2024 07:15:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-d2id: 0c8f95f6-3f44-4adc-a1ac-a8be4d3eec1d
content-encoding: gzip
x-b3-traceid: d4c364350aafc24b
via: 1.1 e18c612d6dd4d2546736ebc7db886b6a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P5
x-cache: Miss from cloudfront
x-transaction-name: get_off_widget_v2
alt-svc: h3=":443"; ma=86400
x-meli-trace-platform: /web/desktop
x-xss-protection: 1; mode=block
x-source-ip: 80.255.7.122
x-request-id: 0c8f95f6-3f44-4adc-a1ac-a8be4d3eec1d
referrer-policy: no-referrer-when-downgrade
x-trace-digest-33: h1whuhdQJKO98fcQwpc6Iwz8BqcMAGu3ltv7K+IMqmFNg+GUHDokJTVZhwePdNgam2A0G9HF+OB6TFW4dwkYUvmkIjwk0OLMx2FCMDaLUktMZZgRE/j9aAciRu4m9VzBmRbIP7G66pYuoMRXQClc2hBro7D9S778ENB4qWMR0Qf75b+5TyNWwEdBJkLdFmMGKhomlSPSgbY/lt2xhc/p3Wv01OTK34GbcWnf+WaOzppBkHl4FLftwSDNFEJbEG4N
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, private, no-store, no-cache, must-revalidate
x-b3-spanid: d4c364350aafc24b
x-b3-sampled: 0
x-meli-trace-bu: mercadopago
x-amz-cf-id: 5W1kt_c4xzT-e4hOrf5aJDJ3F8DKAKeB3fLVqDjCzw-ze_X9XLKZ4w==
x-request-device-id: 0c8f95f6-3f44-4adc-a1ac-a8be4d3eec1d

GET
H2 200 main.bundle.js Show response
billing.klouser.app/ 2 MB
478 KB 555ms
545ms Script
text/javascript 2600:9000:20ae:aa00:1c:1f84:2200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.klouser.app/main.bundle.js

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:aa00:1c:1f84:2200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9733e225399dca8d602dd5456a0355ffbde116feef6fa7065e92c65cb9089600

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:32 GMT
x-amz-version-id: lWDq9IH3K4bVO2MAfQLx3umxWQJqBcAi
content-encoding: br
x-content-type-options: nosniff
via: 1.1 b87d7a7588235c761c8602f922d332f4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000
x-amz-cf-pop: MUC50-P5
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 09 Aug 2024 15:05:29 GMT
server: AmazonS3
etag: W/"8f2324423097b754322b4895ff7e8d1f"
vary: Accept-Encoding
content-type: text/javascript
cache-control: no-store
x-amz-cf-id: LW_18H18NkjabQm5FQphGOdFdtx5fqPY5XlLzIBQsbYdsTDsP1QFjw==

GET
H2 200 main.bundle.css
billing.klouser.app/ 595 KB
67 KB 490ms
489ms Stylesheet
text/css 2600:9000:20ae:aa00:1c:1f84:2200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.klouser.app/main.bundle.css

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:aa00:1c:1f84:2200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a55edc3866039b7b392a24aab318eb1b19cfeb6fd49ea6a575b47151910bc66f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:31 GMT
x-amz-version-id: UhtWE_uS_mg7o_yal2oJy9O3e4IQrdt4
content-encoding: br
x-content-type-options: nosniff
via: 1.1 b87d7a7588235c761c8602f922d332f4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000
x-amz-cf-pop: MUC50-P5
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 09 Aug 2024 15:05:29 GMT
server: AmazonS3
etag: W/"019e0a5f0b2450585f5b93af245ea51f"
vary: Accept-Encoding
content-type: text/css
cache-control: no-store
x-amz-cf-id: QF8ShIM8xz5oRZwcbCGVJ8hK4GEcOx15fXoOiWp2mW5iFSS7qyVcSQ==

POST
H2 200 web_device Show response
api.mercadopago.com/v1/device_sessions/ 43 KB
14 KB 183ms
181ms XHR
application/json 52.2.144.69
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.mercadopago.com/v1/device_sessions/web_device

Requested by

Host: www.mercadopago.com
URL: https://www.mercadopago.com/v2/security.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.2.144.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-2-144-69.compute-1.amazonaws.com

Software

Resource Hash

21b500679b83ddeedadab923569efa9b3a604b2cc5a309c7ee37e2cd5f980e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

date: Tue, 20 Aug 2024 07:15:32 GMT
strict-transport-security: max-age=16070400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
x-b3-traceid: 2093179a11cd1184
x-it-payload: eyJpdGgiOiIxIiwib3JzIjoicHJvZHVjdGlvbi5kZXZpY2Utc2Vzc2lvbnMtYXBpIiwicm9wIjoiMSJ9
x-xss-protection: 1; mode=block
x-source-ip: 80.255.7.122
x-request-id: 8fd13dae-b24b-445c-b345-10a992cfab8f
x-trace-digest-41: 8IzS5qrFqnMNC6GM4ivM1kC1IJAbq1XfcHsBA0mo/I4trQ7OcuLROWubvpPPycSuhjshJAICET7vmoJI/850Ui7+ii3dyLoOcCy5AtyywRWcAUZq5g606iev9tM78rsYjtHVfj5StGNGfzoxNS4JSKuhKa/BnpLJp6NdNDq9Ymw=
vary: Accept-Encoding, Accept,Accept-Encoding
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://billing.klouser.app
cache-control: max-age=0
x-b3-spanid: 2093179a11cd1184
access-control-allow-credentials: true
x-b3-sampled: 0
timing-allow-origin: *
access-control-allow-headers: Content-Type
access-control-max-age: 86400

OPTIONS
H2 200 web_device
api.mercadopago.com/v1/device_sessions/ Frame 0
0 925ms
130ms Preflight
application/json 52.2.144.69
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.mercadopago.com/v1/device_sessions/web_device

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.2.144.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-2-144-69.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://billing.klouser.app
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
access-control-allow-origin: https://billing.klouser.app
access-control-max-age: 86400
cache-control: max-age=0
content-length: 0
content-type: application/json; charset=utf-8
date: Tue, 20 Aug 2024 07:15:31 GMT
strict-transport-security: max-age=16070400; includeSubDomains; preload
timing-allow-origin: *
vary: Accept,Accept-Encoding
x-b3-sampled: 0
x-b3-spanid: 251f9ed7bd7de2cf
x-b3-traceid: 251f9ed7bd7de2cf
x-content-type-options: nosniff
x-it-payload: eyJpdGgiOiIxIiwib3JzIjoicHJvZHVjdGlvbi5kZXZpY2Utc2Vzc2lvbnMtYXBpIiwicm9wIjoiMSJ9
x-request-id: 8cae5ac6-e11a-44eb-b54c-ef5ecd7f71f8
x-source-ip: 80.255.7.122
x-trace-digest-41: vCSs3zKaJc12ufQyrmw7C02+okd/LgsjfTgq13FfF9rQ3GBOVq7jvvhHcB4yjirATF5fxnpySWsQdbmrgixKWe+sWpCBKQWTAhKgoBAhH1maF4m6xzeXbbkNSqkNbWgzEl+sABUmeiRW6JzLA1o0iZiSFs95h93be3xvW+XS+B0=
x-xss-protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 281 KB
97 KB 751ms
50ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WG97L3C&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dac1875a92f9de6eeaac3d697b3954604f0dd921870944e2dcc8c03ce59ce82d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99141
x-xss-protection: 0
last-modified: Tue, 20 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Aug 2024 07:15:33 GMT

GET
H2 200 e4bdf200-e66d-11ec-aae7-7e84f595cef4 Show response
sdk.split.io/api/mySegments/ 17 B
429 B 91ms
45ms Fetch
application/json 151.101.67.9
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.split.io/api/mySegments/e4bdf200-e66d-11ec-aae7-7e84f595cef4

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.67.9 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer: https://billing.klouser.app/
SplitSDKVersion: react-1.7.1
Authorization: Bearer fbrcvh8kc340t5h539plccmogr2dpoj168u9
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Tue, 20 Aug 2024 07:15:33 GMT
age: 262793
x-cache: HIT, HIT
content-length: 41
x-served-by: cache-iad-kiad7000055-IAD, cache-fra-etou8220116-FRA
x-timer: S1724138134.659326,VS0,VE1
etag: "1000002"
vary: Accept-Encoding, Origin, Authorization
trace: cache-iad-kiad7000055-IAD-df8fac85-b71b-4aec-9d63-13a05a333033; cache-fra-etou8220070-FRA-c6fce8c0-ece6-4727-a9b8-69b9a4e41106
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
x-cache-hits: 76, 0

GET
H2 200 splitChanges Show response
sdk.split.io/api/ 192 KB
14 KB 323ms
277ms Fetch
application/json 151.101.67.9
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.split.io/api/splitChanges?since=-1

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.67.9 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

32d0e44c1939e62f23ab38a698cd2a8430047f159377bf5d406831cd880aa9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer: https://billing.klouser.app/
SplitSDKVersion: react-1.7.1
Authorization: Bearer fbrcvh8kc340t5h539plccmogr2dpoj168u9
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Tue, 20 Aug 2024 07:15:33 GMT
age: 40806
x-cache: HIT, MISS
content-length: 13711
x-served-by: cache-iad-kiad7000102-IAD, cache-fra-etou8220116-FRA
last-modified: Mon, 19 Aug 2024 19:54:59 GMT
x-timer: S1724138134.659332,VS0,VE90
etag: "1724097299545"
vary: Accept-Encoding, Origin, Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kiad7000102-IAD-b031849c-65a1-4fb1-b120-5dd9d1a3921d; cache-fra-etou8220116-FRA-a5ca92ec-f0ae-46fe-b183-2ab3c888e8c1
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
x-cache-hits: 31, 0

GET
H2 200 etid Show response
www.mercadolibre.com/jms/lgz/background/ 0
905 B 831ms
135ms XHR
text/html 3.33.182.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mercadolibre.com/jms/lgz/background/etid

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.33.182.45 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a35f64fceb718ad27.awsglobalaccelerator.com

Software

Tengine /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-meli-trace-site: UNKNOWN
date: Tue, 20 Aug 2024 07:15:33 GMT
x-content-type-options: nosniff
x-d2id: 4191edbd-197a-4853-9f88-5c0605498b70
x-b3-traceid: a8634174d8b07987
x-trace-digest-08: bzjHG/ChlzeEcoCV7zOv7+YXpD+Ov0PGfEGqRHFo1kqqNxy0QUqMuF2XaiGYZj6xIdFKMkx3Ia9KWVaxCOWaN4ItmoQknAO3yeS/JeN3j6P3Om5vURa7XrdAHnCAlmsYlqSKwXssUWL1wTFf4ddHJF0YsBHtYuZa9tBJ6uBhEAifc1iRLktZiw4WNsxuH+xHLByqp4HRkrmqd9PgjPb91FCh1S/59LBGRRcNLgS5yfLJ6zi+NKQK8a5CVz2nmaQ5
x-envoy-upstream-service-time: 2
content-length: 0
x-meli-trace-platform: /web/desktop
x-request-id: 4191edbd-197a-4853-9f88-5c0605498b70
x-source-ip: 80.255.7.122
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Tengine
etag: 42b4955a-fecc-43c1-8afa-0d180d0211b6-1724138133571
content-type: text/html
access-control-allow-origin: *
access-control-expose-headers: Etag
cache-control: private, must-revalidate, proxy-revalidate
x-b3-spanid: a8634174d8b07987
x-b3-sampled: 0
x-meli-trace-bu: mercadolibre
x-request-device-id: 4191edbd-197a-4853-9f88-5c0605498b70

GET
H/1.1 200
OK auth Show response
auth.split.io/api/v2/ 696 B
1 KB 434ms
170ms Fetch
application/json 3.223.63.250
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.split.io/api/v2/auth?users=e4bdf200-e66d-11ec-aae7-7e84f595cef4

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.223.63.250 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-223-63-250.compute-1.amazonaws.com

Software

Resource Hash

df14fa3779b1ab90cc565dfab722645af9db3fe82888d9b9ac481c6e85f9910d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=15770000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: application/json
Referer: https://billing.klouser.app/
SplitSDKVersion: react-1.7.1
Authorization: Bearer fbrcvh8kc340t5h539plccmogr2dpoj168u9
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 20 Aug 2024 07:15:34 GMT
Strict-Transport-Security: max-age=15770000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://billing.klouser.app
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
Content-Length: 696

OPTIONS
H2 200 e4bdf200-e66d-11ec-aae7-7e84f595cef4
sdk.split.io/api/mySegments/ Frame 0
0 772ms
66ms Preflight 151.101.67.9
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.split.io/api/mySegments/e4bdf200-e66d-11ec-aae7-7e84f595cef4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.67.9 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Varnish /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://billing.klouser.app
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://billing.klouser.app
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
content-length: 37
date: Tue, 20 Aug 2024 07:15:33 GMT
retry-after: 0
server: Varnish
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-fra-etou8220116-FRA
x-timer: S1724138134.523214,VS0,VE0

OPTIONS
H2 200 splitChanges
sdk.split.io/api/ Frame 0
0 771ms
65ms Preflight 151.101.67.9
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.split.io/api/splitChanges?since=-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.67.9 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Varnish /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://billing.klouser.app
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://billing.klouser.app
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
content-length: 37
date: Tue, 20 Aug 2024 07:15:33 GMT
retry-after: 0
server: Varnish
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-fra-etou8220116-FRA
x-timer: S1724138134.523146,VS0,VE0

OPTIONS
H/1.1 200
OK auth
auth.split.io/api/v2/ Frame 0
0 907ms
131ms Preflight
application/json 3.223.63.250
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.split.io/api/v2/auth?users=e4bdf200-e66d-11ec-aae7-7e84f595cef4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.223.63.250 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-223-63-250.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=15770000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://billing.klouser.app
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: https://billing.klouser.app
Connection: keep-alive
Content-Length: 4
Content-Type: application/json; charset=utf-8
Date: Tue, 20 Aug 2024 07:15:33 GMT
Strict-Transport-Security: max-age=15770000; includeSubDomains
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: master-only

GET
BLOB 200
OK 4d5399a0-2625-44c7-b322-c5250fe216a0
https://billing.klouser.app/ 25 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://billing.klouser.app/4d5399a0-2625-44c7-b322-c5250fe216a0
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 435cebbc05ea064c6568f89bd4d89ba69e52e22a20ca79bcc9764e5c71e1647f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 25289
Content-Type

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 280 KB
97 KB 431ms
230ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BKX6DS5LX2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WG97L3C&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

70cace01d19d69bf342ae7148556d4ed13f9ea134ae0d8f19ec59b38fef1af3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 98783
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 20 Aug 2024 07:15:34 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 266 KB
92 KB 339ms
140ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-16575660558&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WG97L3C&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1b466c4e4f90a280fbe322e207fd79b4a6589358132f0aabf791ac86d543719e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93777
x-xss-protection: 0
last-modified: Tue, 20 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Aug 2024 07:15:34 GMT

GET
H2 200 hotjar-2783810.js Show response
static.hotjar.com/c/ 11 KB
5 KB 626ms
109ms Script
application/javascript 18.173.154.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2783810.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WG97L3C&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.70 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-70.muc50.r.cloudfront.net

Software

Resource Hash

79bd4642e5af28705c54453c60974898c0d2d7ce6e3849c8eceacf0b684229cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Tue, 20 Aug 2024 07:15:34 GMT
via: 1.1 67b5b59d34e71a36a3955bf957ea9ed2.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
etag: W/2828fa8569b3766ccc311c2bccc7744d
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: ZUkxD6sAH6dYprIBMMumfdYoEd4VRyO7TuHnKO3x2hhbvpUTGGl0cw==

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 266 KB
92 KB 311ms
139ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-16575660558&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WG97L3C&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4cfb799ab203370b2afed79f8d0af0a526ac138435b52eb8f1ef2fbce1a8961a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93862
x-xss-protection: 0
last-modified: Tue, 20 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Aug 2024 07:15:34 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 616ms
110ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 20 Aug 2024 07:15:34 GMT
document-policy: force-load-at-top
x-fb-server-load: 35
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58912
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=14, mss=1297, tbw=2796, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: k7dZW/swi/u1WfmBfrXe3YqVfj/VpO7k3srBMIPkblPISfaD+z5GZQQpaimBr/Hz+d0xirjZLwJaOtZSKv+xPg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 mhjm57z90v Show response
www.clarity.ms/tag/ 501 B
757 B 1006ms
497ms Script
application/x-javascript 2620:1ec:29:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/mhjm57z90v?ref=gtm2
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c9bb211d9cb5ac26b38b82b655735926be9e80f7e02439e19f9327f567a0f54f

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
date: Tue, 20 Aug 2024 07:15:34 GMT
x-azure-ref: 20240820T071534Z-17cf7fb65cfjkn5jzazdrvr81000000003n00000000027ry
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 501
expires: -1

POST
H2 202 replay Show response
session-replay.browser-intake-datadoghq.com/api/v2/ 53 B
296 B 2271ms
280ms XHR
application/json 2600:1f18:24e6:b901:75de:220c:b2a8:42b7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A4.15.0%2Cenv%3Aproduction%2Cservice%3Arebill-checkout%2Cversion%3A707ee473d7cddce81f1829dc27b2207cf8f6417c&dd-api-key=pubff0d2c93821a38d30f95873a83c3811f&dd-evp-origin-version=4.15.0&dd-evp-origin=browser&dd-request-id=75bc71f6-ee60-45fd-9ea0-73db86e6ff48

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1f18:24e6:b901:75de:220c:b2a8:42b7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

9425aea7469859cb30340f6ef6310991fbe6abcc7c174bcd2163519e0860c4cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqMObfgL0WK97UTIG

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 20 Aug 2024 07:15:35 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: 75bc71f6-ee60-45fd-9ea0-73db86e6ff48

GET
H2 200 modules.8da33a8f469c3b5ffcec.js Show response
script.hotjar.com/ 223 KB
56 KB 710ms
90ms Script
application/javascript 54.230.228.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2783810.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.230.228.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-230-228-64.muc50.r.cloudfront.net

Software

Resource Hash

76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 14:23:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 4a87b0ff8f386aa5361d3117d5ee6dd2.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P5
age: 1788749
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56385
last-modified: Tue, 30 Jul 2024 14:22:40 GMT
etag: "0728625a147ca79276a1790b9cf3175d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 1pvQyrx8gIjcH9T3GQ8bWdYq8TKhYiVZnMb7jm_BfD-7zDp0L1IJ7A==

GET
H2 200 1823332014499135 Show response
connect.facebook.net/signals/config/ 72 KB
15 KB 253ms
253ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1823332014499135?v=2.9.165&r=stable&domain=billing.klouser.app&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

887f7a385da0b64d7bc53f26e542f15ef59329d5d4ba4710a71d15211897dbfb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 20 Aug 2024 07:15:35 GMT
document-policy: force-load-at-top
x-fb-server-load: 43
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=44, rtx=4, c=50, mss=1297, tbw=64467, tp=-1, tpl=-1, uplat=119, ullat=0
pragma: public
x-fb-debug: mgrYRiswVTUvYHnVoCw2EJHAT76u4TrDNV1E57Gd/6RHM+78g/mZLDySZP2q4ryzPw/mLdrNuJKX7N9lvH3slw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 405ms
62ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-BKX6DS5LX2&gtm=45je48e0v9111488023z8834117075za200zb834117075&_p=1724138132785&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1484606035.1724138135&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1724138134&sct=1&seg=0&dl=https%3A%2F%2Fbilling.klouser.app%2F&dt=Rebill%20%7C%20Checkout&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4982
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Aug 2024 07:15:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://billing.klouser.app
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
257 B 405ms
62ms Ping
text/plain 2a00:1450:400c:c02::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-BKX6DS5LX2&cid=1484606035.1724138135&gtm=45je48e0v9111488023z8834117075za200zb834117075&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BKX6DS5LX2&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c02::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Aug 2024 07:15:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://billing.klouser.app
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 381ms
192ms Image
image/gif 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-BKX6DS5LX2&cid=1484606035.1724138135&gtm=45je48e0v9111488023z8834117075za200zb834117075&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=275552354

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Aug 2024 07:15:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.44/ 64 KB
27 KB 139ms
136ms Script
application/javascript 2620:1ec:29:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.44/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/mhjm57z90v?ref=gtm2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 9dbecbadaa08e0d16aab217984189ff2cef37b1d741038db5a4aceba05eb1470

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:35 GMT
content-encoding: br
last-modified: Sun, 18 Aug 2024 10:51:58 GMT
etag: W/"0x8DCBF73C8545D76"
vary: Accept-Encoding
x-azure-ref: 20240820T071535Z-17cf7fb65cfjkn5jzazdrvr81000000003n00000000027sz
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: ad0c618e-a01e-0070-7fad-f1972c000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

POST
H2 202 rum
rum.browser-intake-datadoghq.com/api/v2/ 0
0 1939ms
257ms Ping
application/json 2600:1f18:24e6:b900:1933:3aac:154f:f044
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.15.0%2Cenv%3Aproduction%2Cservice%3Arebill-checkout%2Cversion%3A707ee473d7cddce81f1829dc27b2207cf8f6417c&dd-api-key=pubff0d2c93821a38d30f95873a83c3811f&dd-evp-origin-version=4.15.0&dd-evp-origin=browser&dd-request-id=513deda5-a6cb-44ed-8645-13a2a4541796&batch_time=1724138135560
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f18:24e6:b900:1933:3aac:154f:f044 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 710ms
79ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1823332014499135&ev=PageView&dl=https%3A%2F%2Fbilling.klouser.app%2F&rl=&if=false&ts=1724138135857&sw=1600&sh=1200&v=2.9.165&r=stable&ec=0&o=4126&fbp=fb.1.1724138135840.632699780841788355&cs_est=true&ler=empty&cdl=API_unavailable&it=1724138134836&coo=false&rqm=GET

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=2824, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 20 Aug 2024 07:15:36 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
4 KB 908ms
277ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1823332014499135&ev=PageView&dl=https%3A%2F%2Fbilling.klouser.app%2F&rl=&if=false&ts=1724138135857&sw=1600&sh=1200&v=2.9.165&r=stable&ec=0&o=4126&fbp=fb.1.1724138135840.632699780841788355&cs_est=true&ler=empty&cdl=API_unavailable&it=1724138134836&coo=false&rqm=FGET

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x154ff47a567a56fb","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:4719072488149995","24:3658848217540355","24:3680647885351463","24:5777728198907823","24:3735167289864799","24:3748442448585396","24:3862225303820226","24:4009089315809052","24:3837557579695803","7830:4719072488149995","7830:3658848217540355","7830:3680647885351463","7830:5777728198907823","7830:3735167289864799","7830:3748442448585396","7830:3862225303820226","7830:4009089315809052","7830:3837557579695803","10853:4719072488149995","10853:3658848217540355","10853:3680647885351463","10853:5777728198907823","10853:3735167289864799","10853:3748442448585396","10853:3862225303820226","10853:4009089315809052","10853:3837557579695803","41:4719072488149995","41:3658848217540355","41:3680647885351463","41:5777728198907823","41:3735167289864799","41:3748442448585396","41:3862225303820226","41:4009089315809052","41:3837557579695803","8046:4719072488149995","8046:3658848217540355","8046:3680647885351463","8046:5777728198907823","8046:3735167289864799","8046:3748442448585396","8046:3862225303820226","8046:4009089315809052","8046:3837557579695803"]},"debug_reporting":true,"debug_key":"1"}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Tue, 20 Aug 2024 07:15:36 GMT
x-fb-server-load: 39
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7405116908293761057", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=42, rtx=0, c=17, mss=1297, tbw=3142, tp=-1, tpl=-1, uplat=213, ullat=0
pragma: no-cache
x-fb-debug: OOTGdYS5n+x3W2Ks/g4LE8UALOPl3uqKb+TZ6DmoedW+VKbjWeVk5LgYAw6yTLiSHxsTgJOynYh6RXNhVv/ytw==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7405116908293761057"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 anonymous_device_session Show response
api.mercadopago.com/v1/device_sessions/ 337 B
1 KB 284ms
267ms XHR
application/json 52.2.144.69
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.mercadopago.com/v1/device_sessions/anonymous_device_session

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.2.144.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-2-144-69.compute-1.amazonaws.com

Software

Resource Hash

29243fc64a62bc46b1767b1658f77cbd4e1420d26e66bca049b508ed565242f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

date: Tue, 20 Aug 2024 07:15:36 GMT
strict-transport-security: max-age=16070400; includeSubDomains; preload
x-content-type-options: nosniff
x-b3-traceid: 357b492d7ff8d2e4
x-trace-digest-93: BD1T83Bcy4EdKI/PdV9AJq4QnNrGSf9pQGL3ptlUngkpbWzE8emrTCX6MQqXIw905eCRtnZeJJafH7vAoj/joUSxYXYkgWMAddUAZh9gmRy1DuWPcwBK4vAQbM0+nBTdjwhBE3PFytovk+Gk4pWVYq5PoTlGAdBrdB7kMkREEhE=
x-it-payload: eyJpdGgiOiIxIiwib3JzIjoicHJvZHVjdGlvbi5kZXZpY2Utc2Vzc2lvbnMtYXBpIiwicm9wIjoiMSJ9
content-length: 337
x-xss-protection: 1; mode=block
x-source-ip: 80.255.7.122
x-request-id: c3f071d0-e89c-4175-a46b-dc04f0df6688
vary: Accept,Accept-Encoding
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://billing.klouser.app
cache-control: max-age=0
x-b3-spanid: 357b492d7ff8d2e4
access-control-allow-credentials: true
x-b3-sampled: 0
timing-allow-origin: *
access-control-allow-headers: Content-Type
access-control-max-age: 86400

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
283 B 688ms
197ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://billing.klouser.app
Date: Tue, 20 Aug 2024 07:15:36 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

OPTIONS
H2 200 anonymous_device_session
api.mercadopago.com/v1/device_sessions/ Frame 0
0 140ms
132ms Preflight
application/json 52.2.144.69
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.mercadopago.com/v1/device_sessions/anonymous_device_session

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.2.144.69 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-2-144-69.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://billing.klouser.app
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
access-control-allow-origin: https://billing.klouser.app
access-control-max-age: 86400
cache-control: max-age=0
content-length: 0
content-type: application/json; charset=utf-8
date: Tue, 20 Aug 2024 07:15:35 GMT
strict-transport-security: max-age=16070400; includeSubDomains; preload
timing-allow-origin: *
vary: Accept,Accept-Encoding
x-b3-sampled: 0
x-b3-spanid: cb72ddf6fde23f4d
x-b3-traceid: cb72ddf6fde23f4d
x-content-type-options: nosniff
x-it-payload: eyJpdGgiOiIxIiwib3JzIjoicHJvZHVjdGlvbi5kZXZpY2Utc2Vzc2lvbnMtYXBpIiwicm9wIjoiMSJ9
x-request-id: 8897a851-36ca-48f4-be56-915f6b9a5c60
x-source-ip: 80.255.7.122
x-trace-digest-42: yq3VyXmwtDtTd0EG+Itpk8cGWDEvyIDnpnF52CR6OfH467xzOzGzpW2C+HoTtmGjFgPeSqtaTwLI0OAMEsri9iXmo5pJo3zjpNWVhq/2m48Ih5mnrWIf4EZedTtUvoneco2cgqg35Q1CwSDb+D33na/wOUKs2ga2vSZLeXg7At0=
x-xss-protection: 1; mode=block

GET
H2 200 armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc56...
www.mercadolibre.com/jms/lgz/background/session/ 78 B
1 KB 426ms
176ms Image
image/svg+xml 3.33.182.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mercadolibre.com/jms/lgz/background/session/armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc562.f11821e982577fa34c4f4b8c975b9c4a?background=armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc562.f11821e982577fa34c4f4b8c975b9c4a&message=eyJqc190eXBlIjoianNfY29va2llIiwidmFsdWUiOiJ4In0%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.33.182.45 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a35f64fceb718ad27.awsglobalaccelerator.com

Software

Tengine /

Resource Hash

1a5bb92d3a4f3d6c5260b0cebc7fd5fc9da5afc7dbba4716771abbb64922fcce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-meli-trace-site: UNKNOWN
date: Tue, 20 Aug 2024 07:15:37 GMT
x-content-type-options: nosniff
x-d2id: 0a9be357-239b-46d6-9da7-89fa0a8f5526
x-b3-traceid: 19922d14b5f409c5
x-transaction-name: save_js_profiling
x-trace-digest-36: OdfntXJQN4EzN1nUJEK7ljQ8H0YIDttsCfR2RtE7YEGyZEehTaMZXFbfDeY0oalcFJ4+o74NIkRja0in4+slAqwew5db9UGPkGmtCJze365y0GSiBYwApT3Qtt/RTUM8SS8e0lPEFYkbCtxS1ZFsIceTRTxa1DanvlYk1g//CqoJZngwNn3qmSICBpdYTV2SbVXWvOWQBwBRHJb5vZqTr8Dt9TMMMaAVY0uCgSHCVFJn2dzfbBATPRovMWtkBsRR
x-envoy-upstream-service-time: 10
content-length: 78
x-meli-trace-platform: /web/desktop
x-source-ip: 80.255.7.122
x-request-id: 0a9be357-239b-46d6-9da7-89fa0a8f5526
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Tengine
content-type: image/svg+xml
cache-control: max-age=0, private, no-store, no-cache, must-revalidate
x-b3-spanid: 19922d14b5f409c5
x-b3-sampled: 0
x-meli-trace-bu: mercadolibre
x-request-device-id: 0a9be357-239b-46d6-9da7-89fa0a8f5526

GET
H2 200 armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc56...
www.mercadolivre.com/jms/mlb/lgz/background/session/ 78 B
2 KB 602ms
354ms Image
image/svg+xml 18.173.187.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mercadolivre.com/jms/mlb/lgz/background/session/armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc562.f11821e982577fa34c4f4b8c975b9c4a?background=armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc562.f11821e982577fa34c4f4b8c975b9c4a&message=eyJhZF9ibG9jayI6ZmFsc2UsImNhbnZhcyI6IjlhMmM5ZTg3Y2M4Y2E4ZTE1NGQzOTBmYzQ3ZjllODk5IiwiY29ubmVjdGlvbiI6eyJkb3dubGluayI6IjEwIiwicnR0IjoiMTUwIiwidHlwZSI6IjRnIn0sImNvb2tpZV9lbmFibGVkIjp0cnVlLCJkZXZpY2VfbWVtb3J5Ijo4LCJkb19ub3RfdHJhY2siOm51bGwsImV0YWciOiI0MmI0OTU1YS1mZWNjLTQzYzEtOGFmYS0wZDE4MGQwMjExYjYtMTcyNDEzODEzMzU3MSIsImZvbnRzIjp7Im9zIjoyOTE0LCJvdGhlcl9vcyI6IltdIiwibm90X29zIjoxMDg4NzI3ODE3fSwiaGFyZHdhcmVfY29uY3VycmVuY3kiOjEwLCJoaXN0b3J5IjoyLCJpbmNvZ25pdG8iOmZhbHNlLCJpc19tc2hvcHMiOmZhbHNlLCJqc190eXBlIjoianNfaGFzaCIsImxhbmciOiJkZS1ERSIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sImxpdGVyYWxfY29sb3JzIjotOTQ4ODA4NTcxLCJsb2NhbF9zdG9yYWdlIjp0cnVlLCJtYXRoX251bWJlciI6MTEwMjMuMzg3NDA2MTUwOTQsIm9wZW5fZGF0YWJhc2UiOmZhbHNlLCJwaXhlbF9yYXRpbyI6MSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ3ZWJnbCI6eyJpbWFnZSI6ImZkMzgwMDU1YjUwZjRiZmY0NjRhNWZkMmYxMjZkNzdmIiwicmVwb3J0IjoiNmZkYzZmNTRmMTBjODcxZDhiNzI4MTUxYjhmZjk5NTIiLCJ2ZW5kb3IiOiJJbnRlbCBJbmMuIiwicmVuZGVyZXIiOiJJbnRlbCBJcmlzIE9wZW5HTCBFbmdpbmUifSwicGx1Z2lucyI6e30sInJlc29sdXRpb24iOiIxMjAweDE2MDB4MjQiLCJzY3JlZW4iOnsib3JpZW50YXRpb24iOjAsInR5cGUiOiJsYW5kc2NhcGUtcHJpbWFyeSIsImF2YWlsX2hlaWdodCI6MTIwMCwiYXZhaWxfbGVmdCI6MCwiYXZhaWxfdG9wIjowLCJhdmFpbF93aWR0aCI6MTYwMH0sInNlc3Npb25fc3RvcmFnZSI6dHJ1ZSwidGltZSI6eyJjYW52YXMiOjM3LCJ3ZWJnbCI6NjgsInVzZXJmb250cyI6MjEsImJyb3dzZXJwbHVnaW5zIjowLCJwbHVnaW5zIjowLCJpbnN0YWxsZWRmb250cyI6MjgsImhhc2giOjE1NSwidG90YWwiOjE1NX0sInRpbWVfYmFzZWRfZnAiOjAuMTAwMDAwMDIzODQxODU3OTEsInRpbWVfem9uZV9uYW1lIjoiRXVyb3BlL0JlcmxpbiIsInRpbWVfem9uZV9vZmZzZXQiOi0xMjAsInRvdWNoX3BvaW50cyI6MCwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidmVuZG9yIjoiR29vZ2xlIEluYy4iLCJ3aW5kb3dfc2l6ZSI6eyJpbm5lciI6IjEyMDB4MTYwMCIsIm91dGVyIjoiMTI4NXgxNjAwIn0sIndlYmRyaXZlciI6ZmFsc2UsImluc3RhbGxlZF9mb250cyI6W10sImluc3RhbGxlZF9wbHVnaW5zIjpbIlBERiBWaWV3ZXI6OlBvcnRhYmxlIERvY3VtZW50IEZvcm1hdDo6YXBwbGljYXRpb24vcGRmfnBkZix0ZXh0L3BkZn5wZGYiLCJDaHJvbWUgUERGIFZpZXdlcjo6UG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0OjphcHBsaWNhdGlvbi9wZGZ%2BcGRmLHRleHQvcGRmfnBkZiIsIkNocm9taXVtIFBERiBWaWV3ZXI6OlBvcnRhYmxlIERvY3VtZW50IEZvcm1hdDo6YXBwbGljYXRpb24vcGRmfnBkZix0ZXh0L3BkZn5wZGYiLCJNaWNyb3NvZnQgRWRnZSBQREYgVmlld2VyOjpQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQ6OmFwcGxpY2F0aW9uL3BkZn5wZGYsdGV4dC9wZGZ%2BcGRmIiwiV2ViS2l0IGJ1aWx0LWluIFBERjo6UG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0OjphcHBsaWNhdGlvbi9wZGZ%2BcGRmLHRleHQvcGRmfnBkZiJdLCJsaWdodF92ZXJzaW9uIjpmYWxzZSwicmVmZXJlciI6bnVsbCwid2ViY2FtIjp0cnVlLCJzZW5kX3RpbWUiOjAsImhhc19zZXNzaW9uX2lkIjp0cnVlfQ%3D%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-102.muc50.r.cloudfront.net

Software

Tengine /

Resource Hash

1a5bb92d3a4f3d6c5260b0cebc7fd5fc9da5afc7dbba4716771abbb64922fcce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-meli-trace-site: UNKNOWN
date: Tue, 20 Aug 2024 07:15:37 GMT
via: 1.1 541abc390c35db77f7d121c96f0661ec.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-d2id: 8f98202d-2300-406a-82cc-08929fce42a8
x-b3-traceid: c5d41e80e955d0cd
x-amz-cf-pop: MUC50-P4
x-cache: Miss from cloudfront
x-trace-digest-59: sGEZOntO4ieFSH0+X8gUXamTSTXeQlSv7xilUpiHoFz49I3shlY4qgf1rJL8DekLExJYhR/1XwbGZpZLxAIEdRv3DAoakOKv2GMsUz9krOZN7/TBPNr9tdtGFp6OTIKoEygfVj22Y2CpI5QhDq7dF8FY8twHe2gKk/nasQPiqWB+VDZ836wWIlgBOtB/QrpZ5THsvxB87ZRJq9W6upD97cAIgRWG531qz29rjdkDjrp7AYfJlaVdoj+Q04oSvmVY
x-transaction-name: save_js_profiling
x-envoy-upstream-service-time: 13
content-length: 78
x-meli-trace-platform: /web/desktop
x-source-ip: 80.255.7.122
x-request-id: 8f98202d-2300-406a-82cc-08929fce42a8
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Tengine
content-type: image/svg+xml
cache-control: max-age=0, private, no-store, no-cache, must-revalidate
x-b3-spanid: c5d41e80e955d0cd
x-b3-sampled: 0
x-meli-trace-bu: mercadolibre
x-amz-cf-id: Jn1TzyuS6WADBf-3LLtAtHBfz1IAYxcmEHqepPtOTAZNYfhtGelMSA==
x-request-device-id: 8f98202d-2300-406a-82cc-08929fce42a8

GET
H2 200 background
www.mercadolibre.com/jms/lgz/ Frame 0A34 0
0 500ms
173ms Document
text/html 15.197.170.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mercadolibre.com/jms/lgz/background?dps=armor.9f1df350eab6ebb2a526e10ac8859ecb1eaf2f6a615d7da4664748d56f82dcf8de3177d761a9766c8e551a8d1a5e6052d0b6926ad6c08cb551d7c12675f5048d74d60431f6e32ea0e4d7e06d7c2b079180f53d9d13a6e3ac5d83a0cc2d6bc562.f11821e982577fa34c4f4b8c975b9c4a

Requested by

Host: billing.klouser.app
URL: https://billing.klouser.app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

15.197.170.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a35f64fceb718ad27.awsglobalaccelerator.com

Software

Tengine /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
content-length: 8601
content-type: text/html
date: Tue, 20 Aug 2024 07:15:37 GMT
referrer-policy: no-referrer-when-downgrade
server: Tengine
x-b3-sampled: 0
x-b3-spanid: 2e4d6392e46ba0a9
x-b3-traceid: 2e4d6392e46ba0a9
x-content-type-options: nosniff
x-d2id: 6720c001-aad7-4383-9875-a52469411183
x-envoy-upstream-service-time: 19
x-meli-trace-bu: mercadolibre
x-meli-trace-platform: /web/desktop
x-meli-trace-site: UNKNOWN
x-request-device-id: 6720c001-aad7-4383-9875-a52469411183
x-request-id: 6720c001-aad7-4383-9875-a52469411183
x-source-ip: 80.255.7.122
x-trace-digest-43: M5P4RqSqW2BpqqNxwGPZjHoTtmyHl0Bcg1ZGjk50oAwrC6KcKwKLlXEW/gTrAnmUae3kIhaQ4n0I1Z2ey+wTqw94sJ7sjDHviqVTmfpOD+y0rplHs4Ey0Z0E360iKkHt3JDK2u7lLqRFFxOR90fNocVS2EMl4bTERgK7HlcxJTJB3aFPYT9wdycM0jZE4mOE7qHVjS9X44gzRMNuzNkuuUOmhE5X2/k7uHrilrMzXh2wlWyER0GB61gtKLKp219I
x-transaction-name: cross_domain_profiler
x-xss-protection: 1; mode=block

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
283 B 154ms
151ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://billing.klouser.app
Date: Tue, 20 Aug 2024 07:15:37 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 bc93cebad424e5350b33.ico
billing.klouser.app/ 630 B
1 KB 491ms
449ms Other
image/vnd.microsoft.icon 2600:9000:20ae:aa00:1c:1f84:2200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://billing.klouser.app/bc93cebad424e5350b33.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ae:aa00:1c:1f84:2200:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

254d5a19479ba087335ec83d7f8d178c85855bc1243ebe300150d7c4b36a23f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 07:15:39 GMT
x-amz-version-id: aGoh26UY0raCUDt1V_k84dyDhVBQptAT
via: 1.1 b87d7a7588235c761c8602f922d332f4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: MUC50-P5
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 630
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 09 Aug 2024 15:05:28 GMT
server: AmazonS3
etag: "a97f6edb0cc1fd8eae8636e53f18ec16"
content-type: image/vnd.microsoft.icon
cache-control: no-store
accept-ranges: bytes
x-amz-cf-id: FM0Kz06VF9KW1pSqyvCcNFTSC_Q2cf4qCsKMrQtic1NwDGg-4v2iCw==

POST
H/1.1 204
No Content collect Show response
f.clarity.ms/ 0
283 B 134ms
133ms XHR
text/plain 51.8.44.252
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://f.clarity.ms/collect
Requested by: Host: billing.klouser.app
URL: https://billing.klouser.app/main.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.8.44.252 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://billing.klouser.app/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://billing.klouser.app
Date: Tue, 20 Aug 2024 07:15:39 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mercadopago.com/	1970-01-21 07:41:14	Name: _d2id Value: 0c8f95f6-3f44-4adc-a1ac-a8be4d3eec1d-n
.klouser.app/	1970-01-21 01:05:14	Name: _gcl_au Value: 1.1.1628799510.1724138134
.klouser.app/	1970-01-21 08:31:38	Name: _ga_BKX6DS5LX2 Value: GS1.1.1724138134.1.0.1724138134.60.0.0
.klouser.app/	1970-01-21 08:31:38	Name: _ga Value: GA1.1.1484606035.1724138135
.klouser.app/	1970-01-21 01:05:14	Name: _fbp Value: fb.1.1724138135840.632699780841788355
.klouser.app/	1970-01-21 07:41:14	Name: _hjSessionUser_2783810 Value: eyJpZCI6IjBlMTg1NDFiLTA5YWQtNWE3YS05OTczLWU0ODQwMzU4NzM1NiIsImNyZWF0ZWQiOjE3MjQxMzgxMzYyNzIsImV4aXN0aW5nIjp0cnVlfQ==
.klouser.app/	1970-01-20 22:55:39	Name: _hjSession_2783810 Value: eyJpZCI6ImMwYTg2OGM4LTRiOTYtNDc2MC1iYjI2LTY5NDQzZTM1ZjkzYSIsImMiOjE3MjQxMzgxMzYyOTksInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.mercadolibre.com/	1970-01-21 08:31:38	Name: dsid Value: 4cf226c7-4576-4813-a3be-f07a98cce504-1724138137356
.mercadolibre.com/	1970-01-21 08:31:38	Name: edsid Value: 6ae85dc9-492d-4ee1-8014-6a9a69c0b22a-1724138137356
.mercadolibre.com/	1970-01-21 07:41:14	Name: _d2id Value: 6720c001-aad7-4383-9875-a52469411183-n
.mercadolivre.com/	1970-01-21 07:41:14	Name: _d2id Value: 8f98202d-2300-406a-82cc-08929fce42a8-n
www.mercadolivre.com/	1970-01-21 08:31:38	Name: p_dsid Value: 140efbcf-0b67-4e33-bf1e-f80eeeef17a8-1724138137542
www.mercadolivre.com/	1970-01-21 08:31:38	Name: p_edsid Value: a2a92522-ec81-4810-add1-deccc1328d35-1724138137542
billing.klouser.app/	1970-01-20 22:55:39	Name: _dd_s Value: rum=1&id=802d980e-cc39-41e8-bd77-d4a53ecf62b0&created=1724138132382&expire=1724139032382

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.mercadopago.com
auth.split.io
billing.klouser.app
connect.facebook.net
f.clarity.ms
fonts.googleapis.com
region1.analytics.google.com
rsms.me
rum.browser-intake-datadoghq.com
script.hotjar.com
sdk.split.io
session-replay.browser-intake-datadoghq.com
static.hotjar.com
stats.g.doubleclick.net
www.clarity.ms
www.facebook.com
www.google.de
www.googletagmanager.com
www.mercadolibre.com
www.mercadolivre.com
www.mercadopago.com
104.21.234.234
142.250.185.99
15.197.170.90
151.101.67.9
18.173.154.70
18.173.187.102
2001:4860:4802:32::36
2600:1f18:24e6:b900:1933:3aac:154f:f044
2600:1f18:24e6:b901:75de:220c:b2a8:42b7
2600:9000:20ae:aa00:1c:1f84:2200:93a1
2620:1ec:29:1::44
2a00:1450:4001:812::200a
2a00:1450:4001:82a::2008
2a00:1450:400c:c02::9b
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
3.223.63.250
3.33.182.45
51.8.44.252
52.2.144.69
54.230.228.26
54.230.228.64
1a5bb92d3a4f3d6c5260b0cebc7fd5fc9da5afc7dbba4716771abbb64922fcce
1b466c4e4f90a280fbe322e207fd79b4a6589358132f0aabf791ac86d543719e
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
21b500679b83ddeedadab923569efa9b3a604b2cc5a309c7ee37e2cd5f980e73
254d5a19479ba087335ec83d7f8d178c85855bc1243ebe300150d7c4b36a23f9
29243fc64a62bc46b1767b1658f77cbd4e1420d26e66bca049b508ed565242f1
32d0e44c1939e62f23ab38a698cd2a8430047f159377bf5d406831cd880aa9ff
3845d7a96aff3c44841ce546930e30c6083a6a89ae841e27099d7d9f9f72cba0
435cebbc05ea064c6568f89bd4d89ba69e52e22a20ca79bcc9764e5c71e1647f
4cfb799ab203370b2afed79f8d0af0a526ac138435b52eb8f1ef2fbce1a8961a
69e3071e263f93544e22af1c6a0765e52c1136b3dee33b2eb5525a78357c79d0
70cace01d19d69bf342ae7148556d4ed13f9ea134ae0d8f19ec59b38fef1af3b
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
79bd4642e5af28705c54453c60974898c0d2d7ce6e3849c8eceacf0b684229cf
80e556ea92c4329fd3dc5ed0353ddb3a02e5778eab668c0302c896c0828aa94b
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
887f7a385da0b64d7bc53f26e542f15ef59329d5d4ba4710a71d15211897dbfb
8fedfb7def1421aa9d58d1732be7164e33eec27b9c87193e010b9ddaa67b6a18
9425aea7469859cb30340f6ef6310991fbe6abcc7c174bcd2163519e0860c4cf
9733e225399dca8d602dd5456a0355ffbde116feef6fa7065e92c65cb9089600
9dbecbadaa08e0d16aab217984189ff2cef37b1d741038db5a4aceba05eb1470
a55edc3866039b7b392a24aab318eb1b19cfeb6fd49ea6a575b47151910bc66f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
c9bb211d9cb5ac26b38b82b655735926be9e80f7e02439e19f9327f567a0f54f
dac1875a92f9de6eeaac3d697b3954604f0dd921870944e2dcc8c03ce59ce82d
df14fa3779b1ab90cc565dfab722645af9db3fe82888d9b9ac481c6e85f9910d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

billing.klouser.app Open in urlscan Pro 2600:9000:20ae:aa00:1c:1f84:2200:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

42 Requests

98 %HTTPS

45 %IPv6

16 Domains

21 Subdomains

23 IPs

4 Countries

1131 kBTransfer

4399 kBSize

14 Cookies

2 Outgoing links

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

billing.klouser.app Open in urlscan Pro
2600:9000:20ae:aa00:1c:1f84:2200:93a1 Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

98 %
HTTPS

45 %
IPv6

16
Domains

21
Subdomains

23
IPs

4
Countries

1131 kB
Transfer

4399 kB
Size

14
Cookies

42 HTTP transactions
0 data transactions